andyburke/serverus
Template
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: fix an issue if you had no allowed PUT/DELETE paths for static

Browse source 
uploads
This commit is contained in:
Andy Burke 2025-08-12 12:25:12 -07:00
parent da30c60896
commit a9f3fd9167
4 changed files with 122 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

29
handlers/static.ts
View file

@ -9,8 +9,9 @@ import * as media_types from '@std/media-types';
import { PRECHECK, SERVER } from '../server.ts';
import { getCookies } from '@std/http/cookie';
let PUT_PATHS_ALLOWED: string[] | undefined = undefined;
let DELETE_PATHS_ALLOWED: string[] | undefined = undefined;
function get_allowed_paths(env_var: string) {
return (Deno.env.get(env_var) ?? '').split(';').filter((p) => typeof p === 'string' && p.length > 0).map((p) => path.resolve(p));
}
export type HTTP_METHOD = 'GET' | 'PUT' | 'DELETE' | 'HEAD' | 'OPTIONS';
export type HANDLER_METHOD = (
@ -81,10 +82,8 @@ export const HANDLERS: Partial<Record<HTTP_METHOD, HANDLER_METHOD>> = {
},
PUT: async (request: Request, normalized_path: string, server: SERVER): Promise<Response | undefined> => {
PUT_PATHS_ALLOWED = PUT_PATHS_ALLOWED ??
(Deno.env.get('SERVERUS_PUT_PATHS_ALLOWED') ?? '').split(';').map((p) => path.resolve(p));
const allowed = PUT_PATHS_ALLOWED.some((allowed_put_path: string) => normalized_path.startsWith(allowed_put_path));
const allowed_paths = get_allowed_paths('SERVERUS_PUT_PATHS_ALLOWED');
const allowed = allowed_paths.some((allowed_path: string) => normalized_path.startsWith(allowed_path));
if (!allowed) {
return new Response('Permission Denied', {
@ -186,10 +185,8 @@ export const HANDLERS: Partial<Record<HTTP_METHOD, HANDLER_METHOD>> = {
},
DELETE: async (request: Request, normalized_path: string, server: SERVER): Promise<Response | undefined> => {
DELETE_PATHS_ALLOWED = DELETE_PATHS_ALLOWED ??
(Deno.env.get('SERVERUS_DELETE_PATHS_ALLOWED') ?? '').split(';').map((p) => path.resolve(p));
const allowed = DELETE_PATHS_ALLOWED.some((allowed_delete_path: string) => normalized_path.startsWith(allowed_delete_path));
const allowed_paths = get_allowed_paths('SERVERUS_DELETE_PATHS_ALLOWED');
const allowed = allowed_paths.some((allowed_path: string) => normalized_path.startsWith(allowed_path));
if (!allowed) {
return new Response('Permission Denied', {
@ -248,17 +245,13 @@ export const HANDLERS: Partial<Record<HTTP_METHOD, HANDLER_METHOD>> = {
OPTIONS: (_request: Request, normalized_path: string): Response | undefined => {
const allowed = ['GET', 'HEAD', 'OPTIONS'];
PUT_PATHS_ALLOWED = PUT_PATHS_ALLOWED ??
(Deno.env.get('SERVERUS_PUT_PATHS_ALLOWED') ?? '').split(';').map((p) => path.resolve(p));
if (PUT_PATHS_ALLOWED.some((allowed_put_path: string) => normalized_path.startsWith(allowed_put_path))) {
const allowed_put_paths = get_allowed_paths('SERVERUS_PUT_PATHS_ALLOWED');
if (allowed_put_paths.some((allowed_path: string) => normalized_path.startsWith(allowed_path))) {
allowed.push('PUT');
}
DELETE_PATHS_ALLOWED = DELETE_PATHS_ALLOWED ??
(Deno.env.get('SERVERUS_DELETE_PATHS_ALLOWED') ?? '').split(';').map((p) => path.resolve(p));
if (DELETE_PATHS_ALLOWED.some((allowed_delete_path: string) => normalized_path.startsWith(allowed_delete_path))) {
const allowed_delete_paths = get_allowed_paths('SERVERUS_DELETE_PATHS_ALLOWED');
if (allowed_delete_paths.some((allowed_path: string) => normalized_path.startsWith(allowed_path))) {
allowed.push('DELETE');
}