Add option to filter files

Author: ghostd

README.md

@@ -135,6 +135,14 @@ for getting the file list.
 This option cannot be set to `false` with `redirect` set to `true` on a server
 with `ignoreTrailingSlash` set to `true`.
 
+#### `allowedPath`
+
+Default: `(pathname, root) => true`
+
+This function allows filtering the served files.
+If the function returns `true`, the file will be served.
+If the function returns `false`, Fastify's 404 handler will be called.
+
 #### `list`
 
 Default: `undefined`

index.d.ts

@@ -41,6 +41,7 @@ export interface FastifyStaticOptions {
   redirect?: boolean;
   wildcard?: boolean | string;
   list?: boolean | ListOptions;
+  allowedPath?: (pathName: string, root?: string) => boolean;
 
   // Passed on to `send`
   acceptRanges?: boolean;

index.js

@@ -12,6 +12,10 @@ const globPromise = util.promisify(glob)
 
 const dirList = require('./lib/dirList')
 
+function allowAllPaths () {
+  return true
+}
+
 async function fastifyStatic (fastify, opts) {
   checkRootPathForErrors(fastify, opts.root)
 
@@ -39,6 +43,8 @@ async function fastifyStatic (fastify, opts) {
     maxAge: opts.maxAge
   }
 
+  const allowedPath = opts.allowedPath || allowAllPaths
+
   function pumpSendToReply (request, reply, pathname, rootPath, rootPathOffset = 0) {
     const options = Object.assign({}, sendOptions)
 
@@ -50,6 +56,10 @@ async function fastifyStatic (fastify, opts) {
       }
     }
 
+    if (!allowedPath(pathname, options.root)) {
+      return reply.callNotFound()
+    }
+
     const stream = send(request.raw, pathname, options)
     let resolvedFilename
     stream.on('file', function (file) {

test/static.test.js

@@ -819,6 +819,48 @@ t.test('sendFile disabled', t => {
   })
 })
 
+t.test('allowedPath option', t => {
+  t.plan(3)
+
+  const pluginOptions = {
+    root: path.join(__dirname, '/static'),
+    allowedPath: (pathName) => pathName !== '/foobar.html'
+  }
+  const fastify = Fastify()
+  fastify.register(fastifyStatic, pluginOptions)
+
+  fastify.listen(0, err => {
+    t.error(err)
+
+    fastify.server.unref()
+
+    t.test('/foobar.html not found', t => {
+      t.plan(2 + GENERIC_ERROR_RESPONSE_CHECK_COUNT)
+      simple.concat({
+        method: 'GET',
+        url: 'http://localhost:' + fastify.server.address().port + '/foobar.html',
+        followRedirect: false
+      }, (err, response, body) => {
+        t.error(err)
+        t.strictEqual(response.statusCode, 404)
+        genericErrorResponseChecks(t, response)
+      })
+    })
+
+    t.test('/index.css found', t => {
+      t.plan(2)
+      simple.concat({
+        method: 'GET',
+        url: 'http://localhost:' + fastify.server.address().port + '/index.css',
+        followRedirect: false
+      }, (err, response, body) => {
+        t.error(err)
+        t.strictEqual(response.statusCode, 200)
+      })
+    })
+  })
+})
+
 t.test('prefix default', t => {
   t.plan(1)
   const pluginOptions = { root: path.join(__dirname, 'static') }