From 74551991772d40be65ab740719c4f9f640bb02a7 Mon Sep 17 00:00:00 2001
From: Adrian Victor <adrianvictor@disroot.com>
Date: Sat, 16 Nov 2024 15:32:56 -0300
Subject: [PATCH 1/9] Added port option in config.json

---
 .gitignore   | 5 ++++-
 package.json | 2 +-
 zephyrus.ts  | 7 ++++---
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 91eeade..8a58cfa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,7 @@ package-lock.json
 certificate.crt
 private.key
 main.js
-dist
\ No newline at end of file
+dist
+config.json
+www
+custom.css
\ No newline at end of file
diff --git a/package.json b/package.json
index efee649..c585d6f 100644
--- a/package.json
+++ b/package.json
@@ -5,7 +5,7 @@
   "version": "1.0.0",
   "private": false,
   "scripts": {
-    "start": "ts-node main.ts",
+    "start": "ts-node zephyrus.ts",
     "build" : "npx tsc"
   },
   "devDependencies": {
diff --git a/zephyrus.ts b/zephyrus.ts
index 0553555..dade837 100644
--- a/zephyrus.ts
+++ b/zephyrus.ts
@@ -24,7 +24,8 @@ function requestHandler(request: IncomingMessage, response: ServerResponse) {
     const path_ = decodeURI(parsed.pathname || '/');
     const serversidePath = path.join(config.serverRoot + path_);
     const defaultPagePath = path.join(config.serverRoot + config.defaultPage);
-    const finalPath = config.useDefaultPage && request.url == '/' ? path.normalize(defaultPagePath) : serversidePath;
+    const finalPath = (config.useDefaultPage && request.url == '/') ? path.normalize(defaultPagePath) : serversidePath;
+    // console.log(finalPath)
 
     function showError(code: number, log: boolean = config.logErrors, info: string = 'no more information about the error was provided.') {
         if (log) {
@@ -125,6 +126,6 @@ function requestHandler(request: IncomingMessage, response: ServerResponse) {
         })
 }
 
-server.listen(3000, () => {
-    console.log("Started at https://localhost:3000")
+server.listen(config.port, () => {
+    console.log(`Started at http${config.useHTTPS ? 's' : ''}://localhost:${config.port}`)
 })
\ No newline at end of file

From 0dad0cce04ee00f8816f60d07c95bade397cc94e Mon Sep 17 00:00:00 2001
From: Adrian Victor <adrianvictor@disroot.com>
Date: Sat, 16 Nov 2024 21:22:51 -0300
Subject: [PATCH 2/9] Sanitized paths

---
 zephyrus.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/zephyrus.ts b/zephyrus.ts
index dade837..5077054 100644
--- a/zephyrus.ts
+++ b/zephyrus.ts
@@ -22,8 +22,8 @@ if(config.useHTTPS) {
 function requestHandler(request: IncomingMessage, response: ServerResponse) {
     const parsed = url.parse(request.url || '/', true);
     const path_ = decodeURI(parsed.pathname || '/');
-    const serversidePath = path.join(config.serverRoot + path_);
-    const defaultPagePath = path.join(config.serverRoot + config.defaultPage);
+    const serversidePath = path.resolve(config.serverRoot + path_);
+    const defaultPagePath = path.resolve(config.serverRoot + config.defaultPage);
     const finalPath = (config.useDefaultPage && request.url == '/') ? path.normalize(defaultPagePath) : serversidePath;
     // console.log(finalPath)
 
@@ -71,7 +71,7 @@ function requestHandler(request: IncomingMessage, response: ServerResponse) {
         }
 
     // console.log(`Requested ${path_}, accessing ${config.useDefaultPage && request.url == '/' ? defaultPagePath : serversidePath}`)
-        if (!finalPath.startsWith(path.normalize(config.serverRoot))) {
+        if (!finalPath.startsWith(path.resolve(config.serverRoot))) {
             showError(403, undefined, `someone is trying to access files (${finalPath}) outside server root (${config.serverRoot})`)
             return;
         }

From ac7c2104b489dd0312969ec95ad4e7b5e115f174 Mon Sep 17 00:00:00 2001
From: Adrian Victor <adrianvictor@disroot.com>
Date: Sat, 16 Nov 2024 21:25:19 -0300
Subject: [PATCH 3/9] Changed version code.

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index c585d6f..da90783 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "name": "zephyrus-webserver",
   "description": "A simple webserver that supports directory listing.",
   "author": "Adrian Victor de Abreu Alves <adrianvictor@disroot.org>",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "private": false,
   "scripts": {
     "start": "ts-node zephyrus.ts",

From e9805e4526a65a335ae3b18ee179476f27b0ae80 Mon Sep 17 00:00:00 2001
From: adrianvictor <adrianvictor@disroot.org>
Date: Sun, 17 Nov 2024 01:57:47 +0100
Subject: [PATCH 4/9] Added readme.md

---
 README.MD | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 README.MD

diff --git a/README.MD b/README.MD
new file mode 100644
index 0000000..78d60a4
--- /dev/null
+++ b/README.MD
@@ -0,0 +1,11 @@
+# Zephyrus
+Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look on our [wiki](https://git.disroot.org/adrianvictor/zephyrus/wiki) for setup instructions.
+
+## Main features
+- HTTPS support.
+- Directory listing with custom CSS (with a trick you should also be able to use custom JS).
+- Default page when accessing root.
+- Automatic MIME type detection.
+
+## Disclaimer
+This is maintained by a computing student (and as the year I'm writing this, I'm in my first year), I have no knowledge to provide something secure, I will work to improve my skills, but there's no guarantee I'll won't let something obvious pass. DO NOT RUN ZEPHYRUS AS ROOT.
\ No newline at end of file

