From cd0831790dda2c15c420b133b626cc776a9e5a8f Mon Sep 17 00:00:00 2001 From: Volodymyr Kolosov Date: Wed, 25 Mar 2026 13:24:20 +0000 Subject: [PATCH 1/3] static-server-beta --- package-lock.json | 9 ++--- package.json | 2 +- src/createServer.js | 87 +++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 91 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index e696c03..db0b36a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "devDependencies": { "@faker-js/faker": "^8.4.1", "@mate-academy/eslint-config": "latest", - "@mate-academy/scripts": "^1.8.6", + "@mate-academy/scripts": "^2.1.3", "axios": "^1.7.2", "eslint": "^8.57.0", "eslint-plugin-jest": "^28.6.0", @@ -1485,10 +1485,11 @@ } }, "node_modules/@mate-academy/scripts": { - "version": "1.8.6", - "resolved": "https://registry.npmjs.org/@mate-academy/scripts/-/scripts-1.8.6.tgz", - "integrity": "sha512-b4om/whj4G9emyi84ORE3FRZzCRwRIesr8tJHXa8EvJdOaAPDpzcJ8A0sFfMsWH9NUOVmOwkBtOXDu5eZZ00Ig==", + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/@mate-academy/scripts/-/scripts-2.1.3.tgz", + "integrity": "sha512-a07wHTj/1QUK2Aac5zHad+sGw4rIvcNl5lJmJpAD7OxeSbnCdyI6RXUHwXhjF5MaVo9YHrJ0xVahyERS2IIyBQ==", "dev": true, + "license": "MIT", "dependencies": { "@octokit/rest": "^17.11.2", "@types/get-port": "^4.2.0", diff --git a/package.json b/package.json index 73e02a4..d654180 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "devDependencies": { "@faker-js/faker": "^8.4.1", "@mate-academy/eslint-config": "latest", - "@mate-academy/scripts": "^1.8.6", + "@mate-academy/scripts": "^2.1.3", "axios": "^1.7.2", "eslint": "^8.57.0", "eslint-plugin-jest": "^28.6.0", diff --git a/src/createServer.js b/src/createServer.js index 1cf1dda..6ac9081 100644 --- a/src/createServer.js +++ b/src/createServer.js @@ -1,8 +1,91 @@ 'use strict'; +const http = require('node:http'); +const path = require('node:path'); +const fsp = require('node:fs/promises'); + +const mimeType = { + '.html': 'text/html', + '.css': 'text/css', + '.js': 'application/javascript', + '.json': 'application/json', + '.png': 'image/png', + '.jpg': 'image/jpeg', + '.jpeg': 'image/jpeg', + '.svg': 'image/svg+xml', + '.ico': 'image/x-icon', + '.txt': 'text/plain', +}; + function createServer() { - /* Write your code here */ - // Return instance of http.Server class + return http.createServer(async (req, res) => { + const url = new URL(req.url, `http://${req.headers.host}`); + + if (!url.pathname.startsWith('/file')) { + res.statusCode = 200; + res.setHeader('Content-Type', 'text/plain'); + res.end('Use /file/ to load files'); + + return; + } + + const basePath = path.join(__dirname, '..', 'public'); + const requestPath = url.pathname.replace(/^\/file\/?/, '') || 'index.html'; + const pathToFile = path.normalize(path.join(basePath, requestPath)); + + if (requestPath.includes('//')) { + res.statusCode = 404; + res.setHeader('Content-Type', 'text/plain'); + + return res.end('Not Found'); + } + + if (!pathToFile.startsWith(basePath)) { + res.statusCode = 400; + res.setHeader('Content-Type', 'text/plain'); + res.statusMessage = 'Forbidden'; + res.end('Forbidden'); + + return; + } + + try { + const checkFile = await fsp.stat(pathToFile); + + if (!checkFile.isFile()) { + res.statusCode = 404; + res.setHeader('Content-Type', 'text/plain'); + res.statusMessage = 'Not Found'; + res.end('Not a file'); + + return; + } + } catch { + res.statusCode = 404; + res.setHeader('Content-Type', 