From 54d0db577cc385e2aec44ff42ab3e37a678867e7 Mon Sep 17 00:00:00 2001
From: Alan Faubert <git@acf.ws>
Date: Thu, 31 Oct 2019 12:02:36 -0400
Subject: [PATCH] support GET and HEAD only

---
 sfs.js | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/sfs.js b/sfs.js
index dbfea3b..1438007 100644
--- a/sfs.js
+++ b/sfs.js
@@ -43,6 +43,10 @@ const host = process.argv[3] || 'localhost';
 http
 	.createServer(async (req, res) => {
 		const path = '.' + decodeURIComponent(req.url);
+		if (req.method !== 'GET' && req.method !== 'HEAD') {
+			send_error(res, 405, 'Method Not Allowed');
+			return;
+		}
 		if (!path.startsWith('./') || path.includes('/..') || path.includes('\\')) {
 			send_error(res, 403, 'Forbidden');
 			return;
@@ -81,12 +85,14 @@ http
 					'content-length': stats.size,
 				});
 			}
-			fs.createReadStream(path, range)
-				.on('error', () => send_error(res, 500, 'Internal Server Error'))
-				.pipe(res);
-			return;
-		}
-		if (stats.isDirectory()) {
+			if (req.method === 'GET') {
+				fs.createReadStream(path, range)
+					.on('error', () => send_error(res, 500, 'Internal Server Error'))
+					.pipe(res);
+			} else {
+				res.end();
+			}
+		} else if (stats.isDirectory()) {
 			if (!req.url.endsWith('/')) {
 				res.writeHead(302, { location: req.url + '/' });
 				res.end();
@@ -101,7 +107,7 @@ http
 				dir.unshift(['..', { isFile: () => false, isDirectory: () => true }]);
 			}
 			res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
-			res.end(`<!doctype html>
+			res.end(req.method === 'GET' ? `<!doctype html>
 <html>
 	<head>
 		<title>${req.headers.host + decodeURIComponent(req.url)}</title>
@@ -116,10 +122,10 @@ http
 			</li>`).join('')}
 		</ul>
 	</body>
-</html>`);
-			return;
+</html>` : undefined);
+		} else {
+			send_error(res, 500, 'Internal Server Error');
 		}
-		send_error(res, 500, 'Internal Server Error');
 	})
 	.listen(port, host);