Handle trailing slashes in static dirs. Fixes #196. Fixes #198.

jester.nim

@@ -174,7 +174,11 @@ proc sendStaticIfExists(
         return Http403
 
       let fileSize = getFileSize(p)
-      let mimetype = req.settings.mimes.getMimetype(p.splitFile.ext[1 .. ^1])
+      let ext = p.splitFile.ext
+      let mimetype = req.settings.mimes.getMimetype(
+        if ext.len > 0: ext[1 .. ^1]
+        else: ""
+      )
       if fileSize < 10_000_000: # 10 mb
         var file = readFile(p)
 
@@ -295,9 +299,11 @@ proc handleFileRequest(
     jes.settings.staticDir / cgi.decodeUrl(req.pathInfo)
   )
 
-  # Verify that this isn't outside our static` dir.
+  # Verify that this isn't outside our static dir.
   var status = Http400
-  if path.splitFile.dir.startsWith(jes.settings.staticDir):
+  let pathDir = path.splitFile.dir / ""
+  let staticDir = jes.settings.staticDir / ""
+  if pathDir.startsWith(staticDir):
     if existsDir(path):
       status = await sendStaticIfExists(
         req,

jester.nimble

@@ -16,7 +16,7 @@ when not defined(windows):
   requires "httpbeast >= 0.2.0"
 
 # For tests
-requires "asynctools"
+requires "https://github.com/timotheecour/asynctools#pr_fix_compilation"
 
 task test, "Runs the test suite.":
   exec "nimble c -y -r tests/tester"

tests/tester.nim

@@ -137,6 +137,8 @@ proc allTest(useStdLib: bool) =
       check resp.code == Http400
       let resp2 = waitFor client.get(address & "/foo/root/..%2f../tester.nim")
       check resp2.code == Http400
+      let resp3 = waitFor client.get(address & "/foo/../public2/should_be_inaccessible")
+      check resp3.code == Http400
 
   suite "extends":
     test "simple":