From 4a183bb1d232f94d32ca1e7e9f06e566dca506fa Mon Sep 17 00:00:00 2001
From: flakey5 <73616808+flakey5@users.noreply.github.com>
Date: Sun, 12 Nov 2023 12:32:18 -0800
Subject: [PATCH] fix: return a 400 for malformed URIs

See https://nodejs-org.sentry.io/issues/4622681006/events/3a4e26a6669c46ffb84f20369e90ac8c/
---
 src/handlers/get.ts | 12 +++++++++++-
 src/util.ts         |  1 +
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/handlers/get.ts b/src/handlers/get.ts
index 9f20a4b..bfcc5c0 100644
--- a/src/handlers/get.ts
+++ b/src/handlers/get.ts
@@ -32,7 +32,17 @@ const getHandler: Handler = async (request, env, ctx, cache) => {
     return responses.BAD_REQUEST;
   }
 
-  const bucketPath = mapUrlPathToBucketPath(requestUrl, env);
+  let bucketPath: string | undefined;
+  try {
+    bucketPath = mapUrlPathToBucketPath(requestUrl, env);
+  } catch (e) {
+    // decodeURIComponent throws a URIError for malformed URIs
+    if (e instanceof URIError) {
+      return responses.BAD_REQUEST;
+    }
+
+    throw e;
+  }
 
   if (typeof bucketPath === 'undefined') {
     // Directory listing is restricted and we're not on
diff --git a/src/util.ts b/src/util.ts
index fed2322..639433c 100644
--- a/src/util.ts
+++ b/src/util.ts
@@ -45,6 +45,7 @@ export function parseUrl(request: Request): URL | undefined {
  * @param env Worker env
  * @returns Mapped path if the resource is accessible, undefined
  *  if the eyeball should not be trying to access the resource
+ * @throws if decodeURIComponet throws a {@link URIError}
  */
 export function mapUrlPathToBucketPath(
   url: URL,