Update to handle request with invalid uri

author: Wu Cheng-Han 2016-12-03 14:37:24 +0800
committer: Wu Cheng-Han 2016-12-03 14:37:24 +0800
commit: 778b6f32b3e46c003f47b4b380cfd64aaff91a93 (patch)
tree: 29174e23d782b757d2aef9ed3ebb8e9ec4639654
parent: 5958654ea4d722cb6af6a170da94c0d5373015d2 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/app.js b/app.js
index 60b3c41d..1b2874a4 100644
--- a/app.js
+++ b/app.js
@@ -172,6 +172,17 @@ passport.deserializeUser(function (id, done) {
     });
 });
 
+// check uri is valid before going further
+app.use(function(req, res, next) {
+    try {
+        decodeURIComponent(req.path);
+    } catch (err) {
+        logger.error(err);
+        return response.errorBadRequest(res);
+    }
+    next();
+});
+
 // redirect url with trailing slashes
 app.use(function(req, res, next) {
     if ("GET" == req.method && req.path.substr(-1) == '/' && req.path.length > 1) {
author	Wu Cheng-Han	2016-12-03 14:37:24 +0800
committer	Wu Cheng-Han	2016-12-03 14:37:24 +0800
commit	778b6f32b3e46c003f47b4b380cfd64aaff91a93 (patch)
tree	29174e23d782b757d2aef9ed3ebb8e9ec4639654
parent	5958654ea4d722cb6af6a170da94c0d5373015d2 (diff)