'text/plain'); + res.statusMessage = 'Not Found'; + res.end('File not found'); + + return; + } + + const ext = path.extname(pathToFile).toLowerCase(); + const contentType = mimeType[ext] || 'text/plain'; + + try { + const file = await fsp.readFile(pathToFile); + + res.statusCode = 200; + res.setHeader('Content-Type', contentType); + res.statusMessage = 'OK'; + res.end(file); + } catch { + res.statusCode = 500; + res.setHeader('Content-Type', 'text/plain'); + res.statusMessage = 'Server Problem'; + res.end(); + } + }); } module.exports = { From 324e3c0b444cebf6f05149d2cf09d9d7a711f53d Mon Sep 17 00:00:00 2001 From: Volodymyr Kolosov Date: Wed, 25 Mar 2026 14:00:12 +0000 Subject: [PATCH 2/3] static-server-beta-bag --- src/createServer.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/createServer.js b/src/createServer.js index 6ac9081..208a390 100644 --- a/src/createServer.js +++ b/src/createServer.js @@ -21,7 +21,7 @@ function createServer() { return http.createServer(async (req, res) => { const url = new URL(req.url, `http://${req.headers.host}`); - if (!url.pathname.startsWith('/file')) { + if (!url.pathname.startsWith('/file/')) { res.statusCode = 200; res.setHeader('Content-Type', 'text/plain'); res.end('Use /file/ to load files'); @@ -29,9 +29,9 @@ function createServer() { return; } - const basePath = path.join(__dirname, '..', 'public'); + const basePath = path.resolve(__dirname, '..', 'public'); const requestPath = url.pathname.replace(/^\/file\/?/, '') || 'index.html'; - const pathToFile = path.normalize(path.join(basePath, requestPath)); + const pathToFile = path.resolve(basePath, requestPath); if (requestPath.includes('//')) { res.statusCode = 404; @@ -40,7 +40,9 @@ function createServer() { return res.end('Not Found'); } - if (!pathToFile.startsWith(basePath)) { + if ( + !(pathToFile === basePath || pathToFile.startsWith(basePath + path.sep)) + ) { res.statusCode = 400; res.setHeader('Content-Type', 'text/plain'); res.statusMessage = 'Forbidden'; From 4c558125eb55e155eb1be623869eac1dedcc1139 Mon Sep 17 00:00:00 2001 From: Volodymyr Kolosov Date: Wed, 25 Mar 2026 18:08:02 +0000 Subject: [PATCH 3/3] problem with test --- src/createServer.js | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/createServer.js b/src/createServer.js index 208a390..9200c35 100644 --- a/src/createServer.js +++ b/src/createServer.js @@ -19,6 +19,13 @@ const mimeType = { function createServer() { return http.createServer(async (req, res) => { + if (req.url.includes('..')) { + res.statusCode = 400; + res.setHeader('Content-Type', 'text/plain'); + + return res.end('Forbidden'); + } + const url = new URL(req.url, `http://${req.headers.host}`); if (!url.pathname.startsWith('/file/')) { @@ -29,9 +36,7 @@ function createServer() { return; } - const basePath = path.resolve(__dirname, '..', 'public'); const requestPath = url.pathname.replace(/^\/file\/?/, '') || 'index.html'; - const pathToFile = path.resolve(basePath, requestPath); if (requestPath.includes('//')) { res.statusCode = 404; @@ -40,9 +45,10 @@ function createServer() { return res.end('Not Found'); } - if ( - !(pathToFile === basePath || pathToFile.startsWith(basePath + path.sep)) - ) { + const basePath = path.resolve(__dirname, '..', 'public'); + const pathToFile = path.resolve(basePath, requestPath); + + if (!pathToFile.startsWith(basePath + path.sep)) { res.statusCode = 400; res.setHeader('Content-Type', 'text/plain'); res.statusMessage = 'Forbidden';