From 1860f6c0e564a34fb2f579c7f08d3955f42de1b1 Mon Sep 17 00:00:00 2001 From: Andy Hu Date: Sun, 8 Feb 2015 18:07:56 +0800 Subject: [PATCH 1/2] when .hidden option is set, also check hidden directories --- index.js | 10 ++++--- test/fixtures/.hidden | 1 + test/fixtures/.private/id_rsa.txt | 1 + test/index.js | 43 +++++++++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 test/fixtures/.hidden create mode 100644 test/fixtures/.private/id_rsa.txt diff --git a/index.js b/index.js index 46032b6..1ab4263 100644 --- a/index.js +++ b/index.js @@ -58,7 +58,7 @@ function send(ctx, path, opts) { path = resolvePath(root, path); // hidden file support, ignore - if (!hidden && leadingDot(path)) return; + if (!hidden && isHidden(root, path)) return; // serve gzipped file when possible if (encoding === 'gzip' && gzip && (yield fs.exists(path + '.gz'))) { @@ -93,8 +93,12 @@ function send(ctx, path, opts) { * Check if it's hidden. */ -function leadingDot(path) { - return '.' == basename(path)[0]; +function isHidden(root, path) { + path = path.substr(root.length).split('/'); + for(var i = 0; i < path.length; i++) { + if(path[i][0] === '.') return true; + } + return false; } /** diff --git a/test/fixtures/.hidden b/test/fixtures/.hidden new file mode 100644 index 0000000..7addfc4 --- /dev/null +++ b/test/fixtures/.hidden @@ -0,0 +1 @@ +You should never get here \ No newline at end of file diff --git a/test/fixtures/.private/id_rsa.txt b/test/fixtures/.private/id_rsa.txt new file mode 100644 index 0000000..7addfc4 --- /dev/null +++ b/test/fixtures/.private/id_rsa.txt @@ -0,0 +1 @@ +You should never get here \ No newline at end of file diff --git a/test/index.js b/test/index.js index 125e4b9..cd1cc8a 100644 --- a/test/index.js +++ b/test/index.js @@ -311,6 +311,49 @@ describe('send(ctx, file)', function(){ }) }) }) + describe('.hidden option', function() { + describe('when trying to get a hidden file', function(){ + it('should 404', function(done){ + var app = koa(); + + app.use(function *(){ + yield send(this, __dirname + '/fixtures/.hidden'); + }); + + request(app.listen()) + .get('/') + .expect(404, done); + }) + }) + + describe('when trying to get a file from a hidden directory', function(){ + it('should 404', function(done){ + var app = koa(); + + app.use(function *(){ + yield send(this, __dirname + '/fixtures/.private/id_rsa.txt'); + }); + + request(app.listen()) + .get('/') + .expect(404, done); + }) + }) + + describe('when trying to get a hidden file and .hidden check is turned off', function(){ + it('should 200', function(done){ + var app = koa(); + + app.use(function *(){ + yield send(this, __dirname + '/fixtures/.hidden', {hidden: true}); + }); + + request(app.listen()) + .get('/') + .expect(200, done); + }) + }) + }); it('should set the Content-Type', function(done){ var app = koa(); From 04273f0ff673947f7ffc16e5a69d14273ab87c86 Mon Sep 17 00:00:00 2001 From: Andy Hu Date: Sun, 8 Feb 2015 18:34:01 +0800 Subject: [PATCH 2/2] fix test --- test/index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/index.js b/test/index.js index cd1cc8a..bafe275 100644 --- a/test/index.js +++ b/test/index.js @@ -317,7 +317,7 @@ describe('send(ctx, file)', function(){ var app = koa(); app.use(function *(){ - yield send(this, __dirname + '/fixtures/.hidden'); + yield send(this, 'test/fixtures/.hidden'); }); request(app.listen()) @@ -331,7 +331,7 @@ describe('send(ctx, file)', function(){ var app = koa(); app.use(function *(){ - yield send(this, __dirname + '/fixtures/.private/id_rsa.txt'); + yield send(this, 'test/fixtures/.private/id_rsa.txt'); }); request(app.listen()) @@ -345,7 +345,7 @@ describe('send(ctx, file)', function(){ var app = koa(); app.use(function *(){ - yield send(this, __dirname + '/fixtures/.hidden', {hidden: true}); + yield send(this, 'test/fixtures/.hidden', {hidden: true}); }); request(app.listen())