rely on built-in security checks
This commit is contained in:
parent
b6bdca552b
commit
8c0d6c718d
|
@ -14,10 +14,9 @@ var finalhandler = require('finalhandler');
|
||||||
var serveStatic = require('serve-static');
|
var serveStatic = require('serve-static');
|
||||||
var path = require('path');
|
var path = require('path');
|
||||||
// Allowed characters are a-z,0-9,.,-,_ with TLDs being alpha-only
|
// Allowed characters are a-z,0-9,.,-,_ with TLDs being alpha-only
|
||||||
var hostnameRe = /^[\.a-z0-9_\-]+\.[a-z]+$/i;
|
|
||||||
|
|
||||||
//require('greenlock-express')
|
//var glx = require('greenlock-express')
|
||||||
require('../').create({
|
var glx = require('../').create({
|
||||||
|
|
||||||
// Let's Encrypt v2 is ACME draft 11
|
// Let's Encrypt v2 is ACME draft 11
|
||||||
version: 'draft-11'
|
version: 'draft-11'
|
||||||
|
@ -69,14 +68,9 @@ require('../').create({
|
||||||
, configDir: '~/.config/acme/'
|
, configDir: '~/.config/acme/'
|
||||||
|
|
||||||
, app: function (req, res) {
|
, app: function (req, res) {
|
||||||
|
// SECURITY greenlock pre-sanitizes hostnames to prevent unauthorized fs access
|
||||||
console.log(req.headers.host);
|
console.log(req.headers.host);
|
||||||
var hostname = (req.headers.host||'').toLowerCase().split(':')[0];
|
var hostname = req.headers.host;
|
||||||
// SECURITY sanatize hostname to prevent unauthorized fs access
|
|
||||||
if (!hostnameRe.test(hostname)) {
|
|
||||||
res.statusCode = 404;
|
|
||||||
res.end('Bad Hostname');
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
var serve = serveStatic(path.join(srv, hostname), { redirect: true });
|
var serve = serveStatic(path.join(srv, hostname), { redirect: true });
|
||||||
serve(req, res, finalhandler(req, res));
|
serve(req, res, finalhandler(req, res));
|
||||||
|
@ -87,4 +81,6 @@ require('../').create({
|
||||||
|
|
||||||
//, debug: true
|
//, debug: true
|
||||||
|
|
||||||
}).listen(80, 443);
|
});
|
||||||
|
|
||||||
|
var server = glx.listen(80, 443);
|
||||||
|
|
Loading…
Reference in New Issue