mirror of
				https://github.com/zadam/trilium.git
				synced 2025-10-26 17:18:53 +01:00 
			
		
		
		
	feat(server): lint for trailing slashes in sync URL and extra slashes in customRequestHandler
This commit is contained in:
		
							parent
							
								
									2c87721953
								
							
						
					
					
						commit
						0fe89115d1
					
				| @ -5,7 +5,7 @@ import cls from "../services/cls.js"; | ||||
| import sql from "../services/sql.js"; | ||||
| import becca from "../becca/becca.js"; | ||||
| import type { Request, Response, Router } from "express"; | ||||
| import { safeExtractMessageAndStackFromError } from "../services/utils.js"; | ||||
| import { safeExtractMessageAndStackFromError, normalizeCustomHandlerPattern } from "../services/utils.js"; | ||||
| 
 | ||||
| function handleRequest(req: Request, res: Response) { | ||||
| 
 | ||||
| @ -38,16 +38,24 @@ function handleRequest(req: Request, res: Response) { | ||||
|             continue; | ||||
|         } | ||||
| 
 | ||||
|         const regex = new RegExp(`^${attr.value}$`); | ||||
|         let match; | ||||
|         // Get normalized patterns to handle both trailing slash cases
 | ||||
|         const patterns = normalizeCustomHandlerPattern(attr.value); | ||||
|         let match = null; | ||||
| 
 | ||||
|         // Try each pattern until we find a match
 | ||||
|         for (const pattern of patterns) { | ||||
|             try { | ||||
|                 const regex = new RegExp(`^${pattern}$`); | ||||
|                 match = path.match(regex); | ||||
|                 if (match) { | ||||
|                     break; // Found a match, exit pattern loop
 | ||||
|                 } | ||||
|             } catch (e: unknown) { | ||||
|                 const [errMessage, errStack] = safeExtractMessageAndStackFromError(e); | ||||
|             log.error(`Testing path for label '${attr.attributeId}', regex '${attr.value}' failed with error: ${errMessage}, stack: ${errStack}`); | ||||
|                 log.error(`Testing path for label '${attr.attributeId}', regex '${pattern}' failed with error: ${errMessage}, stack: ${errStack}`); | ||||
|                 continue; | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         if (!match) { | ||||
|             continue; | ||||
|  | ||||
| @ -2,6 +2,7 @@ | ||||
| 
 | ||||
| import optionService from "./options.js"; | ||||
| import config from "./config.js"; | ||||
| import { normalizeUrl } from "./utils.js"; | ||||
| 
 | ||||
| /* | ||||
|  * Primary configuration for sync is in the options (document), but we allow to override | ||||
| @ -17,7 +18,10 @@ function get(name: keyof typeof config.Sync) { | ||||
| export default { | ||||
|     // env variable is the easiest way to guarantee we won't overwrite prod data during development
 | ||||
|     // after copying prod document/data directory
 | ||||
|     getSyncServerHost: () => get("syncServerHost"), | ||||
|     getSyncServerHost: () => { | ||||
|         const host = get("syncServerHost"); | ||||
|         return host ? normalizeUrl(host) : host; | ||||
|     }, | ||||
|     isSyncSetup: () => { | ||||
|         const syncServerHost = get("syncServerHost"); | ||||
| 
 | ||||
|  | ||||
| @ -375,6 +375,85 @@ export function safeExtractMessageAndStackFromError(err: unknown): [errMessage: | ||||
|     return (err instanceof Error) ? [err.message, err.stack] as const : ["Unknown Error", undefined] as const; | ||||
| } | ||||
| 
 | ||||
| /** | ||||
|  * Normalizes URL by removing trailing slashes and fixing double slashes. | ||||
|  * Preserves the protocol (http://, https://) but removes trailing slashes from the rest.
 | ||||
|  *  | ||||
|  * @param url The URL to normalize | ||||
|  * @returns The normalized URL without trailing slashes | ||||
|  */ | ||||
| export function normalizeUrl(url: string): string { | ||||
|     if (!url || typeof url !== 'string') { | ||||
|         return url; | ||||
|     } | ||||
| 
 | ||||
|     // Trim whitespace
 | ||||
|     url = url.trim(); | ||||
|      | ||||
|     if (!url) { | ||||
|         return url; | ||||
|     } | ||||
| 
 | ||||
|     // Remove trailing slash, but preserve protocol
 | ||||
|     if (url.endsWith('/') && !url.match(/^https?:\/\/$/)) { | ||||
|         url = url.slice(0, -1); | ||||
|     } | ||||
|      | ||||
|     // Fix double slashes (except in protocol)
 | ||||
|     url = url.replace(/([^:]\/)\/+/g, '$1'); | ||||
|      | ||||
|     return url; | ||||
| } | ||||
| 
 | ||||
| /** | ||||
|  * Normalizes a path pattern for custom request handlers. | ||||
|  * Ensures both trailing slash and non-trailing slash versions are handled. | ||||
|  *  | ||||
|  * @param pattern The original pattern from customRequestHandler attribute | ||||
|  * @returns An array of patterns to match both with and without trailing slash | ||||
|  */ | ||||
| export function normalizeCustomHandlerPattern(pattern: string): string[] { | ||||
|     if (!pattern || typeof pattern !== 'string') { | ||||
|         return [pattern]; | ||||
|     } | ||||
| 
 | ||||
|     pattern = pattern.trim(); | ||||
|      | ||||
|     if (!pattern) { | ||||
|         return [pattern]; | ||||
|     } | ||||
| 
 | ||||
|     // If pattern already ends with optional trailing slash, return as-is
 | ||||
|     if (pattern.endsWith('/?$') || pattern.endsWith('/?)')) { | ||||
|         return [pattern]; | ||||
|     } | ||||
| 
 | ||||
|     // If pattern ends with $, handle it specially
 | ||||
|     if (pattern.endsWith('$')) { | ||||
|         const basePattern = pattern.slice(0, -1); | ||||
|          | ||||
|         // If already ends with slash, create both versions
 | ||||
|         if (basePattern.endsWith('/')) { | ||||
|             const withoutSlash = basePattern.slice(0, -1) + '$'; | ||||
|             const withSlash = pattern; | ||||
|             return [withoutSlash, withSlash]; | ||||
|         } else { | ||||
|             // Add optional trailing slash
 | ||||
|             const withSlash = basePattern + '/?$'; | ||||
|             return [withSlash]; | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     // For patterns without $, add both versions
 | ||||
|     if (pattern.endsWith('/')) { | ||||
|         const withoutSlash = pattern.slice(0, -1); | ||||
|         return [withoutSlash, pattern]; | ||||
|     } else { | ||||
|         const withSlash = pattern + '/'; | ||||
|         return [pattern, withSlash]; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| export default { | ||||
|     compareVersions, | ||||
| @ -400,6 +479,8 @@ export default { | ||||
|     md5, | ||||
|     newEntityId, | ||||
|     normalize, | ||||
|     normalizeCustomHandlerPattern, | ||||
|     normalizeUrl, | ||||
|     quoteRegex, | ||||
|     randomSecureToken, | ||||
|     randomString, | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 perf3ct
						perf3ct