Better error message for invalid queries

2017-08-12 09:26:06 -07:00 · 2017-08-12 09:26:06 -07:00 · 99c1f7098a
parent c5340f4c53
commit 99c1f7098a
2 changed files with 21 additions and 25 deletions
--- a/server/PackageURL.js
+++ b/server/PackageURL.js
@ -3,37 +3,16 @@ const url = require('url')
 const URLFormat = /^\/((?:@[^\/@]+\/)?[^\/@]+)(?:@([^\/]+))?(\/.*)?$/

 function decodeParam(param) {
-  if (param) {
-    try {
-      return decodeURIComponent(param) : ''
-    } catch (error) {
-      // Ignore param parsing errors.
-    }
+  try {
+    return decodeURIComponent(param)
+  } catch (error) {
+    return null
  }
-
-  return null
-}
-
-const ValidQueryKeys = {
-  main: true,
-  meta: true,
-  json: true
-}
-
-function queryIsValid(query) {
-  return Object.keys(query).every(function (key) {
-    return ValidQueryKeys[key]
-  })
 }

 function parsePackageURL(packageURL) {
  const { pathname, search, query } = url.parse(packageURL, true)

-  // Do not allow unrecognized query parameters because
-  // some people use them to bust the cache.
-  if (!queryIsValid(query))
-    return null
-
  const match = URLFormat.exec(pathname)

  if (match == null)
--- a/server/middleware/parseURL.js
+++ b/server/middleware/parseURL.js
@ -1,5 +1,17 @@
 const PackageURL = require('../PackageURL')

+const ValidQueryKeys = {
+  main: true,
+  meta: true,
+  json: true // deprecated
+}
+
+function queryIsValid(query) {
+  return Object.keys(query).every(function (key) {
+    return ValidQueryKeys[key]
+  })
+}
+
 /**
 * Parse and validate the URL.
 */
@ -9,6 +21,11 @@ function parseURL(req, res, next) {
  if (url == null)
    return res.status(403).send(`Invalid URL: ${req.url}`)

+  // Do not allow unrecognized query parameters because
+  // some people use them to bust the cache.
+  if (!queryIsValid(url.query))
+    return res.status(403).send(`Invalid query: ${JSON.stringify(url.query)}`)
+
  req.packageName = url.packageName
  req.packageVersion = url.packageVersion
  req.packageSpec = `${req.packageName}@${req.packageVersion}`