Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e650b95253
pdf.js/test/webserver.mjs

356 lines
10 KiB
JavaScript
Raw Normal View History

Replaces pythons web server
2014-03-22 09:47:23 +09:00
/*
* Copyright 2014 Mozilla Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
[ESM] Convert *most* of `test`-folder to use standard modules
2023-07-08 19:44:37 +09:00
import fs from "fs";
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
import fsPromises from "fs/promises";
[ESM] Convert *most* of `test`-folder to use standard modules
2023-07-08 19:44:37 +09:00
import http from "http";
import path from "path";
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
const MIME_TYPES = {
Enable auto-formatting of the entire code-base using Prettier (issue 11444) Note that Prettier, purposely, has only limited [configuration options](https://prettier.io/docs/en/options.html). The configuration file is based on [the one in `mozilla central`](https://searchfox.org/mozilla-central/source/.prettierrc) with just a few additions (to avoid future breakage if the defaults ever changes). Prettier is being used for a couple of reasons: - To be consistent with `mozilla-central`, where Prettier is already in use across the tree. - To ensure a *consistent* coding style everywhere, which is automatically enforced during linting (since Prettier is used as an ESLint plugin). This thus ends "all" formatting disussions once and for all, removing the need for review comments on most stylistic matters. Many ESLint options are now redundant, and I've tried my best to remove all the now unnecessary options (but I may have missed some). Note also that since Prettier considers the `printWidth` option as a guide, rather than a hard rule, this patch resorts to a small hack in the ESLint config to ensure that *comments* won't become too long. *Please note:* This patch is generated automatically, by appending the `--fix` argument to the ESLint call used in the `gulp lint` task. It will thus require some additional clean-up, which will be done in a *separate* commit. (On a more personal note, I'll readily admit that some of the changes Prettier makes are *extremely* ugly. However, in the name of consistency we'll probably have to live with that.)
2019-12-25 23:59:37 +09:00
".css": "text/css",
".html": "text/html",
".js": "application/javascript",
[ESM] Convert *most* of `test`-folder to use standard modules
2023-07-08 19:44:37 +09:00
".mjs": "application/javascript",
Enable auto-formatting of the entire code-base using Prettier (issue 11444) Note that Prettier, purposely, has only limited [configuration options](https://prettier.io/docs/en/options.html). The configuration file is based on [the one in `mozilla central`](https://searchfox.org/mozilla-central/source/.prettierrc) with just a few additions (to avoid future breakage if the defaults ever changes). Prettier is being used for a couple of reasons: - To be consistent with `mozilla-central`, where Prettier is already in use across the tree. - To ensure a *consistent* coding style everywhere, which is automatically enforced during linting (since Prettier is used as an ESLint plugin). This thus ends "all" formatting disussions once and for all, removing the need for review comments on most stylistic matters. Many ESLint options are now redundant, and I've tried my best to remove all the now unnecessary options (but I may have missed some). Note also that since Prettier considers the `printWidth` option as a guide, rather than a hard rule, this patch resorts to a small hack in the ESLint config to ensure that *comments* won't become too long. *Please note:* This patch is generated automatically, by appending the `--fix` argument to the ESLint call used in the `gulp lint` task. It will thus require some additional clean-up, which will be done in a *separate* commit. (On a more personal note, I'll readily admit that some of the changes Prettier makes are *extremely* ugly. However, in the name of consistency we'll probably have to live with that.)
2019-12-25 23:59:37 +09:00
".json": "application/json",
".svg": "image/svg+xml",
".pdf": "application/pdf",
".xhtml": "application/xhtml+xml",
".gif": "image/gif",
".ico": "image/x-icon",
".png": "image/png",
".log": "text/plain",
".bcmap": "application/octet-stream",
[api-minor] Move to Fluent for the localization (bug 1858715) - For the generic viewer we use @fluent/dom and @fluent/bundle - For the builtin pdf viewer in Firefox, we set a localization url and then we rely on document.l10n which is a DOMLocalization object.
2023-10-13 23:23:17 +09:00
".ftl": "text/plain",
Replaces pythons web server
2014-03-22 09:47:23 +09:00
};
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
const DEFAULT_MIME_TYPE = "application/octet-stream";
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
class WebServer {
Improve the webserver's constructor This makes the webserver configurable during instantiation rather than having to set the parameters afterwards.
