fix: port #16250 to v2 (#16254)

2024-11-21 22:59:10 +00:00 · 2024-03-25 00:00:45 +09:00 · 2024-03-25 00:00:45 +09:00 · 011bbca350
commit 011bbca350
parent bfc5649b8d
7 changed files with 53 additions and 4 deletions
--- a/packages/playground/fs-serve/tests/deny/fs-serve-deny.spec.ts
+++ b/packages/playground/fs-serve/tests/deny/fs-serve-deny.spec.ts
@ -0,0 +1,22 @@
+import { isBuild } from '../../../testUtils'
+
+describe('main', () => {
+  if (!isBuild) {
+    test('**/deny/** should deny src/deny/deny.txt', async () => {
+      const res = await page.request.fetch(
+        new URL('/src/deny/deny.txt', viteTestUrl).href
+      )
+      expect(res.status()).toBe(403)
+    })
+    test('**/deny/** should deny src/deny/.deny', async () => {
+      const res = await page.request.fetch(
+        new URL('/src/deny/.deny', viteTestUrl).href
+      )
+      expect(res.status()).toBe(403)
+    })
+  } else {
+    test('dummy test to make jest happy', async () => {
+      // Your test suite must contain at least one test.
+    })
+  }
+})
--- a/packages/playground/fs-serve/tests/deny/vite.config.js
+++ b/packages/playground/fs-serve/tests/deny/vite.config.js
@ -0,0 +1 @@
+module.exports = require('../../root/vite.config-deny')
--- a/packages/playground/fs-serve/package.json
+++ b/packages/playground/fs-serve/package.json
@ -6,6 +6,9 @@
    "dev": "vite root",
    "build": "vite build root",
    "debug": "node --inspect-brk ../../vite/bin/vite",
-    "preview": "vite preview"
+    "preview": "vite preview",
+    "dev:deny": "vite root --config ./root/vite.config-deny.js",
+    "build:deny": "vite build root --config ./root/vite.config-deny.js",
+    "preview:deny": "vite preview root --config ./root/vite.config-deny.js"
  }
 }
--- a/packages/playground/fs-serve/root/src/deny/.deny
+++ b/packages/playground/fs-serve/root/src/deny/.deny
@ -0,0 +1 @@
+.deny
--- a/packages/playground/fs-serve/root/src/deny/deny.txt
+++ b/packages/playground/fs-serve/root/src/deny/deny.txt
@ -0,0 +1 @@
+deny
--- a/packages/playground/fs-serve/root/vite.config-deny.js
+++ b/packages/playground/fs-serve/root/vite.config-deny.js
@ -0,0 +1,15 @@
+const path = require('path')
+const { defineConfig } = require('vite')
+
+module.exports = defineConfig({
+  server: {
+    fs: {
+      strict: true,
+      allow: [path.resolve(__dirname, 'src')],
+      deny: ['**/deny/**']
+    }
+  },
+  define: {
+    ROOT: JSON.stringify(path.dirname(__dirname).replace(/\\/g, '/'))
+  }
+})
--- a/packages/vite/src/node/server/middlewares/static.ts
+++ b/packages/vite/src/node/server/middlewares/static.ts
@ -156,7 +156,11 @@ export function serveRawFsMiddleware(
  }
 }

-const _matchOptions = { matchBase: true, nocase: true }
+const _matchOptions = {
+  matchBase: false,
+  nocase: true,
+  dot: true
+}

 export function isFileServingAllowed(
  url: string,
@ -166,8 +170,10 @@ export function isFileServingAllowed(

  const file = fsPathFromUrl(url)

-  if (server.config.server.fs.deny.some((i) => isMatch(file, i, _matchOptions)))
-    return false
+  const deny = server.config.server.fs.deny.map((pattern) =>
+    pattern.includes('/') ? pattern : `**/${pattern}`
+  )
+  if (deny.some((i) => isMatch(file, i, _matchOptions))) return false

  if (server.moduleGraph.safeModulesPath.has(file)) return true
				`@ -0,0 +1 @@`
				`module.exports = require('../../root/vite.config-deny')`