v0.1.3
resolves kevmoo/shelf_static.dart#2
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ab741f9..1e16584 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.1.3
+
+* `createStaticHandler` added `serveFilesOutsidePath` optional parameter.
+
## 0.1.2
* The preferred top-level method is now `createStaticHandler`. `getHandler` is deprecated.
diff --git a/lib/shelf_static.dart b/lib/shelf_static.dart
index 52cbc23..1d36ca2 100644
--- a/lib/shelf_static.dart
+++ b/lib/shelf_static.dart
@@ -16,7 +16,12 @@
/// Creates a Shelf [Handler] that serves files from the provided
/// [fileSystemPath].
-Handler createStaticHandler(String fileSystemPath) {
+///
+/// Accessing a path containing symbolic links will succeed only if the resolved
+/// path is within [fileSystemPath]. To allow access to paths outside of
+/// [fileSystemPath], set [serveFilesOutsidePath] to `true`.
+Handler createStaticHandler(String fileSystemPath,
+ {bool serveFilesOutsidePath: false}) {
var rootDir = new Directory(fileSystemPath);
if (!rootDir.existsSync()) {
throw new ArgumentError('A directory corresponding to fileSystemPath '
@@ -41,11 +46,13 @@
return new Response.notFound('Not Found');
}
- var resolvedPath = file.resolveSymbolicLinksSync();
+ if (!serveFilesOutsidePath) {
+ var resolvedPath = file.resolveSymbolicLinksSync();
- // Do not serve a file outside of the original fileSystemPath
- if (!p.isWithin(fileSystemPath, resolvedPath)) {
- return new Response.notFound('Not Found');
+ // Do not serve a file outside of the original fileSystemPath
+ if (!p.isWithin(fileSystemPath, resolvedPath)) {
+ return new Response.notFound('Not Found');
+ }
}
var fileStat = file.statSync();
diff --git a/pubspec.yaml b/pubspec.yaml
index f744db4..ef404f8 100644
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -1,5 +1,5 @@
name: shelf_static
-version: 0.1.2
+version: 0.1.3
author: Kevin Moore <github@j832.com>
description: Static file server support for Shelf
homepage: https://github.com/kevmoo/shelf_static.dart
diff --git a/test/harness_console.dart b/test/harness_console.dart
index a463663..1a2d9e8 100644
--- a/test/harness_console.dart
+++ b/test/harness_console.dart
@@ -6,6 +6,7 @@
import 'basic_file_test.dart' as basic_file;
import 'get_handler_test.dart' as get_handler;
import 'sample_test.dart' as sample;
+import 'symbolic_link_test.dart' as symbolic_link;
void main() {
groupSep = ' - ';
@@ -13,4 +14,5 @@
group('basic_file', basic_file.main);
group('get_handler', get_handler.main);
group('sample', sample.main);
+ group('symbolic_link', symbolic_link.main);
}
diff --git a/test/symbolic_link_test.dart b/test/symbolic_link_test.dart
new file mode 100644
index 0000000..e25dfc1
--- /dev/null
+++ b/test/symbolic_link_test.dart
@@ -0,0 +1,181 @@
+library shelf_static.symbolic_link_test;
+
+import 'dart:io';
+import 'package:path/path.dart' as p;
+import 'package:scheduled_test/descriptor.dart' as d;
+import 'package:scheduled_test/scheduled_test.dart';
+
+import 'package:shelf_static/shelf_static.dart';
+import 'test_util.dart';
+
+void main() {
+ setUp(() {
+ var tempDir;
+ schedule(() {
+ return Directory.systemTemp.createTemp('shelf_static-test-').then((dir) {
+ tempDir = dir;
+ d.defaultRoot = tempDir.path;
+ });
+ });
+
+ d.dir('originals', [
+ d.file('index.html', '<html></html>'),
+ ]).create();
+
+ d.dir('alt_root').create();
+
+ schedule(() {
+ var originalsDir = p.join(d.defaultRoot, 'originals');
+ var originalsIndex = p.join(originalsDir, 'index.html');
+
+ new Link(p.join(d.defaultRoot, 'link_index.html'))
+ .createSync(originalsIndex);
+
+ new Link(p.join(d.defaultRoot, 'link_dir')).createSync(originalsDir);
+
+ new Link(p.join(d.defaultRoot, 'alt_root', 'link_index.html'))
+ .createSync(originalsIndex);
+
+ new Link(p.join(d.defaultRoot, 'alt_root', 'link_dir'))
+ .createSync(originalsDir);
+ });
+
+ currentSchedule.onComplete.schedule(() {
+ d.defaultRoot = null;
+ return tempDir.delete(recursive: true);
+ });
+ });
+
+ group('access outside of root disabled', () {
+ test('access real file', () {
+ schedule(() {
+ var handler = createStaticHandler(d.defaultRoot);
+
+ return makeRequest(handler, '/originals/index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+
+ group('links under root dir', () {
+ test('access sym linked file in real dir', () {
+ schedule(() {
+ var handler = createStaticHandler(d.defaultRoot);
+
+ return makeRequest(handler, '/link_index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+
+ test('access file in sym linked dir', () {
+ schedule(() {
+ var handler = createStaticHandler(d.defaultRoot);
+
+ return makeRequest(handler, '/link_dir/index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+ });
+
+ group('links not under root dir', () {
+ test('access sym linked file in real dir', () {
+ schedule(() {
+ var handler = createStaticHandler(p.join(d.defaultRoot, 'alt_root'));
+
+ return makeRequest(handler, '/link_index.html').then((response) {
+ expect(response.statusCode, HttpStatus.NOT_FOUND);
+ });
+ });
+ });
+
+ test('access file in sym linked dir', () {
+ schedule(() {
+ var handler = createStaticHandler(p.join(d.defaultRoot, 'alt_root'));
+
+ return makeRequest(handler, '/link_dir/index.html').then((response) {
+ expect(response.statusCode, HttpStatus.NOT_FOUND);
+ });
+ });
+ });
+ });
+ });
+
+ group('access outside of root enabled', () {
+ test('access real file', () {
+ schedule(() {
+ var handler = createStaticHandler(d.defaultRoot,
+ serveFilesOutsidePath: true);
+
+ return makeRequest(handler, '/originals/index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+
+ group('links under root dir', () {
+ test('access sym linked file in real dir', () {
+ schedule(() {
+ var handler = createStaticHandler(d.defaultRoot,
+ serveFilesOutsidePath: true);
+
+ return makeRequest(handler, '/link_index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+
+ test('access file in sym linked dir', () {
+ schedule(() {
+ var handler = createStaticHandler(d.defaultRoot,
+ serveFilesOutsidePath: true);
+
+ return makeRequest(handler, '/link_dir/index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+ });
+
+ group('links not under root dir', () {
+ test('access sym linked file in real dir', () {
+ schedule(() {
+ var handler = createStaticHandler(p.join(d.defaultRoot, 'alt_root'),
+ serveFilesOutsidePath: true);
+
+ return makeRequest(handler, '/link_index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+
+ test('access file in sym linked dir', () {
+ schedule(() {
+ var handler = createStaticHandler(p.join(d.defaultRoot, 'alt_root'),
+ serveFilesOutsidePath: true);
+
+ return makeRequest(handler, '/link_dir/index.html').then((response) {
+ expect(response.statusCode, HttpStatus.OK);
+ expect(response.contentLength, 13);
+ expect(response.readAsString(), completion('<html></html>'));
+ });
+ });
+ });
+ });
+ });
+}