UNPKG

shareoverlan

Version:

Simple local file sharing over LAN.

56 lines 2.36 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const path_1 = __importDefault(require("path")); const fs_1 = __importDefault(require("fs")); const DownloadFile = (req, res) => { // Define the safe root directory (project root) const baseDir = path_1.default.resolve(process.cwd()); const nameQuery = req.query.name; if (typeof nameQuery !== 'string') { res.status(400).send("Missing or invalid 'name' query parameter"); return; } const filename = nameQuery; // ✅ Now it's guaranteed to be a string const currentDir = req.query.currentdir || './'; // Default to current directory if not provided if (!filename) { res.status(400).send("Missing or invalid 'name' query parameter"); } if (!currentDir) { res.status(400).send("Missing 'currentdir' query parameter"); return; } // Normalize and resolve the requested path const safeCurrentDir = path_1.default.normalize(currentDir); const resolvedPath = path_1.default.resolve(baseDir, safeCurrentDir, filename); // Security: ensure resolved path is still inside baseDir if (!resolvedPath.startsWith(baseDir)) { console.warn(`Blocked download attempt outside baseDir: ${resolvedPath}`); res.status(403).send("Forbidden"); return; } // Optional: check if file actually exists before sending fs_1.default.access(resolvedPath, fs_1.default.constants.R_OK, (err) => { if (err) { console.error(`File not accessible: ${resolvedPath}`); res.status(404).send("File not found"); return; } // Send file for download res.download(resolvedPath, filename, { dotfiles: "allow" }, (downloadErr) => { if (downloadErr) { if (res.headersSent) { console.error(`Client aborted the request:`, downloadErr); } else { console.error(`Download error:`, downloadErr); res.status(500).send("Error downloading file"); } } }); }); }; exports.default = DownloadFile; //# sourceMappingURL=FileDownload.js.map