Fabio/tileserver-gl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Stronger checking of request parameters and stability improvements

Browse source
This commit is contained in:
Petr Sloup 2016-03-09 13:21:34 +01:00
parent 832b2d22be
commit 9736649244
2 changed files with 24 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/serve_raster.js
View file

@ -185,11 +185,17 @@ module.exports = function(maps, options, prefix) {
.replace('{format}', ':format([\\w\\.]+)'); .replace('{format}', ':format([\\w\\.]+)');
var respondImage = function(z, lon, lat, width, height, scale, format, res, next) { var respondImage = function(z, lon, lat, width, height, scale, format, res, next) {
if (Math.abs(lon) > 180 || Math.abs(lat) > 85.06) {
return res.status(400).send('Invalid center');
}
if (width <= 0 || height <= 0 || width > 2048 || height > 2048) {
return res.status(400).send('Invalid size');
}
if (format == 'png' || format == 'webp') { if (format == 'png' || format == 'webp') {
} else if (format == 'jpg' || format == 'jpeg') { } else if (format == 'jpg' || format == 'jpeg') {
format = 'jpeg'; format = 'jpeg';
} else { } else {
return res.status(404).send('Invalid format'); return res.status(400).send('Invalid format');
} }
var pool = map.renderers[scale]; var pool = map.renderers[scale];

36
src/serve_vector.js
View file

@ -41,38 +41,36 @@ module.exports = function(maps, options, prefix) {
.replace('{x}', ':x(\\d+)') .replace('{x}', ':x(\\d+)')
.replace('{y}', ':y(\\d+)'); .replace('{y}', ':y(\\d+)');
var getTile = function(z, x, y, callback) { app.get(tilePattern, function(req, res, next) {
var z = req.params.z | 0,
x = req.params.x | 0,
y = req.params.y | 0;
if (z < map.tileJSON.minzoom || 0 || x < 0 || y < 0 ||
z > map.tileJSON.maxzoom ||
x >= Math.pow(2, z) || y >= Math.pow(2, z)) {
return res.status(404).send('Out of bounds');
}
source.getTile(z, x, y, function(err, data, headers) { source.getTile(z, x, y, function(err, data, headers) {
if (err) { if (err) {
callback(err); if (/does not exist/.test(err.message)) {
return res.status(404).send(err.message);
} else {
return res.status(500).send(err.message);
}
} else { } else {
var md5 = crypto.createHash('md5').update(data).digest('base64'); var md5 = crypto.createHash('md5').update(data).digest('base64');
headers['content-md5'] = md5; headers['content-md5'] = md5;
headers['content-type'] = 'application/x-protobuf'; headers['content-type'] = 'application/x-protobuf';
headers['content-encoding'] = 'gzip'; headers['content-encoding'] = 'gzip';
res.set(headers);
callback(null, data, headers);
}
});
};
app.get(tilePattern, function(req, res, next) {
var z = req.params.z | 0,
x = req.params.x | 0,
y = req.params.y | 0;
return getTile(z, x, y, function(err, data, headers) {
if (err) {
return next(err);
}
if (headers) {
res.set(headers);
}
if (data == null) { if (data == null) {
return res.status(404).send('Not found'); return res.status(404).send('Not found');
} else { } else {
return res.status(200).send(data); return res.status(200).send(data);
} }
}, res, next); }
});
}); });
app.get('/index.json', function(req, res, next) { app.get('/index.json', function(req, res, next) {