From 4baefd6662fa812174add9bd55a05508ad56138f Mon Sep 17 00:00:00 2001
From: adrianvictor <adrianvictor@disroot.org>
Date: Sun, 17 Nov 2024 02:00:55 +0100
Subject: [PATCH 5/9] Added screenshot to readme.md

---
 README.MD | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.MD b/README.MD
index 78d60a4..8918c44 100644
--- a/README.MD
+++ b/README.MD
@@ -1,5 +1,6 @@
 # Zephyrus
 Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look on our [wiki](https://git.disroot.org/adrianvictor/zephyrus/wiki) for setup instructions.
+![Zephyru's default page](https://git.disroot.org/adrianvictor/zephyrus/wiki)
 
 ## Main features
 - HTTPS support.

From 75e2e9faa964119aafa51d939d761a9a8c3aeda8 Mon Sep 17 00:00:00 2001
From: adrianvictor <adrianvictor@disroot.org>
Date: Sun, 17 Nov 2024 02:02:24 +0100
Subject: [PATCH 6/9] Update README.MD

---
 README.MD | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.MD b/README.MD
index 8918c44..7c72c3c 100644
--- a/README.MD
+++ b/README.MD
@@ -1,5 +1,6 @@
 # Zephyrus
 Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look on our [wiki](https://git.disroot.org/adrianvictor/zephyrus/wiki) for setup instructions.
+
 ![Zephyru's default page](https://git.disroot.org/adrianvictor/zephyrus/wiki)
 
 ## Main features

From 71521ca67f2c1d845456f3841ab3f27b85fa092e Mon Sep 17 00:00:00 2001
From: adrianvictor <adrianvictor@disroot.org>
Date: Sun, 17 Nov 2024 02:03:02 +0100
Subject: [PATCH 7/9] Update README.MD

---
 README.MD | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.MD b/README.MD
index 7c72c3c..d78b2df 100644
--- a/README.MD
+++ b/README.MD
@@ -1,7 +1,7 @@
 # Zephyrus
 Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look on our [wiki](https://git.disroot.org/adrianvictor/zephyrus/wiki) for setup instructions.
 
-![Zephyru's default page](https://git.disroot.org/adrianvictor/zephyrus/wiki)
+![Zephyru's default page](https://i.postimg.cc/KjxgGBHM/zephyrus.png)
 
 ## Main features
 - HTTPS support.

From 202e591f352029366fb49a1c92ca0d286f1f4868 Mon Sep 17 00:00:00 2001
From: adrianvictor <adrianvictor@disroot.org>
Date: Sun, 17 Nov 2024 02:07:41 +0100
Subject: [PATCH 8/9] Update README.MD

---
 README.MD | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.MD b/README.MD
index d78b2df..c265e0f 100644
--- a/README.MD
+++ b/README.MD
@@ -3,6 +3,8 @@ Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look
 
 ![Zephyru's default page](https://i.postimg.cc/KjxgGBHM/zephyrus.png)
 
+(Yes, the default page is a carbon copy of [my website](https://adrianvictor.rf.gd))
+
 ## Main features
 - HTTPS support.
 - Directory listing with custom CSS (with a trick you should also be able to use custom JS).
@@ -10,4 +12,4 @@ Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look
 - Automatic MIME type detection.
 
 ## Disclaimer
-This is maintained by a computing student (and as the year I'm writing this, I'm in my first year), I have no knowledge to provide something secure, I will work to improve my skills, but there's no guarantee I'll won't let something obvious pass. DO NOT RUN ZEPHYRUS AS ROOT.
\ No newline at end of file
+This is maintained by a computing student (and as the year I'm writing this, I'm in my first year), I have no knowledge to provide something secure, I will work to improve my skills, but there's no guarantee I'll won't let something obvious pass. DO NOT RUN ZEPHYRUS AS ROOT (Yes, you may see some screenshot of me running it as root, but it's running behind my firewall for test purposes because I'm lazy enough to not allow it to use ports below the normally allowed).
\ No newline at end of file

From 2a9e8ad7ba1fc26c693c382ee0c1c73f9e269392 Mon Sep 17 00:00:00 2001
From: Tenkuma <85490958+adrianvic@users.noreply.github.com>
Date: Wed, 10 Dec 2025 01:52:57 -0300
Subject: [PATCH 9/9] Update README.MD

---
 README.MD | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/README.MD b/README.MD
index c265e0f..63c4e9f 100644
--- a/README.MD
+++ b/README.MD
@@ -1,10 +1,6 @@
 # Zephyrus
 Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look on our [wiki](https://git.disroot.org/adrianvictor/zephyrus/wiki) for setup instructions.
 
-![Zephyru's default page](https://i.postimg.cc/KjxgGBHM/zephyrus.png)
-
-(Yes, the default page is a carbon copy of [my website](https://adrianvictor.rf.gd))
-
 ## Main features
 - HTTPS support.
 - Directory listing with custom CSS (with a trick you should also be able to use custom JS).
@@ -12,4 +8,4 @@ Zephyrus is a *VERY* simple HTTP(S) webserver written in TypeScript. Take a look
 - Automatic MIME type detection.
 
 ## Disclaimer
-This is maintained by a computing student (and as the year I'm writing this, I'm in my first year), I have no knowledge to provide something secure, I will work to improve my skills, but there's no guarantee I'll won't let something obvious pass. DO NOT RUN ZEPHYRUS AS ROOT (Yes, you may see some screenshot of me running it as root, but it's running behind my firewall for test purposes because I'm lazy enough to not allow it to use ports below the normally allowed).
\ No newline at end of file
+This project was made just to test my skills, there is no need to use it instead of a well-known more robust server software.