Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/issue#1692 #1778

Merged
merged 21 commits into from
Apr 3, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 12 additions & 21 deletions lib/ldp.js
Original file line number Diff line number Diff line change
@@ -145,23 +145,24 @@ class LDP {

const ldp = this
debug.handlers('POST -- On parent: ' + containerPath)
// prepare slug
if (container) {
// Containers should not receive an extension
extension = ''
}
// pepare slug
if (slug) {
if (this.isAuxResource(slug, extension)) throw error(403, 'POST is not allowed for auxiliary resources')
if (this._containsInvalidSuffixes(slug)) {
throw error(400, `${slug} is an invalid file path`)
}
slug = decodeURIComponent(slug)

if (container) {
// the name of a container cannot be a valid auxiliary resource document
if (this._containsInvalidSuffixes(slug + '/')) slug = slug.split('.')[0]
zg009 marked this conversation as resolved.
Show resolved Hide resolved
} else if (this.isAuxResource(slug, extension)) throw error(403, 'POST is not allowed for auxiliary resources')
zg009 marked this conversation as resolved.
Show resolved Hide resolved

if (slug.match(/\/|\||:/)) {
throw error(400, 'The name of new file POSTed may not contain : | or /')
zg009 marked this conversation as resolved.
Show resolved Hide resolved
}
}

// Containers should not receive an extension
if (container) {
extension = ''
}

// always return a valid URL.
const resourceUrl = await ldp.getAvailableUrl(hostname, containerPath, { slug, extension, container })
debug.handlers('POST -- Will create at: ' + resourceUrl)
@@ -338,17 +339,7 @@ class LDP {
* @returns {boolean} true is fail - if the path contains reserved suffixes
*/
_containsInvalidSuffixes (path) {
// if it is a container, no suffix so remove last slash
if (path.endsWith('/')) {
path = path.slice(0, -1)
} else {
// this is a resource, so it either ends with an extension, or just text
const lastFullStop = path.lastIndexOf('.')
if (lastFullStop !== -1) { // contains at least one full stop
path = path.slice(0, lastFullStop)
}
}
return AUXILIARY_RESOURCES.some(suffix => path.includes(suffix))
return AUXILIARY_RESOURCES.some(suffix => path.endsWith(suffix + '/'))
}

// check whether a document (or container) has the same name as another document (or container)
374 changes: 43 additions & 331 deletions package-lock.json

Large diffs are not rendered by default.

39 changes: 30 additions & 9 deletions test/integration/http-test.js
Original file line number Diff line number Diff line change
@@ -335,7 +335,7 @@ describe('HTTP APIs', function () {
server.get('/invalidfile.foo')
.expect(404, done)
})
it('should return 404 for non-existent container', function (done) { // alain
it('should return 404 for non-existent container', function (done) {
server.get('/inexistant/')
.expect('Accept-Put', 'text/turtle')
.expect(404, done)
@@ -891,12 +891,12 @@ describe('HTTP APIs', function () {
.set('content-type', 'text/turtle')
.expect(403, done)
})
it('should error with 400 if slug contains invalid suffix', function (done) {
it('should not error with 400 if slug contains invalid suffix', function (done) { // TODO find better name
zg009 marked this conversation as resolved.
Show resolved Hide resolved
server.post('/post-tests/')
.set('slug', 'put-resource.acl.ttl')
.send(postRequest1Body)
.set('content-type', 'text-turtle')
.expect(400, done)
.expect(201, done)
})
it('should error with 400 if the body is empty and no content type is provided', function (done) {
server.post('/post-tests/')
@@ -959,19 +959,40 @@ describe('HTTP APIs', function () {
.set('slug', 'loans.ttl')
.set('link', '<http://www.w3.org/ns/ldp#BasicContainer>; rel="type"')
.send(postRequest2Body)
.expect('location', /\/post-tests\/loans.ttl\//)
.expect(201)
.end(function (err) {
.end((err, res) => {
if (err) return done(err)
const stats = fs.statSync(path.join(__dirname, '../resources/post-tests/loans.ttl/'))
if (!stats.isDirectory()) {
return done(new Error('Cannot read container just created'))
try {
postLocation = res.headers.location
console.log('location ' + postLocation)
const createdDir = fs.statSync(path.join(__dirname, '../resources', postLocation.slice(0, -1)))
assert(createdDir.isDirectory(), 'Container should have been created')
} catch (err) {
return done(err)
}
done()
})
})
it('should be able to access newly container', function (done) {
server.get('/post-tests/loans.ttl/')
.expect('content-type', /text\/turtle/)
console.log(postLocation)
server.get(postLocation)
// .expect('content-type', /text\/turtle/)
.expect(200, done)
})
it('should create container', function (done) {
server.post('/post-tests/')
.set('content-type', 'text/turtle')
.set('slug', 'loans.acl')
.set('link', '<http://www.w3.org/ns/ldp#BasicContainer>; rel="type"')
.send(postRequest2Body)
.expect('location', /\/post-tests\/loans\//)
.expect(201, done)
})
it('should be able to access newly container', function (done) {
console.log(postLocation)
server.get(postLocation)
// .expect('content-type', /text\/turtle/)
.expect(200, done)
})
it('should create a new slug if there is a container with same name', function (done) {
2 changes: 1 addition & 1 deletion test/integration/patch-test.js
Original file line number Diff line number Diff line change
@@ -138,7 +138,7 @@ describe('PATCH through text/n3', () => {
solid:inserts { <x> <y> <z>. }.`
}, {
status: 400,
text: '/foo/bar.acl/test.n3 contained reserved suffixes in path'
text: 'contained reserved suffixes in path'
}))

describe('on a resource with read-only access', describePatch({