Ghost/core/server/web/shared/middlewares/uncapitalise.js

// # uncapitalise Middleware
// Usage: uncapitalise(req, res, next)
// After:
// Before:
// App: Admin|Site|API
//
// Detect upper case in req.path.
//
//  Example req:
//  req.originalUrl = /blog/ghost/signin/?asdAD=asdAS
//  req.url = /ghost/signin/?asdAD=asdAS
//  req.baseUrl = /blog
//  req.path =  /ghost/signin/

const errors = require('@tryghost/errors');
const urlUtils = require('../../../lib/url-utils');
const {i18n} = require('../../../lib/common');
const localUtils = require('../utils');

const uncapitalise = (req, res, next) => {
    let pathToTest = (req.baseUrl ? req.baseUrl : '') + req.path;
    let redirectPath;
    let decodedURI;

    const isSignupOrReset = pathToTest.match(/^(.*\/ghost\/(signup|reset)\/)/i),
        isAPI = pathToTest.match(/^(.*\/ghost\/api\/(v[\d.]+|canary)\/.*?\/)/i);

    if (isSignupOrReset) {
        pathToTest = isSignupOrReset[1];
    }

    // Do not lowercase anything after e.g. /api/v{X}/ to protect :key/:slug
    if (isAPI) {
        pathToTest = isAPI[1];
    }

    try {
        decodedURI = decodeURIComponent(pathToTest);
    } catch (err) {
        return next(new errors.NotFoundError({
            message: i18n.t('errors.errors.pageNotFound'),
            err: err
        }));
    }

    /**
     * In node < 0.11.1 req.path is not encoded, afterwards, it is always encoded such that | becomes %7C etc.
     * That encoding isn't useful here, as it triggers an extra uncapitalise redirect, so we decode the path first
     */
    if (/[A-Z]/.test(decodedURI)) {
        redirectPath = (localUtils.removeOpenRedirectFromUrl((req.originalUrl || req.url).replace(pathToTest, pathToTest.toLowerCase())));
        return urlUtils.redirect301(res, redirectPath);
    }

    next();
};

module.exports = uncapitalise;
Move uncapitalize into its own file. refs #5286 - Moved the logic into its own file - Added unit tests 2015-06-10 22:18:31 +03:00			`// # uncapitalise Middleware`
			`// Usage: uncapitalise(req, res, next)`
			`// After:`
			`// Before:`
Rename blog -> site - We're going to be moving towards this naming convention more - Doing this now makes it easier to name other things 2017-10-26 19:24:08 +03:00			`// App: Admin\|Site\|API`
Move uncapitalize into its own file. refs #5286 - Moved the logic into its own file - Added unit tests 2015-06-10 22:18:31 +03:00			`//`
			`// Detect upper case in req.path.`
Misc Middleware cleanup (#7526) * 💄 Combine slashes & uncapitalise middleware - these bits of middleware belong together - ideally they should be optimised * 🎨 Move ghostLocals out of themeHandler GhostLocals sets several important values which are needed for every part of the application, admin, api and theme. Therefore, it doesn't make sense for it to be bundled in the themeHandler. * 🐛 Fix the uncapitalise middleware - Updated to make correct use of req.baseUrl, req.path, req.url & req.originalUrl - Updated the tests to actually cover our weird cases * 🎨 Move ghostVersion logic out of config * 💄 Group static / asset-related middleware together * 🔥 Remove /shared/ asset handling - The 5 files which are located in `/shared/` are all handled by individual calls to `serveSharedFile` - Therefore this code is redundant 2016-10-10 22:14:32 +03:00			`//`
			`// Example req:`
			`// req.originalUrl = /blog/ghost/signin/?asdAD=asdAS`
			`// req.url = /ghost/signin/?asdAD=asdAS`
			`// req.baseUrl = /blog`
			`// req.path = /ghost/signin/`
Move uncapitalize into its own file. refs #5286 - Moved the logic into its own file - Added unit tests 2015-06-10 22:18:31 +03:00
Swapped common for @tryghost/errors in core/server/web - Update all references to common.errors to use @tryghost/errors - Use dereferencing to only require used bits of common in each file 2020-04-09 21:40:00 +03:00			`const errors = require('@tryghost/errors');`
Migrated to use url-utils from Ghost-SDK (#10787) closes #10773 - The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK - Added url-utils stubbing utility for test suites - Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups) 2019-06-18 16:13:55 +03:00			`const urlUtils = require('../../../lib/url-utils');`
Swapped common for @tryghost/errors in core/server/web - Update all references to common.errors to use @tryghost/errors - Use dereferencing to only require used bits of common in each file 2020-04-09 21:40:00 +03:00			`const {i18n} = require('../../../lib/common');`
ES6 migration: server/web/ (#9886) refs #9589 2018-09-20 16:03:33 +03:00			`const localUtils = require('../utils');`
ES6 migration: server/web/middleware (#9737) refs #9589 2018-09-10 15:07:57 +03:00
ES6 migration: server/web/ (#9886) refs #9589 2018-09-20 16:03:33 +03:00			`const uncapitalise = (req, res, next) => {`
			`let pathToTest = (req.baseUrl ? req.baseUrl : '') + req.path;`
			`let redirectPath;`
			`let decodedURI;`
ES6 migration: server/web/middleware (#9737) refs #9589 2018-09-10 15:07:57 +03:00
			`const isSignupOrReset = pathToTest.match(/^(.*\/ghost\/(signup\|reset)\/)/i),`
Updated uncapitalise check to work with canary no issue Previously uncapitalise check was based on fixed api endpoint format - v[NUMBER], this updates it to work with canary endpoint 2019-08-09 17:15:13 +03:00			`isAPI = pathToTest.match(/^(.\/ghost\/api\/(v[\d.]+\|canary)\/.?\/)/i);`
Move uncapitalize into its own file. refs #5286 - Moved the logic into its own file - Added unit tests 2015-06-10 22:18:31 +03:00
			`if (isSignupOrReset) {`
			`pathToTest = isSignupOrReset[1];`
			`}`

Reworded confusing comment mentioning v0.1 2019-09-12 20:17:35 +03:00			`// Do not lowercase anything after e.g. /api/v{X}/ to protect :key/:slug`
Move uncapitalize into its own file. refs #5286 - Moved the logic into its own file - Added unit tests 2015-06-10 22:18:31 +03:00			`if (isAPI) {`
			`pathToTest = isAPI[1];`
			`}`

🐛 Fixed throwing 500 for invalid encoded urls (#9279) refs https://github.com/TryGhost/Team/issues/41 - if you send invalid encoded url components in the path, the server tried to decode the url - if it contains invalid characters like /AF%, it throwed a 500 - we return a page not found error instead 2017-11-28 14:39:38 +03:00			`try {`
			`decodedURI = decodeURIComponent(pathToTest);`
			`} catch (err) {`
Swapped common for @tryghost/errors in core/server/web - Update all references to common.errors to use @tryghost/errors - Use dereferencing to only require used bits of common in each file 2020-04-09 21:40:00 +03:00			`return next(new errors.NotFoundError({`
			`message: i18n.t('errors.errors.pageNotFound'),`
🐛 Fixed throwing 500 for invalid encoded urls (#9279) refs https://github.com/TryGhost/Team/issues/41 - if you send invalid encoded url components in the path, the server tried to decode the url - if it contains invalid characters like /AF%, it throwed a 500 - we return a page not found error instead 2017-11-28 14:39:38 +03:00			`err: err`
			`}));`
			`}`

Uncapitalise respects subdirectories & no encoding no issue - Uncapitalise was dropping the subdirectory when redirecting - so the base url has been added where present - Uncapitalise was also working differently in node 0.10 and 0.12 - so the path is decoded before testing for uppercase - Adds some test coverage 2015-09-24 16:40:48 +03:00			`/**`
			`* In node < 0.11.1 req.path is not encoded, afterwards, it is always encoded such that \| becomes %7C etc.`
			`* That encoding isn't useful here, as it triggers an extra uncapitalise redirect, so we decode the path first`
			`*/`
🐛 Fixed throwing 500 for invalid encoded urls (#9279) refs https://github.com/TryGhost/Team/issues/41 - if you send invalid encoded url components in the path, the server tried to decode the url - if it contains invalid characters like /AF%, it throwed a 500 - we return a page not found error instead 2017-11-28 14:39:38 +03:00			`if (/[A-Z]/.test(decodedURI)) {`
Moved removeOpenRedirectFromUrl to local web utils refs #9178 - see https://github.com/TryGhost/Ghost/issues/9178#issuecomment-351521897 2017-12-14 00:06:31 +03:00			`redirectPath = (localUtils.removeOpenRedirectFromUrl((req.originalUrl \|\| req.url).replace(pathToTest, pathToTest.toLowerCase())));`
Migrated to use url-utils from Ghost-SDK (#10787) closes #10773 - The refactoring is a substitute for `urlService.utils` used previously throughout the codebase and now extracted into the separate module in Ghost-SDK - Added url-utils stubbing utility for test suites - Some tests had to be refactored to avoid double mocks (when url's are being reset inside of rested 'describe' groups) 2019-06-18 16:13:55 +03:00			`return urlUtils.redirect301(res, redirectPath);`
Move uncapitalize into its own file. refs #5286 - Moved the logic into its own file - Added unit tests 2015-06-10 22:18:31 +03:00			`}`
Switch to Eslint (#9197) refs #9178 * Add eslint deps, remove old lint deps * Add eslint config, remove old lint configs * Config for server and tests are different * Tweaked rules to suit us * Fix linting in codebase - lots of indent changes. * Fix a real broken test 2017-11-01 16:44:54 +03:00
			`next();`
Move uncapitalize into its own file. refs #5286 - Moved the logic into its own file - Added unit tests 2015-06-10 22:18:31 +03:00			`};`

			`module.exports = uncapitalise;`