forked from oakserver/oak
-
Notifications
You must be signed in to change notification settings - Fork 0
/
util.ts
86 lines (74 loc) · 2.85 KB
/
util.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
// Copyright 2018-2020 the oak authors. All rights reserved. MIT license.
import { isAbsolute, join, normalize, resolve, sep } from "./deps.ts";
import { createHttpError } from "./httpError.ts";
/** Safely decode a URI component, where if it fails, instead of throwing,
* just returns the original string
*/
export function decodeComponent(text: string) {
try {
return decodeURIComponent(text);
} catch {
return text;
}
}
/** Determines if a string "looks" like HTML */
export function isHtml(value: string): boolean {
return /^\s*<(?:!DOCTYPE|html|body)/i.test(value);
}
/*!
* Adapted directly from https://github.com/pillarjs/resolve-path
* which is licensed as follows:
*
* The MIT License (MIT)
*
* Copyright (c) 2014 Jonathan Ong <[email protected]>
* Copyright (c) 2015-2018 Douglas Christopher Wilson <[email protected]>
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* 'Software'), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
const UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
export function resolvePath(relativePath: string): string;
export function resolvePath(rootPath: string, relativePath: string): string;
export function resolvePath(rootPath: string, relativePath?: string): string {
let path = relativePath;
let root = rootPath;
// root is optional, similar to root.resolve
if (arguments.length === 1) {
path = rootPath;
root = Deno.cwd();
}
if (path == null) {
throw new TypeError("Argument relativePath is required.");
}
// containing NULL bytes is malicious
if (path.includes("\0")) {
throw createHttpError(400, "Malicious Path");
}
// path should never be absolute
if (isAbsolute(path)) {
throw createHttpError(400, "Malicious Path");
}
// path outside root
if (UP_PATH_REGEXP.test(normalize("." + sep + path))) {
throw createHttpError(403);
}
// join the relative path
return normalize(join(resolve(root), path));
}