Skip to content

Commit

Permalink
Add option to filter files
Browse files Browse the repository at this point in the history
  • Loading branch information
ghostd committed Jan 30, 2021
1 parent c7cfa9f commit 377b974
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 0 deletions.
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,14 @@ for getting the file list.
This option cannot be set to `false` with `redirect` set to `true` on a server
with `ignoreTrailingSlash` set to `true`.

#### `allowedPath`

Default: `(pathname, root) => true`

This function allows filtering the served files.
If the function returns `true`, the file will be served.
If the function returns `false`, Fastify's 404 handler will be called.

#### `list`

Default: `undefined`
Expand Down
1 change: 1 addition & 0 deletions index.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ export interface FastifyStaticOptions {
redirect?: boolean;
wildcard?: boolean | string;
list?: boolean | ListOptions;
allowedPath?: (pathName: string, root?: string) => boolean;

// Passed on to `send`
acceptRanges?: boolean;
Expand Down
10 changes: 10 additions & 0 deletions index.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ const globPromise = util.promisify(glob)

const dirList = require('./lib/dirList')

function allowAllPaths () {
return true
}

async function fastifyStatic (fastify, opts) {
checkRootPathForErrors(fastify, opts.root)

Expand Down Expand Up @@ -39,6 +43,8 @@ async function fastifyStatic (fastify, opts) {
maxAge: opts.maxAge
}

const allowedPath = opts.allowedPath || allowAllPaths

function pumpSendToReply (request, reply, pathname, rootPath, rootPathOffset = 0) {
const options = Object.assign({}, sendOptions)

Expand All @@ -50,6 +56,10 @@ async function fastifyStatic (fastify, opts) {
}
}

if (!allowedPath(pathname, options.root)) {
return reply.callNotFound()
}

const stream = send(request.raw, pathname, options)
let resolvedFilename
stream.on('file', function (file) {
Expand Down
42 changes: 42 additions & 0 deletions test/static.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -819,6 +819,48 @@ t.test('sendFile disabled', t => {
})
})

t.test('allowedPath option', t => {
t.plan(3)

const pluginOptions = {
root: path.join(__dirname, '/static'),
allowedPath: (pathName) => pathName !== '/foobar.html'
}
const fastify = Fastify()
fastify.register(fastifyStatic, pluginOptions)

fastify.listen(0, err => {
t.error(err)

fastify.server.unref()

t.test('/foobar.html not found', t => {
t.plan(2 + GENERIC_ERROR_RESPONSE_CHECK_COUNT)
simple.concat({
method: 'GET',
url: 'http://localhost:' + fastify.server.address().port + '/foobar.html',
followRedirect: false
}, (err, response, body) => {
t.error(err)
t.strictEqual(response.statusCode, 404)
genericErrorResponseChecks(t, response)
})
})

t.test('/index.css found', t => {
t.plan(2)
simple.concat({
method: 'GET',
url: 'http://localhost:' + fastify.server.address().port + '/index.css',
followRedirect: false
}, (err, response, body) => {
t.error(err)
t.strictEqual(response.statusCode, 200)
})
})
})
})

t.test('prefix default', t => {
t.plan(1)
const pluginOptions = { root: path.join(__dirname, 'static') }
Expand Down

0 comments on commit 377b974

Please sign in to comment.