Merge remote-tracking branch 'upstream/master' into pmtiles
Signed-off-by: Andrew Calcutt <acalcutt@techidiots.net>
This commit is contained in:
Andrew Calcutt
commit
446038e216
6 changed files with 24 additions and 15 deletions
|
|
@ -157,6 +157,13 @@ Allows the rendering of marker icons fetched via http(s) hyperlinks.
|
||||||
For security reasons only allow this if you can control the origins from where the markers are fetched!
|
For security reasons only allow this if you can control the origins from where the markers are fetched!
|
||||||
Default is to disallow fetching of icons from remote sources.
|
Default is to disallow fetching of icons from remote sources.
|
||||||
|
|
||||||
|
``allowInlineMarkerImages``
|
||||||
|
--------------
|
||||||
|
Allows the rendering of inline marker icons or base64 urls.
|
||||||
|
For security reasons only allow this if you can control the origins from where the markers are fetched!
|
||||||
|
Not used by default.
|
||||||
|
|
||||||
|
|
||||||
``styles``
|
``styles``
|
||||||
==========
|
==========
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ Static images
|
||||||
|
|
||||||
* All the static image endpoints additionally support following query parameters:
|
* All the static image endpoints additionally support following query parameters:
|
||||||
|
|
||||||
* ``path`` - ``((fill|stroke|width)\:[^\|]+\|)*((enc:.+)|((-?\d+\.?\d*,-?\d+\.?\d*\|)+(-?\d+\.?\d*,-?\d+\.?\d*)))``
|
* ``path`` - ``((fill|stroke|width)\:[^\|]+\|)*(enc:.+|-?\d+(\.\d*)?,-?\d+(\.\d*)?(\|-?\d+(\.\d*)?,-?\d+(\.\d*)?)+)``
|
||||||
|
|
||||||
* comma-separated ``lng,lat``, pipe-separated pairs
|
* comma-separated ``lng,lat``, pipe-separated pairs
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@
|
||||||
"chokidar": "3.5.3",
|
"chokidar": "3.5.3",
|
||||||
"clone": "2.1.2",
|
"clone": "2.1.2",
|
||||||
"color": "4.2.3",
|
"color": "4.2.3",
|
||||||
"commander": "11.0.0",
|
"commander": "11.1.0",
|
||||||
"cors": "2.8.5",
|
"cors": "2.8.5",
|
||||||
"express": "4.18.2",
|
"express": "4.18.2",
|
||||||
"handlebars": "4.7.8",
|
"handlebars": "4.7.8",
|
||||||
|
|
@ -38,7 +38,7 @@
|
||||||
"morgan": "1.10.0",
|
"morgan": "1.10.0",
|
||||||
"pbf": "3.2.1",
|
"pbf": "3.2.1",
|
||||||
"pmtiles": "2.11.0",
|
"pmtiles": "2.11.0",
|
||||||
"proj4": "2.9.0",
|
"proj4": "2.9.1",
|
||||||
"request": "2.88.2",
|
"request": "2.88.2",
|
||||||
"sanitize-filename": "1.6.3",
|
"sanitize-filename": "1.6.3",
|
||||||
"sharp": "0.32.6",
|
"sharp": "0.32.6",
|
||||||
|
|
|
||||||
|
|
@ -32,8 +32,8 @@ import {
|
||||||
|
|
||||||
const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
|
const FLOAT_PATTERN = '[+-]?(?:\\d+|\\d+.?\\d+)';
|
||||||
const PATH_PATTERN =
|
const PATH_PATTERN =
|
||||||
/^((fill|stroke|width)\:[^\|]+\|)*((enc:.+)|((-?\d+\.?\d*,-?\d+\.?\d*\|)+(-?\d+\.?\d*,-?\d+\.?\d*)))/;
|
/^((fill|stroke|width)\:[^\|]+\|)*(enc:.+|-?\d+(\.\d*)?,-?\d+(\.\d*)?(\|-?\d+(\.\d*)?,-?\d+(\.\d*)?)+)/;
|
||||||
const httpTester = /^(http(s)?:)?\/\//;
|
const httpTester = /^\/\//;
|
||||||
|
|
||||||
const mercator = new SphericalMercator();
|
const mercator = new SphericalMercator();
|
||||||
const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;
|
const getScale = (scale) => (scale || '@1x').slice(1, 2) | 0;
|
||||||
|
|
@ -168,10 +168,7 @@ const extractPathsFromQuery = (query, transformer) => {
|
||||||
// Iterate through paths, parse and validate them
|
// Iterate through paths, parse and validate them
|
||||||
for (const providedPath of providedPaths) {
|
for (const providedPath of providedPaths) {
|
||||||
// Logic for pushing coords to path when path includes google polyline
|
// Logic for pushing coords to path when path includes google polyline
|
||||||
if (
|
