From 74af30ec057c607c2223b041aebcf3b15baebab6 Mon Sep 17 00:00:00 2001 From: Vuk7912 Date: Wed, 11 Jun 2025 18:21:30 +0000 Subject: [PATCH 1/5] Start draft PR From 446fe84a0a3949bf33b321d5e9ec0a35d732ffda Mon Sep 17 00:00:00 2001 From: Vuk7912 Date: Wed, 11 Jun 2025 18:21:42 +0000 Subject: [PATCH 2/5] Add .gitignore with standard exclusions --- .gitignore | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..67bbd14 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +node_modules/ +dist/ +.env +__pycache__/ +*.log +.DS_Store +coverage/ +.nyc_output/ \ No newline at end of file From f0f5c026c2eb0c6e34c77659c37a9a030aa220e8 Mon Sep 17 00:00:00 2001 From: Vuk7912 Date: Wed, 11 Jun 2025 18:21:52 +0000 Subject: [PATCH 3/5] Add CDN configuration with path validation --- src/config/cdn.ts | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 src/config/cdn.ts diff --git a/src/config/cdn.ts b/src/config/cdn.ts new file mode 100644 index 0000000..aa58ee9 --- /dev/null +++ b/src/config/cdn.ts @@ -0,0 +1,35 @@ +import path from 'path'; + +/** + * Configuration for CDN file storage + */ +export const CDN_CONFIG = { + /** + * Root directory for CDN files + * Uses an absolute path resolved from the project root + */ + ROOT_DIR: path.resolve(process.cwd(), 'cdn_files'), + + /** + * Validate if the provided path is within the CDN directory + * @param filePath - Path to validate + * @returns boolean indicating if the path is valid + */ + isValidPath(filePath: string): boolean { + const normalizedPath = path.normalize(filePath); + const resolvedPath = path.resolve(this.ROOT_DIR, normalizedPath); + return resolvedPath.startsWith(this.ROOT_DIR); + }, + + /** + * Get the full path for a file in the CDN + * @param relativePath - Relative path within the CDN directory + * @returns Full absolute path to the file + */ + getFullPath(relativePath: string): string { + if (!this.isValidPath(relativePath)) { + throw new Error('Invalid file path'); + } + return path.resolve(this.ROOT_DIR, relativePath); + } +}; \ No newline at end of file From 87a623fe21e74ed7f6319279f5fdba1a64e124ab Mon Sep 17 00:00:00 2001 From: Vuk7912 Date: Wed, 11 Jun 2025 18:22:01 +0000 Subject: [PATCH 4/5] Add tests for CDN configuration --- src/config/__tests__/cdn.test.ts | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 src/config/__tests__/cdn.test.ts diff --git a/src/config/__tests__/cdn.test.ts b/src/config/__tests__/cdn.test.ts new file mode 100644 index 0000000..57507e5 --- /dev/null +++ b/src/config/__tests__/cdn.test.ts @@ -0,0 +1,38 @@ +import { describe, it, expect } from 'vitest'; +import path from 'path'; +import { CDN_CONFIG } from '../cdn'; + +describe('CDN Configuration', () => { + const rootDir = CDN_CONFIG.ROOT_DIR; + + it('should have a valid root directory', () => { + expect(rootDir).toBeTruthy(); + expect(path.isAbsolute(rootDir)).toBe(true); + expect(path.basename(rootDir)).toBe('cdn_files'); + }); + + describe('isValidPath', () => { + it('should allow paths within the CDN directory', () => { + expect(CDN_CONFIG.isValidPath('file.txt')).toBe(true); + expect(CDN_CONFIG.isValidPath('subdir/file.txt')).toBe(true); + }); + + it('should prevent directory traversal', () => { + expect(CDN_CONFIG.isValidPath('../outside.txt')).toBe(false); + expect(CDN_CONFIG.isValidPath('/etc/passwd')).toBe(false); + expect(CDN_CONFIG.isValidPath('../../sensitive.txt')).toBe(false); + }); + }); + + describe('getFullPath', () => { + it('should return full path for valid relative paths', () => { + const fullPath = CDN_CONFIG.getFullPath('example.txt'); + expect(fullPath).toBe(path.resolve(rootDir, 'example.txt')); + }); + + it('should throw error for invalid paths', () => { + expect(() => CDN_CONFIG.getFullPath('../outside.txt')) + .toThrow('Invalid file path'); + }); + }); +}); \ No newline at end of file From 19b2c34e290c3939aa4eeaa2ae4bee4e780b0578 Mon Sep 17 00:00:00 2001 From: riksnelders Date: Wed, 11 Jun 2025 19:41:40 +0000 Subject: [PATCH 5/5] Start draft PR