2017-11-11 20:18:13 +00:00
|
|
|
const validateNpmPackageName = require('validate-npm-package-name')
|
2017-08-19 18:44:01 +00:00
|
|
|
const parsePackageURL = require('../utils/parsePackageURL')
|
2017-09-02 05:43:56 +00:00
|
|
|
const createSearch = require('./utils/createSearch')
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2017-08-18 21:43:06 +00:00
|
|
|
const KnownQueryParams = {
|
|
|
|
|
main: true,
|
2017-08-21 17:17:40 +00:00
|
|
|
meta: true,
|
|
|
|
|
module: true
|
2017-08-18 21:43:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function isKnownQueryParam(param) {
|
|
|
|
|
return !!KnownQueryParams[param]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function queryIsKnown(query) {
|
|
|
|
|
return Object.keys(query).every(isKnownQueryParam)
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-19 00:53:56 +00:00
|
|
|
function sanitizeQuery(query) {
|
|
|
|
|
const saneQuery = {}
|
2017-08-18 21:43:06 +00:00
|
|
|
|
2017-11-08 18:14:46 +00:00
|
|
|
Object.keys(query).forEach(param => {
|
2017-11-08 16:57:15 +00:00
|
|
|
if (isKnownQueryParam(param)) saneQuery[param] = query[param]
|
2017-08-19 00:53:56 +00:00
|
|
|
})
|
2017-08-18 21:43:06 +00:00
|
|
|
|
2017-08-19 00:53:56 +00:00
|
|
|
return saneQuery
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-10 17:12:50 +00:00
|
|
|
/**
|
|
|
|
|
* Parse and validate the URL.
|
|
|
|
|
*/
|
2017-11-11 20:18:13 +00:00
|
|
|
function parseURL(req, res, next) {
|
2017-08-29 21:38:23 +00:00
|
|
|
// Redirect /_meta/path to /path?meta.
|
2017-08-19 00:53:56 +00:00
|
|
|
if (req.path.match(/^\/_meta\//)) {
|
|
|
|
|
req.query.meta = ''
|
2017-08-31 16:00:25 +00:00
|
|
|
return res.redirect(302, req.path.substr(6) + createSearch(req.query))
|
2017-08-19 00:53:56 +00:00
|
|
|
}
|
2017-08-18 22:49:12 +00:00
|
|
|
|
2017-08-29 21:38:23 +00:00
|
|
|
// Redirect /path?json => /path?meta
|
|
|
|
|
if (req.query.json != null) {
|
|
|
|
|
delete req.query.json
|
|
|
|
|
req.query.meta = ''
|
2017-08-31 16:00:25 +00:00
|
|
|
return res.redirect(302, req.path + createSearch(req.query))
|
2017-08-29 21:38:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Redirect requests with unknown query params to their equivalents
|
|
|
|
|
// with only known params so they can be served from the cache. This
|
|
|
|
|
// prevents people using random query params designed to bust the cache.
|
2017-11-11 20:18:13 +00:00
|
|
|
if (!queryIsKnown(req.query)) {
|
2017-08-31 16:00:25 +00:00
|
|
|
return res.redirect(302, req.path + createSearch(sanitizeQuery(req.query)))
|
2017-11-11 20:18:13 +00:00
|
|
|
}
|
2017-08-29 21:38:23 +00:00
|
|
|
|
2017-08-19 18:44:01 +00:00
|
|
|
const url = parsePackageURL(req.url)
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2017-11-11 20:18:13 +00:00
|
|
|
// Disallow invalid URLs.
|
|
|
|
|
if (url == null) {
|
2017-11-08 16:57:15 +00:00
|
|
|
return res
|
|
|
|
|
.status(403)
|
|
|
|
|
.type('text')
|
|
|
|
|
.send(`Invalid URL: ${req.url}`)
|
2017-11-11 20:18:13 +00:00
|
|
|
}
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2017-11-11 20:18:13 +00:00
|
|
|
const nameErrors = validateNpmPackageName(url.packageName).errors
|
2017-08-15 18:56:08 +00:00
|
|
|
|
2017-11-11 20:18:13 +00:00
|
|
|
// Disallow invalid package names.
|
|
|
|
|
if (nameErrors) {
|
|
|
|
|
const reason = nameErrors.join(', ')
|
2017-11-08 16:57:15 +00:00
|
|
|
return res
|
|
|
|
|
.status(403)
|
|
|
|
|
.type('text')
|
2017-11-11 20:18:13 +00:00
|
|
|
.send(`Invalid package name "${url.packageName}" (${reason})`)
|
|
|
|
|
}
|
2017-08-15 18:56:08 +00:00
|
|
|
|
2017-08-11 05:11:55 +00:00
|
|
|
req.packageName = url.packageName
|
|
|
|
|
req.packageVersion = url.packageVersion
|
|
|
|
|
req.packageSpec = `${req.packageName}@${req.packageVersion}`
|
|
|
|
|
req.pathname = url.pathname
|
|
|
|
|
req.filename = url.filename
|
|
|
|
|
req.search = url.search
|
|
|
|
|
req.query = url.query
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2017-08-11 05:11:55 +00:00
|
|
|
next()
|
2017-08-10 17:12:50 +00:00
|
|
|
}
|
|
|
|
|
|
2017-11-11 20:18:13 +00:00
|
|
|
module.exports = parseURL
|
