Class: ElderDocs::Engine::DocsController

Inherits:
ActionController::API
  • Object
show all
Includes:
ActionController::MimeResponds
Defined in:
lib/elder_docs/engine.rb

Overview

Create a simple controller to serve the static files Use API base to avoid CSRF protection

Instance Method Summary collapse

Instance Method Details

#showObject 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/elder_docs/engine.rb', line 48

def show
  viewer_path = resolve_viewer_path
  requested_path = params[:path]
  requested_path = requested_path.present? ? requested_path : 'index'
  requested_path = [requested_path, params[:format]].compact.join('.')
  requested_path = 'index.html' if requested_path == 'index'
  file_path = viewer_path.join(requested_path)
  
  # Security check: ensure file is within viewer directory
  if file_path.exist? && file_path.to_s.start_with?(viewer_path.to_s)
    send_file file_path, disposition: 'inline', type: mime_type_for(file_path)
  else
    # Fallback to index.html for SPA routing (but not for data.js or assets)
    if requested_path.end_with?('.js') || requested_path.end_with?('.css') || requested_path.end_with?('.json')
      head :not_found
    else
      send_file viewer_path.join('index.html'), disposition: 'inline', type: 'text/html'
    end
  end
end