2024-02-18 00:12:26 +09:00
constructor({ root, host, port, cacheExpirationTime }) {
this.root = root || ".";
this.host = host || "localhost";
this.port = port || 0;
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
this.server = null;
this.verbose = false;
Improve the webserver's constructor This makes the webserver configurable during instantiation rather than having to set the parameters afterwards.
2024-02-18 00:12:26 +09:00
this.cacheExpirationTime = cacheExpirationTime || 0;
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
this.disableRangeRequests = false;
this.hooks = {
GET: [crossOriginHandler],
POST: [],
};
}
Enable ESLint rules that no longer need to be disabled on a directory/file-basis Given that browsers/environments without native support for both arrow functions and object shorthand properties are no longer supported in PDF.js, please refer to the compatibility information below, we can now enable a fair number of ESLint rules and also simplify/remove some `.eslintrc` files. With the exception of the `no-alert` cases, all code changes were made automatically by using `gulp lint --fix`. - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions#browser_compatibility - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Object_initializer#browser_compatibility
2021-01-23 01:38:26 +09:00
start(callback) {
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
this.#ensureNonZeroPort();
this.server = http.createServer(this.#handler.bind(this));
Replaces pythons web server
2014-03-22 09:47:23 +09:00
this.server.listen(this.port, this.host, callback);
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
console.log(`Server running at http://${this.host}:${this.port}/`);
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
}
Enable ESLint rules that no longer need to be disabled on a directory/file-basis Given that browsers/environments without native support for both arrow functions and object shorthand properties are no longer supported in PDF.js, please refer to the compatibility information below, we can now enable a fair number of ESLint rules and also simplify/remove some `.eslintrc` files. With the exception of the `no-alert` cases, all code changes were made automatically by using `gulp lint --fix`. - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions#browser_compatibility - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Object_initializer#browser_compatibility
2021-01-23 01:38:26 +09:00
stop(callback) {
Replaces pythons web server
2014-03-22 09:47:23 +09:00
this.server.close(callback);
this.server = null;
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
}
#ensureNonZeroPort() {
Use random port in test webserver
2015-11-11 03:08:52 +09:00
if (!this.port) {
// If port is 0, a random port will be chosen instead. Do not set a host
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
// name to make sure that the port is synchronously set by `.listen()`.
const server = http.createServer().listen(0);
const address = server.address();
// `.address().port` being available synchronously is merely an
// implementation detail, so we are defensive here and fall back to a
Use random port in test webserver
2015-11-11 03:08:52 +09:00
// fixed port when the address is not available yet.
this.port = address ? address.port : 8000;
server.close();
}
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
}
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
async #handler(request, response) {
// Validate and parse the request URL.
const url = request.url.replaceAll("//", "/");
const urlParts = /([^?]*)((?:\?(.*))?)/.exec(url);
let pathPart;
Handle malformed URIs as bad requests in the development webserver Fixes #10445 (found by Dhiraj Mishra).
2019-01-13 22:50:27 +09:00
try {
// Guard against directory traversal attacks such as
// `/../../../../../../../etc/passwd`, which let you make GET requests
// for files outside of `this.root`.
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
pathPart = path.normalize(decodeURI(urlParts[1]));
// `path.normalize` returns a path on the basis of the current platform.
// Windows paths cause issues in `checkRequest` and underlying methods.
// Converting to a Unix path avoids platform checks in said functions.
Enable the `unicorn/prefer-string-replace-all` ESLint plugin rule Note that the `replaceAll` method still requires that a *global* regular expression is used, however by using this method it's immediately obvious when looking at the code that all occurrences will be replaced; please see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replaceAll#parameters Please find additional details at https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/prefer-string-replace-all.md
2023-03-23 20:34:08 +09:00
pathPart = pathPart.replaceAll("\\", "/");
Enable the `unicorn/prefer-optional-catch-binding` ESLint plugin rule According to MDN this format is available in all browsers/environments that we currently support, see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/try...catch#browser_compatibility Please also see https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/prefer-optional-catch-binding.md
2023-06-12 18:46:11 +09:00
} catch {
Handle malformed URIs as bad requests in the development webserver Fixes #10445 (found by Dhiraj Mishra).
2019-01-13 22:50:27 +09:00
// If the URI cannot be decoded, a `URIError` is thrown. This happens for
// malformed URIs such as `http://localhost:8888/%s%s` and should be
// handled as a bad request.
