So my question is about the URL as filesystem against the new web approach of NODEJS+EXPRESS and REACT.
lets assume that we have in the root directory '/' the following files:
root '/' directory:
index.html
image_super.jpg
images_secret '/images_secret' directory:
image1.png
image2.png
image3.png
image4.png
so we can approach to the files in the filesystem in the following way:
www.localhost:3000/index.html -> will get us the the index.html html form (as plaint text)
www.localhost:3000/image_super.jpg -> will get us the image_super.jpg in the root directory
www.localhost:3000/images_secret/image3.png -> will get us the image3.png inside the directory images_secret
and so on...
what i'm trying to point that it's acting just like a file system! we're sending an HTTP 1.1 '/' GET request or HTTP 1.1 '/index.html' GET or HTTP 1.1 '/images_secret/image3.png' GET and it will get us the content right out our server file system.
just to mention - due to this filesystem URL we have LFI vulnerability that includes path traversal (that we can /../ go back and get out from the root directory)
and my confusion is:
in NODEJS+EXPRESS we have middleware that treats our URL request not as filesystem we're treating our URL requests as Route middleware - for example we want to get /users for the URL it will use the Route middleware such as app.route('/users', getUsers) or somthing.
so my question is:
why when we're using NODEJS+EXPRESS it's not acting just like a filesystem? how does it possible that we use the URL as filesystem in one hand, and make it in the other hand a virtual URL that is not getting reall files?
same for react, i know that react is rendering the DOM objects in one HTML file SPA, but the URL is "virtual" there too.
Thanks!
URL to be one thing and not 2 different things, filesystem and as virtual abstract requests...
