From f59b7593fb3f28b252bad213eb120644de0989d5 Mon Sep 17 00:00:00 2001 From: Tom <58078313+reed-tom@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:28:55 -0400 Subject: [PATCH] added workaround for bug in restify https://github.com/restify/node-restify/issues/1959 --- _workaround.js | 26 ++++++++++++++++++++++++++ api-doc.json | 14 ++++++++++++++ app.js | 35 +++++++++++++++++++++++++++-------- 3 files changed, 67 insertions(+), 8 deletions(-) create mode 100644 _workaround.js diff --git a/_workaround.js b/_workaround.js new file mode 100644 index 0000000..3d0e402 --- /dev/null +++ b/_workaround.js @@ -0,0 +1,26 @@ +/** + * Cleans up sloppy URLs on the request object, like /foo////bar/// to /foo/bar. + * + * @private + * @function strip + * @param {Object} path - a url path to clean up + * @returns {String} cleaned path + */ +module.exports = { + strip: (path) => { + var cur; + var next; + var str = ""; + for (var i = 0; i < path.length; i++) { + cur = path.charAt(i); + if (i !== path.length - 1) { + next = path.charAt(i + 1); + } + if (cur === "/" && (next === "/" || (next === "?" && i > 0))) { + continue; + } + str += cur; + } + return str; + }, +}; diff --git a/api-doc.json b/api-doc.json index 74c9322..970c3b1 100644 --- a/api-doc.json +++ b/api-doc.json @@ -1132,12 +1132,26 @@ }, "description": "Details of the logged action" }, + { + "name": "x-real-ip", + "in": "header", + "schema": { + "type": "string" + } + }, { "name": "proxy-ip", "in": "header", "schema": { "type": "string" } + }, + { + "name": "x-forwarded-for", + "in": "header", + "schema": { + "type": "string" + } } ], "responses": { diff --git a/app.js b/app.js index 5003685..253c05f 100644 --- a/app.js +++ b/app.js @@ -6,6 +6,7 @@ const fs = require("fs"); const packageJson = require("./package.json"); var corsMiddleware = require("restify-cors-middleware2"); const documentationOutputFile = require("path").join(__dirname, "./api-doc.json"); +const _workaround = require("./_workaround"); // CORS FOR RESTIFY var cors = corsMiddleware({ @@ -29,8 +30,18 @@ server.use(cors.actual); // Ensure we don't drop data on uploads server.pre(restify.pre.pause()); +//TEMPORARY WORKAROUND FOR BUG IN RESTIFY +server.pre((req, res, next) => { + try { + if (!_workaround.strip(req.url)) req.url = "/"; + restify.pre.sanitizePath()(req, res, next); + } catch (e) { + console.error(e); + } +}); +//REMOVED BECAUSE OF BUG IN RESTIFY // Clean up sloppy paths like //todo//////1// -server.pre(restify.pre.sanitizePath()); +// server.pre(restify.pre.sanitizePath()); // Handles annoying user agents (curl) server.pre(restify.pre.userAgentConnection()); @@ -42,15 +53,16 @@ server.use(restify.plugins.requestLogger()); server.use(function (req, res, next) { var err = null; try { - decodeURIComponent(req.path); + if (!req.path) throw new Error("Invalid URL"); + else decodeURIComponent(req.path); } catch (e) { err = e; } if (err) { - logger.warn(`Invalid URL Request- ${req.url}`); + console.warn(`Invalid URL Request- ${req.url}`); res.status(404); res.send(); - return next(); + next(); } next(); }); @@ -77,7 +89,7 @@ require("./routes/routeBuilder")(server, packageJson.defaultRoute); server.get(packageJson.defaultRoute + `/docs.json`, (req, res, next) => { const documentation = require(documentationOutputFile); res.json(documentation); - next(); + return next(); }); const swaggerIndexContent = fs @@ -104,9 +116,16 @@ server.get( ); server.get("*", function (req, res, next) { - console.warn(`Invalid URL Request- ${req.url}`); - res.send(404); - next(); + try { + console.warn(`Invalid URL Request- ${req.url}`); + res.send(404); + next(); + } catch (e) { + console.error(e.stack); + res.status(500); + res.send(); + next(); + } }); server.listen(serverPort, function () {