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
response.writeHead(400);
response.end("Bad request", "utf8");
Handle malformed URIs as bad requests in the development webserver Fixes #10445 (found by Dhiraj Mishra).
2019-01-13 22:50:27 +09:00
return;
}
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
// Validate the request method and execute method hooks.
const methodHooks = this.hooks[request.method];
Replaces pythons web server
2014-03-22 09:47:23 +09:00
if (!methodHooks) {
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
response.writeHead(405);
response.end("Unsupported request method", "utf8");
Replaces pythons web server
2014-03-22 09:47:23 +09:00
return;
}
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
const handled = methodHooks.some(hook => hook(request, response));
Replaces pythons web server
2014-03-22 09:47:23 +09:00
if (handled) {
return;
}
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
// Check the request and serve the file/folder contents.
Enable auto-formatting of the entire code-base using Prettier (issue 11444) Note that Prettier, purposely, has only limited [configuration options](https://prettier.io/docs/en/options.html). The configuration file is based on [the one in `mozilla central`](https://searchfox.org/mozilla-central/source/.prettierrc) with just a few additions (to avoid future breakage if the defaults ever changes). Prettier is being used for a couple of reasons: - To be consistent with `mozilla-central`, where Prettier is already in use across the tree. - To ensure a *consistent* coding style everywhere, which is automatically enforced during linting (since Prettier is used as an ESLint plugin). This thus ends "all" formatting disussions once and for all, removing the need for review comments on most stylistic matters. Many ESLint options are now redundant, and I've tried my best to remove all the now unnecessary options (but I may have missed some). Note also that since Prettier considers the `printWidth` option as a guide, rather than a hard rule, this patch resorts to a small hack in the ESLint config to ensure that *comments* won't become too long. *Please note:* This patch is generated automatically, by appending the `--fix` argument to the ESLint call used in the `gulp lint` task. It will thus require some additional clean-up, which will be done in a *separate* commit. (On a more personal note, I'll readily admit that some of the changes Prettier makes are *extremely* ugly. However, in the name of consistency we'll probably have to live with that.)
2019-12-25 23:59:37 +09:00
if (pathPart === "/favicon.ico") {
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
pathPart = "test/resources/favicon.ico";
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Modernize the webserver's handler method This commit converts `var` to `const`/`let`, gives the variables more readable names and annotates the code to make the flow clearer.
2024-02-12 04:03:23 +09:00
await this.#checkRequest(request, response, url, urlParts, pathPart);
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
}
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
async #checkRequest(request, response, url, urlParts, pathPart) {
// Check if the file/folder exists.
let filePath;
try {
filePath = await fsPromises.realpath(path.join(this.root, pathPart));
} catch {
response.writeHead(404);
response.end();
if (this.verbose) {
console.error(`${url}: not found`);
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
return;
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
// Get the properties of the file/folder.
let stats;
try {
stats = await fsPromises.stat(filePath);
} catch {
response.writeHead(500);
response.end();
return;
}
const fileSize = stats.size;
const isDir = stats.isDirectory();
// If a folder is requested, serve the directory listing.
if (isDir && !/\/$/.test(pathPart)) {
response.setHeader("Location", `${pathPart}/${urlParts[2]}`);
response.writeHead(301);
response.end("Redirected", "utf8");
return;
}
if (isDir) {
const queryPart = urlParts[3];
await this.#serveDirectoryIndex(response, pathPart, queryPart, filePath);
return;
}
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
// If a file is requested with range requests, serve it accordingly.
const { range } = request.headers;
if (range && !this.disableRangeRequests) {
const rangesMatches = /^bytes=(\d+)-(\d+)?/.exec(range);
if (!rangesMatches) {
response.writeHead(501);
response.end("Bad range", "utf8");
if (this.verbose) {
console.error(`${url}: bad range: ${range}`);
}
Replaces pythons web server
2014-03-22 09:47:23 +09:00
return;
}
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
const start = +rangesMatches[1];
const end = +rangesMatches[2];
if (this.verbose) {
console.log(`${url}: range ${start}-${end}`);
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
this.#serveFileRange(
response,
filePath,
fileSize,
start,
isNaN(end) ? fileSize : end + 1
);
return;
}
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
// Otherwise, serve the file normally.
if (this.verbose) {
console.log(url);
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Extract and modernize the webserver's request checking code The `handler` method contained this code in two inline functions, triggered via callbacks, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the request checking code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings. The logic is now self-contained in a single method that can be read from top to bottom without callbacks and with comments annotating each check/section.
