v2.3.11: update sanitizeHost middleware

6 years ago · 3562b9ebfb
2 changed files with 33 additions and 21 deletions
--- a/index.js
+++ b/index.js
@ -483,31 +483,43 @@ Greenlock.create = function (gl) {

  //var SERVERNAME_RE = /^[a-z0-9\.\-_]+$/;
  var SERVERNAME_G = /[^a-z0-9\.\-_]/;
-  gl.middleware.sanitizeHost = function (req, res, next) {
-    // Get the host:port combo, if it exists
-    var host = (req.headers.host||'').split(':');
+  gl.middleware.sanitizeHost = function (app) {
+    return function (req, res, next) {
+      function realNext() {
+        if ('function' === typeof app) {
+          app(req, res);
+        } else if ('function' === typeof next) {
+          next();
+        } else {
+          res.statusCode = 500;
+          res.end("Error: no middleware assigned");
+        }
+      }
+      // Get the host:port combo, if it exists
+      var host = (req.headers.host||'').split(':');

-    // if not, move along
-    if (!host[0]) { next(req, res); return; }
+      // if not, move along
+      if (!host[0]) { realNext(); return; }

-    // if so, remove non-allowed characters
-    var safehost = host[0].replace(SERVERNAME_G, '');
+      // if so, remove non-allowed characters
+      var safehost = host[0].replace(SERVERNAME_G, '');

-    // if there were unallowed characters, complain
-    if (!gl.__sni_allow_dangerous_name && safehost.length !== host[0].length) {
-      res.statusCode = 400;
-      res.end("Malformed HTTP Header: 'Host: " + host[0] + "'");
-      return;
-    }
+      // if there were unallowed characters, complain
+      if (!gl.__sni_allow_dangerous_name && safehost.length !== host[0].length) {
+        res.statusCode = 400;
+        res.end("Malformed HTTP Header: 'Host: " + host[0] + "'");
+        return;
+      }

-    // make lowercase
-    if (!gl.__sni_preserve_case) {
-      host[0] = host[0].toLowerCase();
-      req.headers.host = host.join(':');
-    }
+      // make lowercase
+      if (!gl.__sni_preserve_case) {
+        host[0] = host[0].toLowerCase();
+        req.headers.host = host.join(':');
+      }

-    // carry on
-    next(req, res);
+      // carry on
+      realNext();
+    };
  };

  return gl;
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "greenlock",
-  "version": "2.3.10",
+  "version": "2.3.11",
  "description": "Let's Encrypt for node.js on npm",
  "main": "index.js",
  "files": [