Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@tus/server

Package Overview
Dependencies
Maintainers
3
Versions
20
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@tus/server - npm Package Compare versions

Comparing version 1.0.0-beta.4 to 1.0.0-beta.5

dist/validators/HeaderValidator.d.ts

3

dist/handlers/BaseHandler.js

@@ -27,2 +27,3 @@ "use strict";

generateUrl(req, id) {
id = encodeURIComponent(id);
const forwarded = req.headers.forwarded;

@@ -59,5 +60,5 @@ const path = this.options.path === '/' ? '' : this.options.path;

}
return match[1];
return decodeURIComponent(match[1]);
}
}
exports.BaseHandler = BaseHandler;

@@ -10,3 +10,3 @@ "use strict";

const models_1 = require("../models");
const RequestValidator_1 = require("../validators/RequestValidator");
const HeaderValidator_1 = require("../validators/HeaderValidator");
const constants_1 = require("../constants");

@@ -50,8 +50,10 @@ const log = (0, debug_1.default)('tus-node-server:handlers:post');

let metadata;
try {
metadata = models_1.Metadata.parse(upload_metadata);
if ('upload-metadata' in req.headers) {
try {
metadata = models_1.Metadata.parse(upload_metadata);
}
catch {
throw constants_1.ERRORS.INVALID_METADATA;
}
}
catch (error) {
throw constants_1.ERRORS.INVALID_METADATA;
}
const upload = new models_1.Upload({

@@ -79,3 +81,3 @@ id,

// The request MIGHT include a Content-Type header when using creation-with-upload extension
if (!RequestValidator_1.RequestValidator.isInvalidHeader('content-type', req.headers['content-type'])) {
if ((0, HeaderValidator_1.validateHeader)('content-type', req.headers['content-type'])) {
newOffset = await this.store.write(req, upload.id, 0);

@@ -82,0 +84,0 @@ headers['Upload-Offset'] = newOffset.toString();

import { Upload } from './Upload';
export declare function validateKey(key: string): boolean;
export declare function validateValue(value: string): boolean;
export declare function parse(str?: string): Record<string, string | null> | undefined;
export declare function parse(str?: string): Record<string, string | null>;
export declare function stringify(metadata: NonNullable<Upload['metadata']>): string;

@@ -31,4 +31,4 @@ "use strict";

const meta = {};
if (!str) {
return undefined;
if (!str || str.trim().length === 0) {
throw new Error('Metadata string is not valid');
}

@@ -35,0 +35,0 @@ for (const pair of str.split(',')) {

@@ -16,3 +16,3 @@ "use strict";

const DeleteHandler_1 = require("./handlers/DeleteHandler");
const RequestValidator_1 = require("./validators/RequestValidator");
const HeaderValidator_1 = require("./validators/HeaderValidator");
const constants_1 = require("./constants");

@@ -114,3 +114,3 @@ const log = (0, debug_1.default)('tus-node-server');

}
if (RequestValidator_1.RequestValidator.isInvalidHeader(header_name, req.headers[header_name])) {
if (!(0, HeaderValidator_1.validateHeader)(header_name, req.headers[header_name])) {
log(`Invalid ${header_name} header: ${req.headers[header_name]}`);

@@ -117,0 +117,0 @@ invalid_headers.push(header_name);

@@ -7,2 +7,4 @@ export declare const RequestValidator: {

_invalidXRequestedWithHeader(): boolean;
_invalidXForwardedHostHeader(): boolean;
_invalidXForwardedProtoHeader(value: string): boolean;
_invalidTusVersionHeader(value: string): boolean;

@@ -9,0 +11,0 @@ _invalidTusResumableHeader(value: string): boolean;

@@ -33,2 +33,8 @@ "use strict";

},
_invalidXForwardedHostHeader() {
return false;
},
_invalidXForwardedProtoHeader(value) {
return !['http', 'https'].includes(value);
},
_invalidTusVersionHeader(value) {

@@ -35,0 +41,0 @@ // @ts-expect-error we can compare a literal

{
"$schema": "https://json.schemastore.org/package.json",
"name": "@tus/server",
"version": "1.0.0-beta.4",
"version": "1.0.0-beta.5",
"description": "Tus resumable upload protocol in Node.js",

@@ -6,0 +6,0 @@ "main": "dist/index.js",

@@ -5,3 +5,3 @@ # `@tus/server`

> The old package, `tus-node-server`, is considered unstable and will only receive security fixes.
> Make sure to use the new package, currently in beta at `1.0.0-beta.2`.
> Make sure to use the new package, currently in beta at `1.0.0-beta.5`.

@@ -8,0 +8,0 @@ ## Contents

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc