From 3ee5d4a416553fe1711185e2be777d8200bc3bec Mon Sep 17 00:00:00 2001
From: Jon Dough <49297268+stjet@users.noreply.github.com>
Date: Wed, 28 Feb 2024 07:41:33 +0530
Subject: [PATCH 1/2] preview 404 page, preview security fix

404 page now shows when running preview
fix path traversal attack. preview.ts not meant to be used in production (this is a static site!), but hey
---
 preview.ts | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/preview.ts b/preview.ts
index cb620e1..2932569 100644
--- a/preview.ts
+++ b/preview.ts
@@ -11,11 +11,17 @@ createServer((req, res) => {
   } else {
     req_path = path.join(__dirname, "build", req.url);
   }
-  if (!existsSync(req_path)) {
-    res.writeHead(404);
-    //write file
-    res.write("404");
+  let status_code = 200;
+  //req.url.includes("..")
+  if (!req_path.startsWith(path.join(__dirname, "build"))) {
+    //nice try, bad request
+    res.writeHead(400);
+    res.write("400");
     return res.end();
+  } else if (!existsSync(req_path)) {
+    status_code = 404;
+    //serve 404 page instead of non-existent page
+    req_path = path.join(__dirname, "build", "404.html");
   }
   //set content type
   let non_utf8_content_types: string[] = ["image/png", "image/gif", "image/jpeg", "video/mp4"];
@@ -49,7 +55,7 @@ createServer((req, res) => {
     default:
       content_type = "text/plain";
   }
-  res.writeHead(200, {
+  res.writeHead(status_code, {
     "Content-Type": content_type,
   });
   //write file

From 6c48265d61b5565cf29cce1b8aba72f969eebd26 Mon Sep 17 00:00:00 2001
From: Jon Dough <49297268+stjet@users.noreply.github.com>
Date: Wed, 5 Mar 2025 08:05:15 +0000
Subject: [PATCH 2/2] Update index.html

---
 templates/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/index.html b/templates/index.html
index 42f549a..d275c09 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -17,7 +17,7 @@
         <br>
         <h2>prussiafan.club</h2>
         <br>
-        <p>This is my blog. I also have a <a href="https://prussia.dev">portfolio</a>, <a href="https://prussia.dev/retro">retro style personal website</a>. I like free software, privacy, yada yada.</p>
+        <p>This is my blog. I also have a <a href="https://prussia.dev">portfolio</a>. Use Linux? Like Vim and i3/Sway? Then check out <a href="https://github.com/stjet/ming-wm">ming-wm</a>. I like free software, privacy, yada yada.</p>
       </div>
       <div>
         <ul>