src/node/hooks/express/padurlsanitize.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

var padManager = require('../../db/PadManager');
var url = require('url');

exports.expressCreateServer = function (hook_name, args, cb) {
  //redirects browser to the pad's sanitized url if needed. otherwise, renders the html
  args.app.param('pad', function (req, res, next, padId) {
    //ensure the padname is valid and the url doesn't end with a /
    if(!padManager.isValidPadId(padId) || /\/$/.test(req.url))
    {
      res.status(404).send('Such a padname is forbidden');
    }
    else
    {
      padManager.sanitizePadId(padId, function(sanitizedPadId) {
        //the pad id was sanitized, so we redirect to the sanitized version
        if(sanitizedPadId != padId)
        {
          var real_url = sanitizedPadId;
          real_url = encodeURIComponent(real_url);
          var query = url.parse(req.url).query;
          if ( query ) real_url += '?' + query;
          res.header('Location', real_url);
          res.status(302).send('You should be redirected to <a href="' + real_url + '">' + real_url + '</a>');
        }
        //the pad id was fine, so just render it
        else
        {
          next();
        }
      });
    }
  });
}