if (providedPath.includes('enc:') && PATH_PATTERN.test(providedPath)) {
|
||||||
providedPath.includes('enc:') &&
|
|
||||||
PATH_PATTERN.test(decodeURIComponent(providedPath))
|
|
||||||
) {
|
|
||||||
// +4 because 'enc:' is 4 characters, everything after 'enc:' is considered to be part of the polyline
|
// +4 because 'enc:' is 4 characters, everything after 'enc:' is considered to be part of the polyline
|
||||||
const encIndex = providedPath.indexOf('enc:') + 4;
|
const encIndex = providedPath.indexOf('enc:') + 4;
|
||||||
const coords = polyline
|
const coords = polyline
|
||||||
|
|
@ -289,7 +286,10 @@ const extractMarkersFromQuery = (query, options, transformer) => {
|
||||||
let iconURI = markerParts[1];
|
let iconURI = markerParts[1];
|
||||||
// Check if icon is served via http otherwise marker icons are expected to
|
// Check if icon is served via http otherwise marker icons are expected to
|
||||||
// be provided as filepaths relative to configured icon path
|
// be provided as filepaths relative to configured icon path
|
||||||
if (!(iconURI.startsWith('http://') || iconURI.startsWith('https://'))) {
|
const isRemoteURL =
|
||||||
|
iconURI.startsWith('http://') || iconURI.startsWith('https://');
|
||||||
|
const isDataURL = iconURI.startsWith('data:');
|
||||||
|
if (!(isRemoteURL || isDataURL)) {
|
||||||
// Sanitize URI with sanitize-filename
|
// Sanitize URI with sanitize-filename
|
||||||
// https://www.npmjs.com/package/sanitize-filename#details
|
// https://www.npmjs.com/package/sanitize-filename#details
|
||||||
iconURI = sanitize(iconURI);
|
iconURI = sanitize(iconURI);
|
||||||
|
|
@ -302,7 +302,9 @@ const extractMarkersFromQuery = (query, options, transformer) => {
|
||||||
iconURI = path.resolve(options.paths.icons, iconURI);
|
iconURI = path.resolve(options.paths.icons, iconURI);
|
||||||
|
|
||||||
// When we encounter a remote icon check if the configuration explicitly allows them.
|
// When we encounter a remote icon check if the configuration explicitly allows them.
|
||||||
} else if (options.allowRemoteMarkerIcons !== true) {
|
} else if (isRemoteURL && options.allowRemoteMarkerIcons !== true) {
|
||||||
|
continue;
|
||||||
|
} else if (isDataURL && options.allowInlineMarkerImages !== true) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -437,7 +439,7 @@ const drawMarkers = async (ctx, markers, z) => {
|
||||||
* @param {number} z Map zoom level.
|
* @param {number} z Map zoom level.
|
||||||
*/
|
*/
|
||||||
const drawPath = (ctx, path, query, pathQuery, z) => {
|
const drawPath = (ctx, path, query, pathQuery, z) => {
|
||||||
const splitPaths = decodeURIComponent(pathQuery).split('|');
|
const splitPaths = pathQuery.split('|');
|
||||||
|
|
||||||
if (!path || path.length < 2) {
|
if (!path || path.length < 2) {
|
||||||
return null;
|
return null;
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ import { validate } from '@maplibre/maplibre-gl-style-spec';
|
||||||
|
|
||||||
import { getPublicUrl } from './utils.js';
|
import { getPublicUrl } from './utils.js';
|
||||||
|
|
||||||
const httpTester = /^(http(s)?:)?\/\//;
|
const httpTester = /^\/\//;
|
||||||
|
|
||||||
const fixUrl = (req, url, publicUrl, opt_nokey) => {
|
const fixUrl = (req, url, publicUrl, opt_nokey) => {
|
||||||
if (!url || typeof url !== 'string' || url.indexOf('local://') !== 0) {
|
if (!url || typeof url !== 'string' || url.indexOf('local://') !== 0) {
|
||||||
|
|
|
||||||
|
|
@ -180,7 +180,7 @@ describe('Static endpoints', function () {
|
||||||
200,
|
200,
|
||||||
2,
|
2,
|
||||||
/image\/png/,
|
/image\/png/,
|
||||||
'?path=' + decodeURIComponent('enc:{{biGwvyGoUi@s_A|{@'),
|
'?path=' + encodeURIComponent('enc:{{biGwvyGoUi@s_A|{@'),
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue