🐛 Fixed HTTP 500 error when given incorrect Range header

ref ENG-729 ref https://linear.app/tryghost/issue/ENG-729/incorrect-range-header-leads-to-http-500-errors - we didn't have handling here for the `RangeNotSatisfiableError` that can come from express/serve-static/send - as a result, passing an invalid range would cause a 500 error - this prevents that and adds a breaking test
TryGhost · Mar 11, 2024 · 360ecf1 · 360ecf1
1 parent 162f438
commit 360ecf1
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 0 deletions.
diff --git a/ghost/core/core/server/adapters/storage/LocalStorageBase.js b/ghost/core/core/server/adapters/storage/LocalStorageBase.js
@@ -149,6 +149,10 @@ class LocalStorageBase extends StorageBase {
                         return next(new errors.NoPermissionError({err: err}));
                     }
 
+                    if (err.name === 'RangeNotSatisfiableError') {
+                        return next(new errors.RangeNotSatisfiableError({err}));
+                    }
+
                     return next(new errors.InternalServerError({err: err}));
                 }
 

diff --git a/ghost/core/test/unit/server/adapters/storage/LocalBaseStorage.test.js b/ghost/core/test/unit/server/adapters/storage/LocalBaseStorage.test.js
@@ -1,7 +1,38 @@
+const assert = require('assert/strict');
+const path = require('path');
+const http = require('http');
+const express = require('express');
 const should = require('should');
 const LocalStorageBase = require('../../../../../core/server/adapters/storage/LocalStorageBase');
 
 describe('Local Storage Base', function () {
+    describe('serve', function () {
+        it('returns a 416 RangeNotSatisfiableError if given an invalid range', function (done) {
+            const localStorageBase = new LocalStorageBase({
+                storagePath: path.resolve(__dirname, 'media-storage'),
+                staticFileURLPrefix: 'content/media',
+                siteUrl: 'http://example.com/blog/'
+            });
+
+            const req = new http.IncomingMessage();
+            const res = new http.ServerResponse(req);
+
+            Object.setPrototypeOf(req, express.request);
+            Object.setPrototypeOf(res, express.response);
+
+            req.method = 'GET';
+            req.url = '/content/media/image.jpg';
+            req.headers = {
+                range: 'bytes=1000-999'
+            };
+
+            localStorageBase.serve()(req, res, (err) => {
+                assert.equal(err.errorType, 'RangeNotSatisfiableError');
+                done();
+            });
+        });
+    });
+
     describe('urlToPath', function () {
         it('returns path from url', function () {
             let localStorageBase = new LocalStorageBase({

diff --git a/ghost/core/test/unit/server/adapters/storage/media-storage/content/media/image.jpg b/ghost/core/test/unit/server/adapters/storage/media-storage/content/media/image.jpg