🐛 Fixed HTTP 500 error when given incorrect Range header

ref ENG-729
ref https://linear.app/tryghost/issue/ENG-729/incorrect-range-header-leads-to-http-500-errors

- we didn't have handling here for the `RangeNotSatisfiableError` that
  can come from express/serve-static/send
- as a result, passing an invalid range would cause a 500 error
- this prevents that and adds a breaking test
This commit is contained in:
Daniel Lockyer 2024-03-11 17:35:25 +01:00 committed by Daniel Lockyer
parent 162f438c63
commit 360ecf15ae
3 changed files with 35 additions and 0 deletions

View File

@ -149,6 +149,10 @@ class LocalStorageBase extends StorageBase {
return next(new errors.NoPermissionError({err: err}));
}
if (err.name === 'RangeNotSatisfiableError') {
return next(new errors.RangeNotSatisfiableError({err}));
}
return next(new errors.InternalServerError({err: err}));
}

View File

@ -1,7 +1,38 @@
const assert = require('assert/strict');
const path = require('path');
const http = require('http');
const express = require('express');
const should = require('should');
const LocalStorageBase = require('../../../../../core/server/adapters/storage/LocalStorageBase');
describe('Local Storage Base', function () {
describe('serve', function () {
it('returns a 416 RangeNotSatisfiableError if given an invalid range', function (done) {
const localStorageBase = new LocalStorageBase({
storagePath: path.resolve(__dirname, 'media-storage'),
staticFileURLPrefix: 'content/media',
siteUrl: 'http://example.com/blog/'
});
const req = new http.IncomingMessage();
const res = new http.ServerResponse(req);
Object.setPrototypeOf(req, express.request);
Object.setPrototypeOf(res, express.response);
req.method = 'GET';
req.url = '/content/media/image.jpg';
req.headers = {
range: 'bytes=1000-999'
};
localStorageBase.serve()(req, res, (err) => {
assert.equal(err.errorType, 'RangeNotSatisfiableError');
done();
});
});
});
describe('urlToPath', function () {
it('returns path from url', function () {
let localStorageBase = new LocalStorageBase({

Binary file not shown.

After

Width:  |  Height:  |  Size: 522 KiB