@tus/server
Advanced tools
Comparing version 1.0.0-beta.4 to 1.0.0-beta.5
@@ -27,2 +27,3 @@ "use strict"; | ||
generateUrl(req, id) { | ||
id = encodeURIComponent(id); | ||
const forwarded = req.headers.forwarded; | ||
@@ -59,5 +60,5 @@ const path = this.options.path === '/' ? '' : this.options.path; | ||
} | ||
return match[1]; | ||
return decodeURIComponent(match[1]); | ||
} | ||
} | ||
exports.BaseHandler = BaseHandler; |
@@ -10,3 +10,3 @@ "use strict"; | ||
const models_1 = require("../models"); | ||
const RequestValidator_1 = require("../validators/RequestValidator"); | ||
const HeaderValidator_1 = require("../validators/HeaderValidator"); | ||
const constants_1 = require("../constants"); | ||
@@ -50,8 +50,10 @@ const log = (0, debug_1.default)('tus-node-server:handlers:post'); | ||
let metadata; | ||
try { | ||
metadata = models_1.Metadata.parse(upload_metadata); | ||
if ('upload-metadata' in req.headers) { | ||
try { | ||
metadata = models_1.Metadata.parse(upload_metadata); | ||
} | ||
catch { | ||
throw constants_1.ERRORS.INVALID_METADATA; | ||
} | ||
} | ||
catch (error) { | ||
throw constants_1.ERRORS.INVALID_METADATA; | ||
} | ||
const upload = new models_1.Upload({ | ||
@@ -79,3 +81,3 @@ id, | ||
// The request MIGHT include a Content-Type header when using creation-with-upload extension | ||
if (!RequestValidator_1.RequestValidator.isInvalidHeader('content-type', req.headers['content-type'])) { | ||
if ((0, HeaderValidator_1.validateHeader)('content-type', req.headers['content-type'])) { | ||
newOffset = await this.store.write(req, upload.id, 0); | ||
@@ -82,0 +84,0 @@ headers['Upload-Offset'] = newOffset.toString(); |
import { Upload } from './Upload'; | ||
export declare function validateKey(key: string): boolean; | ||
export declare function validateValue(value: string): boolean; | ||
export declare function parse(str?: string): Record<string, string | null> | undefined; | ||
export declare function parse(str?: string): Record<string, string | null>; | ||
export declare function stringify(metadata: NonNullable<Upload['metadata']>): string; |
@@ -31,4 +31,4 @@ "use strict"; | ||
const meta = {}; | ||
if (!str) { | ||
return undefined; | ||
if (!str || str.trim().length === 0) { | ||
throw new Error('Metadata string is not valid'); | ||
} | ||
@@ -35,0 +35,0 @@ for (const pair of str.split(',')) { |
@@ -16,3 +16,3 @@ "use strict"; | ||
const DeleteHandler_1 = require("./handlers/DeleteHandler"); | ||
const RequestValidator_1 = require("./validators/RequestValidator"); | ||
const HeaderValidator_1 = require("./validators/HeaderValidator"); | ||
const constants_1 = require("./constants"); | ||
@@ -114,3 +114,3 @@ const log = (0, debug_1.default)('tus-node-server'); | ||
} | ||
if (RequestValidator_1.RequestValidator.isInvalidHeader(header_name, req.headers[header_name])) { | ||
if (!(0, HeaderValidator_1.validateHeader)(header_name, req.headers[header_name])) { | ||
log(`Invalid ${header_name} header: ${req.headers[header_name]}`); | ||
@@ -117,0 +117,0 @@ invalid_headers.push(header_name); |
@@ -7,2 +7,4 @@ export declare const RequestValidator: { | ||
_invalidXRequestedWithHeader(): boolean; | ||
_invalidXForwardedHostHeader(): boolean; | ||
_invalidXForwardedProtoHeader(value: string): boolean; | ||
_invalidTusVersionHeader(value: string): boolean; | ||
@@ -9,0 +11,0 @@ _invalidTusResumableHeader(value: string): boolean; |
@@ -33,2 +33,8 @@ "use strict"; | ||
}, | ||
_invalidXForwardedHostHeader() { | ||
return false; | ||
}, | ||
_invalidXForwardedProtoHeader(value) { | ||
return !['http', 'https'].includes(value); | ||
}, | ||
_invalidTusVersionHeader(value) { | ||
@@ -35,0 +41,0 @@ // @ts-expect-error we can compare a literal |
{ | ||
"$schema": "https://json.schemastore.org/package.json", | ||
"name": "@tus/server", | ||
"version": "1.0.0-beta.4", | ||
"version": "1.0.0-beta.5", | ||
"description": "Tus resumable upload protocol in Node.js", | ||
@@ -6,0 +6,0 @@ "main": "dist/index.js", |
@@ -5,3 +5,3 @@ # `@tus/server` | ||
> The old package, `tus-node-server`, is considered unstable and will only receive security fixes. | ||
> Make sure to use the new package, currently in beta at `1.0.0-beta.2`. | ||
> Make sure to use the new package, currently in beta at `1.0.0-beta.5`. | ||
@@ -8,0 +8,0 @@ ## Contents |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
75580
43
1532