2024-02-12 03:55:21 +09:00
this.#serveFile(response, filePath, fileSize);
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
}
async #serveDirectoryIndex(response, pathPart, queryPart, directory) {
response.setHeader("Content-Type", "text/html");
response.writeHead(200);
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
if (queryPart === "frame") {
response.end(
`<html>
<frameset cols=*,200>
<frame name=pdf>
<frame src="${encodeURI(pathPart)}?side">
</frameset>
</html>`,
"utf8"
);
return;
}
let files;
try {
files = await fsPromises.readdir(directory);
} catch {
response.end();
return;
}
response.write(
`<html>
<head>
<meta charset="utf-8">
</head>
<body>
<h1>Index of ${pathPart}</h1>`
);
if (pathPart !== "/") {
response.write('<a href="..">..</a><br>');
}
const all = queryPart === "all";
const escapeHTML = untrusted =>
Improve reliability of the test server - replace // with / (otherwise http://localhost:8888// links to e.g. http://src/ instead of http://localhost:8888/src). - Solve XSS issue (file names should be sanitized, not output as-is). - Prevent server from crashing if there is a stat error (e.g. permission error or file not found (e.g. broken symlink)).
2015-11-07 05:52:35 +09:00
// Escape untrusted input so that it can safely be used in a HTML response
// in HTML and in HTML attributes.
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
untrusted
Enable the `unicorn/prefer-string-replace-all` ESLint plugin rule Note that the `replaceAll` method still requires that a *global* regular expression is used, however by using this method it's immediately obvious when looking at the code that all occurrences will be replaced; please see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/replaceAll#parameters Please find additional details at https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/prefer-string-replace-all.md
2023-03-23 20:34:08 +09:00
.replaceAll("&", "&amp;")
.replaceAll("<", "&lt;")
.replaceAll(">", "&gt;")
.replaceAll('"', "&quot;")
.replaceAll("'", "&#39;");
Improve reliability of the test server - replace // with / (otherwise http://localhost:8888// links to e.g. http://src/ instead of http://localhost:8888/src). - Solve XSS issue (file names should be sanitized, not output as-is). - Prevent server from crashing if there is a stat error (e.g. permission error or file not found (e.g. broken symlink)).
2015-11-07 05:52:35 +09:00
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
for (const file of files) {
let stat;
const item = pathPart + file;
let href = "";
let label = "";
let extraAttributes = "";
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
try {
stat = fs.statSync(path.join(directory, file));
} catch (ex) {
href = encodeURI(item);
label = `${file} (${ex})`;
extraAttributes = ' style="color:red"';
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
if (stat) {
if (stat.isDirectory()) {
href = encodeURI(item);
label = file;
} else if (path.extname(file).toLowerCase() === ".pdf") {
href = `/web/viewer.html?file=${encodeURIComponent(item)}`;
label = file;
extraAttributes = ' target="pdf"';
} else if (all) {
href = encodeURI(item);
label = file;
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
}
if (label) {
response.write(
`<a href="${escapeHTML(href)}"${extraAttributes}>${escapeHTML(label)}</a><br>`
Enable auto-formatting of the entire code-base using Prettier (issue 11444) Note that Prettier, purposely, has only limited [configuration options](https://prettier.io/docs/en/options.html). The configuration file is based on [the one in `mozilla central`](https://searchfox.org/mozilla-central/source/.prettierrc) with just a few additions (to avoid future breakage if the defaults ever changes). Prettier is being used for a couple of reasons: - To be consistent with `mozilla-central`, where Prettier is already in use across the tree. - To ensure a *consistent* coding style everywhere, which is automatically enforced during linting (since Prettier is used as an ESLint plugin). This thus ends "all" formatting disussions once and for all, removing the need for review comments on most stylistic matters. Many ESLint options are now redundant, and I've tried my best to remove all the now unnecessary options (but I may have missed some). Note also that since Prettier considers the `printWidth` option as a guide, rather than a hard rule, this patch resorts to a small hack in the ESLint config to ensure that *comments* won't become too long. *Please note:* This patch is generated automatically, by appending the `--fix` argument to the ESLint call used in the `gulp lint` task. It will thus require some additional clean-up, which will be done in a *separate* commit. (On a more personal note, I'll readily admit that some of the changes Prettier makes are *extremely* ugly. However, in the name of consistency we'll probably have to live with that.)
