diff --git a/lib/controllers/base.js b/lib/controllers/base.js index f18cc34..f9a7fbb 100644 --- a/lib/controllers/base.js +++ b/lib/controllers/base.js @@ -104,10 +104,12 @@ Controller.prototype.renderHTML = function(status, file, locals) { body = this.readFile(viewDir + file); locals = locals || {}; + locals.basePath = this.server._basePath; var globals = { scheme: this.request.secure ? 'https' : 'http', host: this.getHost(), + basePath: this.server._basePath, title: locals.title || '', signup: this.server._allow.signup, body: ejs.render(body.toString(), locals) diff --git a/lib/controllers/web_finger.js b/lib/controllers/web_finger.js index dfd0b76..58a4652 100644 --- a/lib/controllers/web_finger.js +++ b/lib/controllers/web_finger.js @@ -77,7 +77,7 @@ WebFinger.prototype.getOrigin = function() { var scheme = (this.request.secure || this.server._forceSSL) ? 'https' : 'http', host = this.request.headers['x-forwarded-host'] || this.request.headers.host; - return scheme + '://' + host; + return scheme + '://' + host + this.server._basePath; }; module.exports = WebFinger; diff --git a/lib/restore.js b/lib/restore.js index 9d65164..bb7ea60 100644 --- a/lib/restore.js +++ b/lib/restore.js @@ -23,6 +23,7 @@ var Restore = function(options) { this._fileCache = {}; this._allow = options.allow || {}; this._cacheViews = options.cacheViews !== false; + this._basePath = options.basePath || '' var self = this; @@ -91,10 +92,19 @@ Restore.prototype.handle = function(request, response) { Restore.prototype.dispatch = function(request, response) { var method = request.method.toUpperCase(), uri = url.parse(request.url, true), - match = null; + match = null, + startBasePath = new RegExp('^\/?' + this._basePath + '\/?'); request.secure = this.isSecureRequest(request); + if (!uri.pathname.match(startBasePath)) { + response.writeHead(302, {'Location': this._basePath}) + return response.end() + } + + // remove basePath before real path + uri.pathname = uri.pathname.replace(startBasePath, '/') + if (/(^|\/)\.\.(\/|$)/.test(uri.pathname)) { response.writeHead(400, {'Access-Control-Allow-Origin': request.headers.origin || '*'}); return response.end(); diff --git a/lib/views/auth.html b/lib/views/auth.html index f450cfd..10936be 100644 --- a/lib/views/auth.html +++ b/lib/views/auth.html @@ -16,7 +16,7 @@

Authorize

<%= error %>

<% } %> -
+ diff --git a/lib/views/index.html b/lib/views/index.html index c60e47b..f13960a 100644 --- a/lib/views/index.html +++ b/lib/views/index.html @@ -1,4 +1,4 @@ -

+

This is reStore, an open-source remoteStorage server. If you would like diff --git a/lib/views/layout.html b/lib/views/layout.html index 09b56ef..fb22900 100644 --- a/lib/views/layout.html +++ b/lib/views/layout.html @@ -5,7 +5,7 @@ <%= title %> - + @@ -14,8 +14,8 @@

Remote Storage <%= host %>

diff --git a/lib/views/signup.html b/lib/views/signup.html index 894c14b..f4856ee 100644 --- a/lib/views/signup.html +++ b/lib/views/signup.html @@ -1,6 +1,6 @@

Sign up

- + <% if (error) { %>

<%= error.message %>

<% } %>