create separate function for path checking

This commit is contained in:
Brian Gough 2017-03-21 11:29:37 +00:00
parent 3bd919b3eb
commit 54bdc8fed0
4 changed files with 45 additions and 20 deletions

View file

@ -75,19 +75,22 @@ module.exports = ResourceWriter =
callback()
_writeResourceToDisk: (project_id, resource, basePath, callback = (error) ->) ->
path = Path.normalize(Path.join(basePath, resource.path))
ResourceWriter.checkPath basePath, resource.path, (error, path) ->
return callback(error) if error?
mkdirp Path.dirname(path), (error) ->
return callback(error) if error?
# TODO: Don't overwrite file if it hasn't been modified
if resource.url?
UrlCache.downloadUrlToFile project_id, resource.url, path, resource.modified, (err)->
if err?
logger.err err:err, project_id:project_id, path:path, resource_url:resource.url, modified:resource.modified, "error downloading file for resources"
callback() #try and continue compiling even if http resource can not be downloaded at this time
else
fs.writeFile path, resource.content, callback
checkPath: (basePath, resourcePath, callback) ->
path = Path.normalize(Path.join(basePath, resourcePath))
if (path.slice(0, basePath.length) != basePath)
return callback new Error("resource path is outside root directory")
mkdirp Path.dirname(path), (error) ->
return callback(error) if error?
# TODO: Don't overwrite file if it hasn't been modified
if resource.url?
UrlCache.downloadUrlToFile project_id, resource.url, path, resource.modified, (err)->
if err?
logger.err err:err, project_id:project_id, path:path, resource_url:resource.url, modified:resource.modified, "error downloading file for resources"
callback() #try and continue compiling even if http resource can not be downloaded at this time
else
fs.writeFile path, resource.content, callback
else
return callback(null, path)

View file

@ -1,5 +1,6 @@
fs = require "fs"
Path = require "path"
ResourceWriter = require "./ResourceWriter"
logger = require "logger-sharelatex"
# for \tikzexternalize to work the main file needs to match the
@ -30,8 +31,10 @@ module.exports = TikzManager =
return false
injectOutputFile: (compileDir, mainFile, callback = (error) ->) ->
fs.readFile Path.join(compileDir, mainFile), "utf8", (error, content) ->
ResourceWriter.checkPath compileDir, mainFile, (error, path) ->
return callback(error) if error?
logger.log compileDir: compileDir, mainFile: mainFile, "copied file to ouput.tex for tikz"
# use wx flag to ensure that output file does not already exist
fs.writeFile Path.join(compileDir, "output.tex"), content, {flag:'wx'}, callback
fs.readFile path, "utf8", (error, content) ->
return callback(error) if error?
logger.log compileDir: compileDir, mainFile: mainFile, "copied file to ouput.tex for tikz"
# use wx flag to ensure that output file does not already exist
fs.writeFile Path.join(compileDir, "output.tex"), content, {flag:'wx'}, callback

View file

@ -157,6 +157,19 @@ describe "ResourceWriter", ->
.calledWith(new Error("resource path is outside root directory"))
.should.equal true
describe "checkPath", ->
describe "with a valid path", ->
beforeEach ->
@ResourceWriter.checkPath("foo", "bar", @callback)
it "should return the joined path", ->
@callback.calledWith(null, "foo/bar")
.should.equal true
describe "with an invalid path", ->
beforeEach ->
@ResourceWriter.checkPath("foo", "baz/../../bar", @callback)
it "should return an error", ->
@callback.calledWith(new Error("resource path is outside root directory"))
.should.equal true

View file

@ -6,6 +6,7 @@ modulePath = require('path').join __dirname, '../../../app/js/TikzManager'
describe 'TikzManager', ->
beforeEach ->
@TikzManager = SandboxedModule.require modulePath, requires:
"./ResourceWriter": @ResourceWriter = {}
"fs": @fs = {}
"logger-sharelatex": @logger = {log: () ->}
@ -49,8 +50,13 @@ describe 'TikzManager', ->
'''
@fs.readFile = sinon.stub().callsArgWith(2, null, @content)
@fs.writeFile = sinon.stub().callsArg(3)
@ResourceWriter.checkPath = sinon.stub().callsArgWith(2, null, "#{@rootDir}/#{@filename}")
@TikzManager.injectOutputFile @rootDir, @filename, @callback
it "sould check the path", ->
@ResourceWriter.checkPath.calledWith(@rootDir, @filename)
.should.equal true
it "should read the file", ->
@fs.readFile
.calledWith("#{@rootDir}/#{@filename}", "utf8")