padurlsanitize: Don't crash if `sanitizePadId()` throws

Let Express send a 500 status code to the user instead. Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-07-05 06:12:02 +02:00 · 2021-07-05 06:12:02 +02:00 · 8b73f2ee70
parent 4733c7d8d3
commit 8b73f2ee70
2 changed files with 20 additions and 16 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -15,6 +15,7 @@
  from the database when the group is deleted.
 * Fixed race conditions in the `setText`, `appendText`, and `restoreRevision`
  functions (HTTP API).
+* Fixed a crash if the database is busy enough to cause a query timeout.

 #### For plugin authors

--- a/src/node/hooks/express/padurlsanitize.js
+++ b/src/node/hooks/express/padurlsanitize.js
@ -4,24 +4,27 @@ const padManager = require('../../db/PadManager');

 exports.expressCreateServer = (hookName, args, cb) => {
  // redirects browser to the pad's sanitized url if needed. otherwise, renders the html
-  args.app.param('pad', async (req, res, next, padId) => {
-    // ensure the padname is valid and the url doesn't end with a /
-    if (!padManager.isValidPadId(padId) || /\/$/.test(req.url)) {
-      res.status(404).send('Such a padname is forbidden');
-      return;
-    }
+  args.app.param('pad', (req, res, next, padId) => {
+    (async () => {
+      // ensure the padname is valid and the url doesn't end with a /
+      if (!padManager.isValidPadId(padId) || /\/$/.test(req.url)) {
+        res.status(404).send('Such a padname is forbidden');
+        return;
+      }

-    const sanitizedPadId = await padManager.sanitizePadId(padId);
+      const sanitizedPadId = await padManager.sanitizePadId(padId);

-    if (sanitizedPadId === padId) {
-      // the pad id was fine, so just render it
-      next();
-    } else {
-      // the pad id was sanitized, so we redirect to the sanitized version
-      const realURL = encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;
-      res.header('Location', realURL);
-      res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
-    }
+      if (sanitizedPadId === padId) {
+        // the pad id was fine, so just render it
+        next();
+      } else {
+        // the pad id was sanitized, so we redirect to the sanitized version
+        const realURL =
+            encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;
+        res.header('Location', realURL);
+        res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
+      }
+    })().catch((err) => next(err || new Error(err)));
  });
  return cb();
 };