From e0536620d65d9e447bd58f0fa5670f4ca9f39208 Mon Sep 17 00:00:00 2001
From: Dorian Niemiec <dorian.niemiec@svrjs.org>
Date: Sun, 10 Nov 2024 16:09:35 +0100
Subject: [PATCH] fix: fix crashes with SVR.JS Core

---
 src/core.js                                   | 41 ++++++++++++++++++-
 src/handlers/requestHandler.js                |  3 ++
 .../staticFileServingAndDirectoryListings.js  | 27 +++++++++++-
 3 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/src/core.js b/src/core.js
index 15068b0..a96d598 100644
--- a/src/core.js
+++ b/src/core.js
@@ -13,7 +13,6 @@ const statusCodes = require("./res/statusCodes.js");
 
 const middleware = [
   require("./middleware/urlSanitizer.js"),
-  require("./middleware/rewriteURL.js"),
   require("./middleware/redirectTrailingSlashes.js"),
   require("./middleware/defaultHandlerChecks.js"),
   require("./middleware/staticFileServingAndDirectoryListings.js")
@@ -591,6 +590,9 @@ function requestHandler(req, res, next) {
             ? config.domain
             : "unknown.invalid")
     );
+
+    // req.originalParsedURL fallback
+    req.originalParsedURL = req.parsedURL;
   } catch (err) {
     res.error(400, err);
     return;
@@ -626,6 +628,43 @@ function requestHandler(req, res, next) {
 
 function init(config) {
   if (config) coreConfig = config;
+
+  if (coreConfig.users === undefined) coreConfig.users = [];
+  if (coreConfig.page404 === undefined) coreConfig.page404 = "404.html";
+  if (coreConfig.enableCompression === undefined)
+    coreConfig.enableCompression = true;
+  if (coreConfig.customHeaders === undefined) coreConfig.customHeaders = {};
+  if (coreConfig.enableDirectoryListing === undefined)
+    coreConfig.enableDirectoryListing = true;
+  if (coreConfig.enableDirectoryListingWithDefaultHead === undefined)
+    coreConfig.enableDirectoryListingWithDefaultHead = false;
+  if (coreConfig.serverAdministratorEmail === undefined)
+    coreConfig.serverAdministratorEmail = "[no contact information]";
+  if (coreConfig.stackHidden === undefined) coreConfig.stackHidden = false;
+  if (coreConfig.exposeServerVersion === undefined)
+    coreConfig.exposeServerVersion = true;
+  if (coreConfig.dontCompress === undefined)
+    coreConfig.dontCompress = [
+      "/.*\\.ipxe$/",
+      "/.*\\.(?:jpe?g|png|bmp|tiff|jfif|gif|webp)$/",
+      "/.*\\.(?:[id]mg|iso|flp)$/",
+      "/.*\\.(?:zip|rar|bz2|[gb7x]z|lzma|tar)$/",
+      "/.*\\.(?:mp[34]|mov|wm[av]|avi|webm|og[gv]|mk[va])$/"
+    ];
+  if (coreConfig.enableIPSpoofing === undefined)
+    coreConfig.enableIPSpoofing = false;
+  if (coreConfig.enableETag === undefined) coreConfig.enableETag = true;
+  if (coreConfig.rewriteDirtyURLs === undefined)
+    coreConfig.rewriteDirtyURLs = false;
+  if (coreConfig.errorPages === undefined) coreConfig.errorPages = [];
+  if (coreConfig.disableTrailingSlashRedirects === undefined)
+    coreConfig.disableTrailingSlashRedirects = false;
+  if (coreConfig.allowDoubleSlashes === undefined)
+    coreConfig.allowDoubleSlashes = false;
+
+  // You wouldn't use SVR.JS mods in SVR.JS Core
+  coreConfig.exposeModsInErrorPages = false;
+
   return requestHandler;
 }
 
diff --git a/src/handlers/requestHandler.js b/src/handlers/requestHandler.js
index b2b6781..93d2d71 100644
--- a/src/handlers/requestHandler.js
+++ b/src/handlers/requestHandler.js
@@ -706,6 +706,9 @@ function requestHandler(req, res) {
             ? config.domain
             : "unknown.invalid")
     );
+
+    // req.originalParsedURL fallback
+    req.originalParsedURL = req.parsedURL;
   } catch (err) {
     res.error(400, err);
     return;
diff --git a/src/middleware/staticFileServingAndDirectoryListings.js b/src/middleware/staticFileServingAndDirectoryListings.js
index 4a14377..605b21d 100644
--- a/src/middleware/staticFileServingAndDirectoryListings.js
+++ b/src/middleware/staticFileServingAndDirectoryListings.js
@@ -980,7 +980,32 @@ module.exports = (req, res, logFacilities, config, next) => {
     } else if (dirImagesMissing) {
       fs.stat(readFrom, (e, s) => {
         if (e || !s.isFile()) {
-          properDirectoryListingAndStaticFileServe();
+          if (err.code == "ENOENT") {
+            res.error(404);
+            logFacilities.errmessage("Resource not found.");
+            return;
+          } else if (err.code == "ENOTDIR") {
+            res.error(404); // Assume that file doesn't exist.
+            logFacilities.errmessage("Resource not found.");
+            return;
+          } else if (err.code == "EACCES") {
+            res.error(403);
+            logFacilities.errmessage("Access denied.");
+            return;
+          } else if (err.code == "ENAMETOOLONG") {
+            res.error(414);
+            return;
+          } else if (err.code == "EMFILE") {
+            res.error(503);
+            return;
+          } else if (err.code == "ELOOP") {
+            res.error(508); // The symbolic link loop is detected during file system operations.
+            logFacilities.errmessage("Symbolic link loop detected.");
+            return;
+          } else {
+            res.error(500, err);
+            return;
+          }
         } else {
           stats = s;
           properDirectoryListingAndStaticFileServe();