diff options
Diffstat (limited to 'app.js')
-rw-r--r-- | app.js | 34 |
1 files changed, 22 insertions, 12 deletions
@@ -4,6 +4,7 @@ const git = require("./api/git"); const yaml = require('js-yaml'); const fs = require('fs'); const { exit } = require("process"); +const sanitization = require("./api/sanitization"); let settings; @@ -42,18 +43,28 @@ app.use("/api/v1", (req, res, next) => app.use("/:repo", async (req, res, next) => { - let repo_dirs = await git.getRepos(settings["base_dir"]); - - if(repo_dirs["error"]) { - res.status(500).send("Internal server error!"); + if(!sanitization.sanitizeRepoName(req.params.repo)) { + res.status(400).json({ "error": "Unacceptable git repository name!" }); return; } - if(!repo_dirs["data"].includes(req.params.repo)) { - res.status(404).send("404: Page not found"); - return; - } - next(); + fs.readdir(settings["base_dir"], (err, dir_content) => + { + if(err) { + res.status(404).send("404: Page not found"); + return; + } + + dir_content = dir_content.filter(repo => repo.endsWith(".git")); + + if(!dir_content.includes(req.params.repo + ".git")) { + res.status(404).send("404: Page not found"); + return; + } + else { + next(); + } + }); }) app.get("/:repo", (req, res) => @@ -72,10 +83,9 @@ app.get("/:repo/:page", (req, res, next) => res.sendFile("dist/app.html", { root: __dirname }); }); -app.get("/:repo/log/:hash", (req, res, next) => +app.get("/:repo/log/:commit", (req, res, next) => { - const valid_hash = /^[0-9a-f]+$/; - if(!valid_hash.test(req.params.hash)) { + if(!sanitization.sanitizeCommitID(req.params.commit)) { next(); return; } |