'use strict' const express = require('express') const next = require('next') const fs = require('fs') const path = require('path') const sqlite3 = require('sqlite3').verbose() const repositoryDirectory = './user-content-access/' const dbFile = './gitcub.db' const dev = process.env.NODE_ENV !== 'production' const port = 3000 const app = next({ dev }) const handle = app.getRequestHandler() const directoryExists = (path) => fs.existsSync(path) ? fs.statSync(path).isDirectory() : false const repositoryExists = (name, rows) => { return directoryExists(repositoryDirectory + name) && rows.some(x => x.name == name) } app.prepare() .then(() => { const server = express() server.set('view engine', 'pug') server.set('views', './views') var db = new sqlite3.Database(dbFile, sqlite3.OPEN_READWRITE) server.get('*', (req, res) => { db.all('select name from repositories', (err, rows) => { if (req.originalUrl.indexOf('\0') == -1) { let pathNormalized = path.normalize(req.path) let pathArray = pathNormalized.split('/').filter((x) => x.length > 0) let pathIsValid = (pathArray) => { if (pathArray.length > 0) { if (repositoryExists(pathArray[0], rows)) { if (directoryExists(repositoryDirectory + pathArray.join('/'))) { return true } else return false } else return false } else return false } if (pathIsValid(pathArray)) { var dirList = fs.readdirSync(repositoryDirectory + pathArray.join('/'), (err, files) => { if (err) console.log(err) else return files }) res.render('index', { dirList: dirList }) } else res.send('Repository does not exist.') } else res.send('Null byte found in url. Nice try :)') }) }) server.listen(port, () => { console.log(`Example app listening on port ${port}`) }) }) .catch((ex) => { console.error(ex.stack) process.exit(1) })