diff --git a/src/node/hooks/express/padurlsanitize.ts b/src/node/hooks/express/padurlsanitize.ts index c5dced8a5..26468f32b 100644 --- a/src/node/hooks/express/padurlsanitize.ts +++ b/src/node/hooks/express/padurlsanitize.ts @@ -7,12 +7,11 @@ const padManager = require('../../db/PadManager'); exports.expressCreateServer = (hookName:string, args:ArgsExpressType, cb:Function) => { // redirects browser to the pad's sanitized url if needed. otherwise, renders the html args.app.use(async (req, res, next) => { - console.log("Hier gehe ich durch") - const possiblePad = req.params.pad + const possiblePad = decodeURIComponent(req.params.pad) try { if (!possiblePad) { - next() + return next() } // ensure the padname is valid and the url doesn't end with a / if (!padManager.isValidPadId(possiblePad) || /\/$/.test(req.url)) { @@ -24,13 +23,14 @@ exports.expressCreateServer = (hookName:string, args:ArgsExpressType, cb:Functio if (sanitizedPadId === possiblePad) { // the pad id was fine, so just render it - next(); + return next(); } else { // the pad id was sanitized, so we redirect to the sanitized version const realURL = encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search; res.header('Location', realURL); res.status(302).send(`You should be redirected to ${realURL}`); + return } } catch (e) { diff --git a/src/node/hooks/express/static.ts b/src/node/hooks/express/static.ts index 03c421ea9..41ada0c11 100644 --- a/src/node/hooks/express/static.ts +++ b/src/node/hooks/express/static.ts @@ -6,6 +6,7 @@ import {PartType} from "../../types/PartType"; const fs = require('fs').promises; import {minify} from '../../utils/Minify'; import path from 'node:path'; +import {ArgsExpressType} from "../../types/ArgsExpressType"; const plugins = require('../../../static/js/pluginfw/plugin_defs'); const settings = require('../../utils/Settings'); @@ -30,7 +31,7 @@ const getTar = async () => { return tar; }; -exports.expressPreSession = async (hookName:string, {app}:any) => { +exports.expressPreSession = async (hookName:string, {app}:ArgsExpressType) => { // Minify will serve static files compressed (minify enabled). It also has // file-specific hacks for ace/require-kernel/etc. @@ -39,7 +40,7 @@ exports.expressPreSession = async (hookName:string, {app}:any) => { // serve plugin definitions // not very static, but served here so that client can do // require("pluginfw/static/js/plugin-definitions.js"); - app.get('/pluginfw/plugin-definitions.json', (req: any, res:any, next:Function) => { + app.get('/pluginfw/plugin-definitions.json', (req, res, next) => { const clientParts = plugins.parts.filter((part: PartType) => part.client_hooks != null); const clientPlugins:MapArrayType = {}; for (const name of new Set(clientParts.map((part: PartType) => part.plugin))) { @@ -50,7 +51,6 @@ exports.expressPreSession = async (hookName:string, {app}:any) => { } res.setHeader('Content-Type', 'application/json; charset=utf-8'); res.setHeader('Cache-Control', `public, max-age=${settings.maxAge}`); - res.write(JSON.stringify({plugins: clientPlugins, parts: clientParts})); - res.end(); + res.json({plugins: clientPlugins, parts: clientParts}); }); }; diff --git a/src/node/hooks/express/webaccess.ts b/src/node/hooks/express/webaccess.ts index 90de79100..837563a2f 100644 --- a/src/node/hooks/express/webaccess.ts +++ b/src/node/hooks/express/webaccess.ts @@ -72,7 +72,9 @@ const checkAccess = async (req:any, res:any, next: Function) => { (r) => (skip || (r != null && r.filter((x) => (!requireAdmin || !x)).length > 0))) as boolean[]; } catch (err:any) { httpLogger.error(`Error in preAuthorize hook: ${err.stack || err.toString()}`); - if (!skip) res.status(500).send('Internal Server Error'); + if (!skip) { + res.status(500).send('Internal Server Error'); + } return; } if (skip) return;