From 9af1ef4f47e25a6b370b6b60c5be0041778a5061 Mon Sep 17 00:00:00 2001
From: myl7 <myl@myl.moe>
Date: Thu, 4 Aug 2022 05:10:02 +0000
Subject: [PATCH] handle trailing slashes in protected routes

---
 pages/api/index.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pages/api/index.ts b/pages/api/index.ts
index 03a627d..36d2229 100644
--- a/pages/api/index.ts
+++ b/pages/api/index.ts
@@ -82,9 +82,12 @@ export async function getAccessToken(): Promise<string> {
  * @returns Path to required auth token. If not required, return empty string.
  */
 export function getAuthTokenPath(path: string) {
+  // Ensure trailing slashes to compare paths component by component. Same for protectedRoutes.
+  path += '/'
   const protectedRoutes = siteConfig.protectedRoutes
   let authTokenPath = ''
-  for (const r of protectedRoutes) {
+  for (let r of protectedRoutes) {
+    r = r.replace(/\/$/, '') + '/'
     if (path.startsWith(r)) {
       authTokenPath = `${r}/.password`
       break
@@ -185,7 +188,8 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     res.status(400).json({ error: 'Path query invalid.' })
     return
   }
-  const cleanPath = pathPosix.resolve('/', pathPosix.normalize(path))
+  // Besides normalizing and making absolute, trailing slashes are trimmed
+  const cleanPath = pathPosix.resolve('/', pathPosix.normalize(path)).replace(/\/$/, '')
 
   // Validate sort param
   if (typeof sort !== 'string') {