186526
/
unpkg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
unpkg/server/middleware/parseURL.js

86 lines
2.1 KiB
JavaScript
Raw Blame History

const validateNpmPackageName = require("validate-npm-package-name");
const parsePackageURL = require("../utils/parsePackageURL");
const createSearch = require("./utils/createSearch");
const KnownQueryParams = {
main: true,
meta: true,
module: true
};
function isKnownQueryParam(param) {
return !!KnownQueryParams[param];
}
function queryIsKnown(query) {
return Object.keys(query).every(isKnownQueryParam);
}
function sanitizeQuery(query) {
const saneQuery = {};
Object.keys(query).forEach(param => {
if (isKnownQueryParam(param)) saneQuery[param] = query[param];
});
return saneQuery;
}
/**
* Parse and validate the URL.
*/
function parseURL(req, res, next) {
// Redirect /_meta/path to /path?meta.
if (req.path.match(/^\/_meta\//)) {
req.query.meta = "";
return res.redirect(302, req.path.substr(6) + createSearch(req.query));
}
// Redirect /path?json => /path?meta
if (req.query.json != null) {
delete req.query.json;
req.query.meta = "";
return res.redirect(302, req.path + createSearch(req.query));
}
// Redirect requests with unknown query params to their equivalents
// with only known params so they can be served from the cache. This
// prevents people using random query params designed to bust the cache.
if (!queryIsKnown(req.query)) {
return res.redirect(302, req.path + createSearch(sanitizeQuery(req.query)));
}
const url = parsePackageURL(req.url);
// Disallow invalid URLs.
if (url == null) {
return res
.status(403)
.type("text")
.send(`Invalid URL: ${req.url}`);
}
const nameErrors = validateNpmPackageName(url.packageName).errors;
// Disallow invalid package names.
if (nameErrors) {
const reason = nameErrors.join(", ");
return res
.status(403)
.type("text")
.send(`Invalid package name "${url.packageName}" (${reason})`);
}
req.packageName = url.packageName;
req.packageVersion = url.packageVersion;
req.packageSpec = `${url.packageName}@${url.packageVersion}`;
req.pathname = url.pathname;
req.filename = url.filename;
req.search = url.search;
req.query = url.query;
next();
}
module.exports = parseURL;
Reference in New Issue View Git Blame Copy Permalink