Last active
May 11, 2021 08:01
-
-
Save joeyciechanowicz/1bd6a9b9ed6ecf853d3972b07c17f670 to your computer and use it in GitHub Desktop.
express server which adds routes by `evaling` the request query. super not safe ❇️
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const app = require("express")(); | |
/** | |
* Take verb, route and code then add it to express like you would do | |
* | |
* app.get('/route', handlerFunc); | |
*/ | |
app.get("/add", (req, res) => { | |
if (!(req.query.code && req.query.route && req.query.verb)) { | |
return res | |
.status(400) | |
.send( | |
"missing query. expected /add?verb=get&route=/foo&code=(req,res)=>res.send('bar')" | |
); | |
} | |
const handler = eval(req.query.code); | |
if (typeof handler !== "function") { | |
return res.status(400).send("code is not a handler function"); | |
} | |
app[req.query.verb](req.query.route, handler); | |
res.json({ | |
verb: req.query.verb, | |
route: req.query.route, | |
handler: handler.toString(), | |
routeStack: app._router.stack, | |
}); | |
}); | |
app.listen(8080, () => { | |
console.log("Self-editing server listening on http://localhost:8080"); | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment