protect serving SSR assets in production

This commit is contained in:
Pooya Parsa 2017-06-20 02:40:54 +04:30
parent d9a01c25f1
commit be8191de60

View File

@ -24,6 +24,27 @@ const parseTemplate = templateStr => _.template(templateStr, {
interpolate: /{{([\s\S]+?)}}/g interpolate: /{{([\s\S]+?)}}/g
}) })
const resourceMap = [
{
key: 'clientManifest',
fileName: 'vue-ssr-client-manifest.json',
transform: JSON.parse
},
{
key: 'serverBundle',
fileName: 'server-bundle.json',
transform: JSON.parse
},
{
key: 'appTemplate',
fileName: 'index.html',
transform: parseTemplate
}
]
// Protector utility against request to SSR bundle files
const ssrResourceRegex = new RegExp(resourceMap.map(resource => resource.fileName).join('|'), 'i')
export default class Renderer extends Tapable { export default class Renderer extends Tapable {
constructor (nuxt) { constructor (nuxt) {
super() super()
@ -91,29 +112,15 @@ export default class Renderer extends Tapable {
return this return this
} }
async loadResources (_fs = fs, isServer) { async loadResources (_fs) {
let distPath = resolve(this.options.buildDir, 'dist') let distPath = resolve(this.options.buildDir, 'dist')
const resourceMap = {
clientManifest: {
path: join(distPath, 'vue-ssr-client-manifest.json'),
transform: JSON.parse
},
serverBundle: {
path: join(distPath, 'server-bundle.json'),
transform: JSON.parse
},
appTemplate: {
path: join(distPath, 'index.html'),
transform: parseTemplate
}
}
let updated = [] let updated = []
Object.keys(resourceMap).forEach(resourceKey => { resourceMap.forEach(({ key, fileName, transform }) => {
let { path, transform } = resourceMap[resourceKey] let rawKey = '$$' + key
let rawKey = '$$' + resourceKey const path = join(distPath, fileName)
let rawData, data let rawData, data
if (!_fs.existsSync(path)) { if (!_fs.existsSync(path)) {
return // Resource not exists return // Resource not exists
@ -128,8 +135,8 @@ export default class Renderer extends Tapable {
if (!data) { if (!data) {
return // Invalid data ? return // Invalid data ?
} }
this.resources[resourceKey] = data this.resources[key] = data
updated.push(resourceKey) updated.push(key)
}) })
if (updated.length > 0) { if (updated.length > 0) {
@ -151,7 +158,7 @@ export default class Renderer extends Tapable {
basedir: this.options.rootDir basedir: this.options.rootDir
}, this.options.render.ssr, this.options.build.ssr)) }, this.options.render.ssr, this.options.build.ssr))
if(this.options.build.ssr) { if (this.options.build.ssr) {
console.warn('[nuxt] `build.ssr` is deprecated and will be removed in 1.0 release, please use `renderer.ssr` instead!') console.warn('[nuxt] `build.ssr` is deprecated and will be removed in 1.0 release, please use `renderer.ssr` instead!')
} }
@ -189,8 +196,7 @@ export default class Renderer extends Tapable {
await this.serveStatic(req, res) await this.serveStatic(req, res)
// Serve .nuxt/dist/ files (only for production) // Serve .nuxt/dist/ files (only for production)
const isValidExtension = (req.url.slice(-3) === '.js') || (req.url.slice(-4) === '.css') || (req.url.slice(-4) === '.map') if (!this.options.dev && !ssrResourceRegex.test(req.url)) {
if (!this.options.dev && isValidExtension) {
const url = req.url const url = req.url
if (req.url.indexOf(this.options.build.publicPath) === 0) { if (req.url.indexOf(this.options.build.publicPath) === 0) {
req.url = req.url.replace(this.options.build.publicPath, '/') req.url = req.url.replace(this.options.build.publicPath, '/')