Skip to content

Commit 1c96dd7

Browse files
rarinugrahararinugraha
authored
fix: use platform independent absolute path algorithm
hibiken#298
1 parent d1b8894 commit 1c96dd7

File tree

1 file changed

+8
-12
lines changed

1 file changed

+8
-12
lines changed

static.go

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ import (
66
"html/template"
77
"io/fs"
88
"net/http"
9-
"path/filepath"
9+
"path"
1010
"strings"
1111
)
1212

@@ -29,11 +29,7 @@ type uiAssetsHandler struct {
2929
// serve the file specified by the URL path.
3030
func (h *uiAssetsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
3131
// Get the absolute path to prevent directory traversal.
32-
path, err := filepath.Abs(r.URL.Path)
33-
if err != nil {
34-
http.Error(w, err.Error(), http.StatusBadRequest)
35-
return
36-
}
32+
path := path.Clean(r.URL.Path)
3733

3834
// Get the path relative to the root path.
3935
if !strings.HasPrefix(path, h.rootPath) {
@@ -49,7 +45,7 @@ func (h *uiAssetsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
4945
}
5046

5147
func (h *uiAssetsHandler) indexFilePath() string {
52-
return filepath.Join(h.staticDirPath, h.indexFileName)
48+
return path.Join(h.staticDirPath, h.indexFileName)
5349
}
5450

5551
func (h *uiAssetsHandler) renderIndexFile(w http.ResponseWriter) error {
@@ -78,15 +74,15 @@ func (h *uiAssetsHandler) renderIndexFile(w http.ResponseWriter) error {
7874
// and serves if a file is found.
7975
// If a requested file is not found in the filesystem, it serves the index file to
8076
// make sure when user refreshes the page in SPA things still work.
81-
func (h *uiAssetsHandler) serveFile(w http.ResponseWriter, path string) (code int, err error) {
82-
if path == "/" || path == "" {
77+
func (h *uiAssetsHandler) serveFile(w http.ResponseWriter, urlPath string) (code int, err error) {
78+
if urlPath == "/" || urlPath == "" {
8379
if err := h.renderIndexFile(w); err != nil {
8480
return http.StatusInternalServerError, err
8581
}
8682
return http.StatusOK, nil
8783
}
88-
path = filepath.Join(h.staticDirPath, path)
89-
bytes, err := h.contents.ReadFile(path)
84+
urlPath = path.Join(h.staticDirPath, urlPath)
85+
bytes, err := h.contents.ReadFile(urlPath)
9086
if err != nil {
9187
// If path is error (e.g. file not exist, path is a directory), serve index file.
9288
var pathErr *fs.PathError
@@ -101,7 +97,7 @@ func (h *uiAssetsHandler) serveFile(w http.ResponseWriter, path string) (code in
10197
// Setting the MIME type for .js files manually to application/javascript as
10298
// http.DetectContentType is using https://mimesniff.spec.whatwg.org/ which
10399
// will not recognize application/javascript for security reasons.
104-
if strings.HasSuffix(path, ".js") {
100+
if strings.HasSuffix(urlPath, ".js") {
105101
w.Header().Add("Content-Type", "application/javascript; charset=utf-8")
106102
} else {
107103
w.Header().Add("Content-Type", http.DetectContentType(bytes))

0 commit comments

Comments
 (0)