diff --git a/sfs.js b/sfs.js index dbfea3b..1438007 100644 --- a/sfs.js +++ b/sfs.js @@ -43,6 +43,10 @@ const host = process.argv[3] || 'localhost'; http .createServer(async (req, res) => { const path = '.' + decodeURIComponent(req.url); + if (req.method !== 'GET' && req.method !== 'HEAD') { + send_error(res, 405, 'Method Not Allowed'); + return; + } if (!path.startsWith('./') || path.includes('/..') || path.includes('\\')) { send_error(res, 403, 'Forbidden'); return; @@ -81,12 +85,14 @@ http 'content-length': stats.size, }); } - fs.createReadStream(path, range) - .on('error', () => send_error(res, 500, 'Internal Server Error')) - .pipe(res); - return; - } - if (stats.isDirectory()) { + if (req.method === 'GET') { + fs.createReadStream(path, range) + .on('error', () => send_error(res, 500, 'Internal Server Error')) + .pipe(res); + } else { + res.end(); + } + } else if (stats.isDirectory()) { if (!req.url.endsWith('/')) { res.writeHead(302, { location: req.url + '/' }); res.end(); @@ -101,7 +107,7 @@ http dir.unshift(['..', { isFile: () => false, isDirectory: () => true }]); } res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' }); - res.end(` + res.end(req.method === 'GET' ? `