aboutsummaryrefslogtreecommitdiff
path: root/app.js
diff options
context:
space:
mode:
Diffstat (limited to 'app.js')
-rw-r--r--app.js34
1 files changed, 22 insertions, 12 deletions
diff --git a/app.js b/app.js
index 1a6f8ab..ed21334 100644
--- a/app.js
+++ b/app.js
@@ -4,6 +4,7 @@ const git = require("./api/git");
const yaml = require('js-yaml');
const fs = require('fs');
const { exit } = require("process");
+const sanitization = require("./api/sanitization");
let settings;
@@ -42,18 +43,28 @@ app.use("/api/v1", (req, res, next) =>
app.use("/:repo", async (req, res, next) =>
{
- let repo_dirs = await git.getRepos(settings["base_dir"]);
-
- if(repo_dirs["error"]) {
- res.status(500).send("Internal server error!");
+ if(!sanitization.sanitizeRepoName(req.params.repo)) {
+ res.status(400).json({ "error": "Unacceptable git repository name!" });
return;
}
- if(!repo_dirs["data"].includes(req.params.repo)) {
- res.status(404).send("404: Page not found");
- return;
- }
- next();
+ fs.readdir(settings["base_dir"], (err, dir_content) =>
+ {
+ if(err) {
+ res.status(404).send("404: Page not found");
+ return;
+ }
+
+ dir_content = dir_content.filter(repo => repo.endsWith(".git"));
+
+ if(!dir_content.includes(req.params.repo + ".git")) {
+ res.status(404).send("404: Page not found");
+ return;
+ }
+ else {
+ next();
+ }
+ });
})
app.get("/:repo", (req, res) =>
@@ -72,10 +83,9 @@ app.get("/:repo/:page", (req, res, next) =>
res.sendFile("dist/app.html", { root: __dirname });
});
-app.get("/:repo/log/:hash", (req, res, next) =>
+app.get("/:repo/log/:commit", (req, res, next) =>
{
- const valid_hash = /^[0-9a-f]+$/;
- if(!valid_hash.test(req.params.hash)) {
+ if(!sanitization.sanitizeCommitID(req.params.commit)) {
next();
return;
}