Skip to content

Commit

Permalink
fix(assets): security fix
Browse files Browse the repository at this point in the history
  • Loading branch information
polonel committed Oct 17, 2018
1 parent 7d71135 commit b081965
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
5 changes: 2 additions & 3 deletions src/middleware/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,8 @@ module.exports = function(app, db, callback) {
//Mobile
app.use('/mobile', express.static(path.join(__dirname, '../../', 'mobile')));

app.use('/uploads/tickets', middleware.redirectToLogin, express.static(path.resolve(__dirname, '/public/uploads/tickets')));
app.use('/uploads/users', middleware.redirectToLogin, express.static(path.resolve(__dirname, '/public/uploads/users')));

app.use('/uploads', middleware.redirectToLogin, express.static(path.resolve(__dirname, '/public/uploads')));

app.use(express.static(path.join(__dirname, '../../', 'public')));

//Remove to enable plugins
Expand Down
3 changes: 3 additions & 0 deletions src/webserver.js
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,9 @@ var async = require('async'),
app.set('view engine', 'hbs');
hbsHelpers.register(hbs.handlebars);

// Prevent unauth from uploads
app.use('/uploads', middleware.redirectToLogin, express.static(path.resolve(__dirname, '/public/uploads')));

app.use(express.static(path.join(__dirname, '../', 'public')));
app.use(favicon(path.join(__dirname, '../', 'public/img/favicon.ico')));
app.use(bodyParser.urlencoded({ extended: false }));
Expand Down

0 comments on commit b081965

Please sign in to comment.