Skip to content

Develop #343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shatskov-artur wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Develop #343

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
37522e1
Load local changes
Feb 7, 2026
6e39ea5
Solution
Feb 7, 2026
39aebdb
Solution
Feb 7, 2026
fec4001
Solution3
Feb 7, 2026
7acb1c7
Solution3
Feb 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 41 additions & 2 deletions src/createServer.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,47 @@
'use strict';

const http = require('http');
const fs = require('fs');

function createServer() {
/* Write your code here */
// Return instance of http.Server class
return http.createServer((req, res) => {
const normalizedUrl = new URL(req.url, `http://${req.headers.host}`);
const { pathname } = normalizedUrl;

if (pathname.includes('//')) {
res.writeHead(404, { 'Content-Type': 'text/plain' });
res.end('File Not Found');

return;
}

if (!pathname.startsWith('/file')) {
res.writeHead(400, { 'Content-Type': 'text/plain' });
res.end('Should be /file/*');

return;
}

const relativeFilePath = pathname.replace(/^\/file\/?/, '');

if (!relativeFilePath) {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('File Not Found');

return;
}
Comment on lines +27 to +32
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the requirements, requests for /file/ or /file should return public/index.html. This logic currently returns a 'File Not Found' message. You should modify this logic to serve index.html when relativeFilePath is empty.

Comment on lines +27 to +32
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current logic returns "File Not Found" for requests to /file or /file/. According to the requirements, these paths should serve public/index.html. You should adjust this logic to handle an empty relativeFilePath by defaulting it to index.html.


fs.readFile(`public/${relativeFilePath}`, (err, data) => {
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line is vulnerable to path traversal attacks. A request like /file/../../package.json could allow access to files outside the public directory. You should sanitize the relativeFilePath to ensure it does not contain elements like .. and that the final resolved path is still within the public folder. The built-in path module can be very helpful for this.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This implementation is still vulnerable to path traversal attacks. For example, a request to /file/../createServer.js could expose your server's source code. You need to resolve the full file path and verify that it is still inside the public directory before reading the file. The built-in path module can be very helpful here.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line is still vulnerable to path traversal attacks. A request like /file/../createServer.js could expose your server's source code. You need to use the path module to create a secure file path and verify that the final path remains inside the public directory. Concatenating strings to form a path is not safe.

if (err) {
res.writeHead(404, { 'Content-Type': 'text/plain' });
res.end('File Not Found');

return;
}
res.writeHead(200, { 'Content-Type': 'text/plain' });
Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Content-Type is hardcoded to text/plain. This will prevent browsers from correctly rendering file types like HTML or CSS. The content type should be determined dynamically based on the file's extension (e.g., text/html for .html, text/css for .css).

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to the other file-serving block, the Content-Type here is hardcoded. This needs to be determined from the file extension of the relativeFilePath to ensure browsers can correctly interpret the content.

Copy link
Copy Markdown

@mateacademy-ai-mentor mateacademy-ai-mentor Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Content-Type is still hardcoded to text/plain. This prevents browsers from correctly rendering HTML or applying CSS. You need to set this header dynamically based on the file extension of the requested file (e.g., text/html for .html files, text/css for .css files).

res.end(data);
});
});
}

module.exports = {
Expand Down