coolaj86/greenlock.js-ARCHIVED
3
3
Fork 0
Code Issues 6 Pull Requests 1 Releases Activity

v2.3.11: update sanitizeHost middleware

Browse Source
This commit is contained in:
AJ ONeal 2018-08-16 20:43:55 -06:00
parent 282f748e77
commit 3562b9ebfb
2 changed files with 33 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
index.js
View File

@ -483,31 +483,43 @@ Greenlock.create = function (gl) {
//var SERVERNAME_RE = /^[a-z0-9\.\-_]+$/; //var SERVERNAME_RE = /^[a-z0-9\.\-_]+$/;
var SERVERNAME_G = /[^a-z0-9\.\-_]/; var SERVERNAME_G = /[^a-z0-9\.\-_]/;
gl.middleware.sanitizeHost = function (req, res, next) { gl.middleware.sanitizeHost = function (app) {
// Get the host:port combo, if it exists return function (req, res, next) {
var host = (req.headers.host||'').split(':'); function realNext() {
if ('function' === typeof app) {
app(req, res);
} else if ('function' === typeof next) {
next();
} else {
res.statusCode = 500;
res.end("Error: no middleware assigned");
}
}
// Get the host:port combo, if it exists
var host = (req.headers.host||'').split(':');
// if not, move along // if not, move along
if (!host[0]) { next(req, res); return; } if (!host[0]) { realNext(); return; }
// if so, remove non-allowed characters // if so, remove non-allowed characters
var safehost = host[0].replace(SERVERNAME_G, ''); var safehost = host[0].replace(SERVERNAME_G, '');
// if there were unallowed characters, complain // if there were unallowed characters, complain
if (!gl.__sni_allow_dangerous_name && safehost.length !== host[0].length) { if (!gl.__sni_allow_dangerous_name && safehost.length !== host[0].length) {
res.statusCode = 400; res.statusCode = 400;
res.end("Malformed HTTP Header: 'Host: " + host[0] + "'"); res.end("Malformed HTTP Header: 'Host: " + host[0] + "'");
return; return;
} }
// make lowercase // make lowercase
if (!gl.__sni_preserve_case) { if (!gl.__sni_preserve_case) {
host[0] = host[0].toLowerCase(); host[0] = host[0].toLowerCase();
req.headers.host = host.join(':'); req.headers.host = host.join(':');
} }
// carry on // carry on
next(req, res); realNext();
};
}; };
return gl; return gl;

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "greenlock", "name": "greenlock",
"version": "2.3.10", "version": "2.3.11",
"description": "Let's Encrypt for node.js on npm", "description": "Let's Encrypt for node.js on npm",
"main": "index.js", "main": "index.js",
"files": [ "files": [