2019-12-25 23:59:37 +09:00
);
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
}
}
if (files.length === 0) {
response.write("<p>No files found</p>");
}
if (!all && queryPart !== "side") {
response.write(
'<hr><p>(only PDF files are shown, <a href="?all">show all</a>)</p>'
);
Replaces pythons web server
2014-03-22 09:47:23 +09:00
}
Extract and modernize the webserver's directory listing code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the directory listing code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-12 00:46:01 +09:00
response.end("</body></html>");
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
}
Extract and modernize the webserver's file serving code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the file serving code into a dedicated private method, and modernizing it to use e.g. `const`/`let` instead of `var` and using template strings.
2024-02-11 21:45:06 +09:00
#serveFile(response, filePath, fileSize) {
const stream = fs.createReadStream(filePath, { flags: "rs" });
stream.on("error", error => {
response.writeHead(500);
response.end();
});
if (!this.disableRangeRequests) {
response.setHeader("Accept-Ranges", "bytes");
}
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
response.setHeader("Content-Type", this.#getContentType(filePath));
Extract and modernize the webserver's file serving code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the file serving code into a dedicated private method, and modernizing it to use e.g. `const`/`let` instead of `var` and using template strings.
2024-02-11 21:45:06 +09:00
response.setHeader("Content-Length", fileSize);
if (this.cacheExpirationTime > 0) {
const expireTime = new Date();
expireTime.setSeconds(expireTime.getSeconds() + this.cacheExpirationTime);
response.setHeader("Expires", expireTime.toUTCString());
}
response.writeHead(200);
stream.pipe(response);
}
Extract and modernize the webserver's range file serving code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the range file serving code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-11 21:49:42 +09:00
#serveFileRange(response, filePath, fileSize, start, end) {
const stream = fs.createReadStream(filePath, {
flags: "rs",
start,
end: end - 1,
});
stream.on("error", error => {
response.writeHead(500);
response.end();
});
response.setHeader("Accept-Ranges", "bytes");
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
response.setHeader("Content-Type", this.#getContentType(filePath));
Extract and modernize the webserver's range file serving code The `handler` method contained this code in an inline function, which made the `handler` method big and harder to read. Moreover, this code relied on variables from the outer scope, which made it harder to reason about because the inputs and outputs weren't easily visible. This commit fixes the problems by extracting the range file serving code into a dedicated private method, and modernizing it to use e.g. `const`/ `let` instead of `var` and using template strings.
2024-02-11 21:49:42 +09:00
response.setHeader("Content-Length", end - start);
response.setHeader(
"Content-Range",
`bytes ${start}-${end - 1}/${fileSize}`
);
response.writeHead(206);
stream.pipe(response);
}
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
#getContentType(filePath) {
const extension = path.extname(filePath).toLowerCase();
return MIME_TYPES[extension] || DEFAULT_MIME_TYPE;
}
Convert the webserver to a proper class with private methods
2024-02-11 21:37:01 +09:00
}
Replaces pythons web server
2014-03-22 09:47:23 +09:00
Add test for withCredentials option
2017-08-31 21:08:22 +09:00
// This supports the "Cross-origin" test in test/unit/api_spec.js
// It is here instead of test.js so that when the test will still complete as
// expected if the user does "gulp server" and then visits
// http://localhost:8888/test/unit/unit_test.html?spec=Cross-origin
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
function crossOriginHandler(request, response) {
if (request.url === "/test/pdfs/basicapi.pdf?cors=withCredentials") {
response.setHeader("Access-Control-Allow-Origin", request.headers.origin);
response.setHeader("Access-Control-Allow-Credentials", "true");
Add test for withCredentials option
2017-08-31 21:08:22 +09:00
}
Modernize the remainder of the webserver's code and enable the `no-var` ESLint rule This commit also moves the content type logic into a helper method to ever so slightly reduce duplication.
2024-02-12 04:10:27 +09:00
if (request.url === "/test/pdfs/basicapi.pdf?cors=withoutCredentials") {
response.setHeader("Access-Control-Allow-Origin", request.headers.origin);
Add test for withCredentials option
2017-08-31 21:08:22 +09:00
}
}
[ESM] Convert *most* of `test`-folder to use standard modules
2023-07-08 19:44:37 +09:00
export { WebServer };
Reference in New Issue Copy Permalink