2018-02-17 00:00:06 +00:00
|
|
|
const validateNpmPackageName = require("validate-npm-package-name");
|
|
|
|
const parsePackageURL = require("../utils/parsePackageURL");
|
|
|
|
const createSearch = require("./utils/createSearch");
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2018-03-20 17:34:31 +00:00
|
|
|
const knownQueryParams = {
|
2018-05-19 00:55:28 +00:00
|
|
|
main: true, // Deprecated, see #63
|
2017-08-21 17:17:40 +00:00
|
|
|
meta: true,
|
|
|
|
module: true
|
2018-02-17 00:00:06 +00:00
|
|
|
};
|
2017-08-18 21:43:06 +00:00
|
|
|
|
|
|
|
function isKnownQueryParam(param) {
|
2018-03-20 17:34:31 +00:00
|
|
|
return !!knownQueryParams[param];
|
2017-08-18 21:43:06 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function queryIsKnown(query) {
|
2018-02-17 00:00:06 +00:00
|
|
|
return Object.keys(query).every(isKnownQueryParam);
|
2017-08-18 21:43:06 +00:00
|
|
|
}
|
|
|
|
|
2017-08-19 00:53:56 +00:00
|
|
|
function sanitizeQuery(query) {
|
2018-02-17 00:00:06 +00:00
|
|
|
const saneQuery = {};
|
2017-08-18 21:43:06 +00:00
|
|
|
|
2017-11-08 18:14:46 +00:00
|
|
|
Object.keys(query).forEach(param => {
|
2018-02-17 00:00:06 +00:00
|
|
|
if (isKnownQueryParam(param)) saneQuery[param] = query[param];
|
|
|
|
});
|
2017-08-18 21:43:06 +00:00
|
|
|
|
2018-02-17 00:00:06 +00:00
|
|
|
return saneQuery;
|
2017-08-19 00:53:56 +00:00
|
|
|
}
|
|
|
|
|
2017-08-10 17:12:50 +00:00
|
|
|
/**
|
|
|
|
* Parse and validate the URL.
|
|
|
|
*/
|
2017-11-11 20:18:13 +00:00
|
|
|
function parseURL(req, res, next) {
|
2018-05-19 00:55:28 +00:00
|
|
|
// Permanently redirect /_meta/path to /path?meta.
|
2017-08-19 00:53:56 +00:00
|
|
|
if (req.path.match(/^\/_meta\//)) {
|
2018-02-17 00:00:06 +00:00
|
|
|
req.query.meta = "";
|
2018-05-19 00:55:28 +00:00
|
|
|
return res.redirect(301, req.path.substr(6) + createSearch(req.query));
|
2017-08-19 00:53:56 +00:00
|
|
|
}
|
2017-08-18 22:49:12 +00:00
|
|
|
|
2018-05-19 00:55:28 +00:00
|
|
|
// Permanently redirect /path?json => /path?meta
|
2017-08-29 21:38:23 +00:00
|
|
|
if (req.query.json != null) {
|
2018-02-17 00:00:06 +00:00
|
|
|
delete req.query.json;
|
|
|
|
req.query.meta = "";
|
2018-05-19 00:55:28 +00:00
|
|
|
return res.redirect(301, req.path + createSearch(req.query));
|
2017-08-29 21:38:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Redirect requests with unknown query params to their equivalents
|
|
|
|
// with only known params so they can be served from the cache. This
|
|
|
|
// prevents people using random query params designed to bust the cache.
|
2017-11-11 20:18:13 +00:00
|
|
|
if (!queryIsKnown(req.query)) {
|
2018-02-17 00:00:06 +00:00
|
|
|
return res.redirect(302, req.path + createSearch(sanitizeQuery(req.query)));
|
2017-11-11 20:18:13 +00:00
|
|
|
}
|
2017-08-29 21:38:23 +00:00
|
|
|
|
2018-02-17 00:00:06 +00:00
|
|
|
const url = parsePackageURL(req.url);
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2017-11-11 20:18:13 +00:00
|
|
|
// Disallow invalid URLs.
|
|
|
|
if (url == null) {
|
2017-11-08 16:57:15 +00:00
|
|
|
return res
|
|
|
|
.status(403)
|
2017-11-25 21:25:01 +00:00
|
|
|
.type("text")
|
2018-02-17 00:00:06 +00:00
|
|
|
.send(`Invalid URL: ${req.url}`);
|
2017-11-11 20:18:13 +00:00
|
|
|
}
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2018-02-17 00:00:06 +00:00
|
|
|
const nameErrors = validateNpmPackageName(url.packageName).errors;
|
2017-08-15 18:56:08 +00:00
|
|
|
|
2017-11-11 20:18:13 +00:00
|
|
|
// Disallow invalid package names.
|
|
|
|
if (nameErrors) {
|
2018-02-17 00:00:06 +00:00
|
|
|
const reason = nameErrors.join(", ");
|
2017-11-08 16:57:15 +00:00
|
|
|
return res
|
|
|
|
.status(403)
|
2017-11-25 21:25:01 +00:00
|
|
|
.type("text")
|
2018-02-17 00:00:06 +00:00
|
|
|
.send(`Invalid package name "${url.packageName}" (${reason})`);
|
2017-11-11 20:18:13 +00:00
|
|
|
}
|
2017-08-15 18:56:08 +00:00
|
|
|
|
2018-02-17 00:00:06 +00:00
|
|
|
req.packageName = url.packageName;
|
|
|
|
req.packageVersion = url.packageVersion;
|
|
|
|
req.packageSpec = `${url.packageName}@${url.packageVersion}`;
|
|
|
|
req.pathname = url.pathname;
|
|
|
|
req.filename = url.filename;
|
|
|
|
req.search = url.search;
|
|
|
|
req.query = url.query;
|
2017-08-10 17:12:50 +00:00
|
|
|
|
2018-02-17 00:00:06 +00:00
|
|
|
next();
|
2017-08-10 17:12:50 +00:00
|
|
|
}
|
|
|
|
|
2018-02-17 00:00:06 +00:00
|
|
|
module.exports = parseURL;
|