From 6258968d660e230425c3075ffa93f358075f0d48 Mon Sep 17 00:00:00 2001
From: Thaddee Tyl <thaddee.tyl@gmail.com>
Date: Sun, 5 Feb 2017 13:40:06 +0100
Subject: [PATCH] Restrain public files to the public/ folder

As raised by Adriaan (@agboom), the .github-user-tokens.json file was
incorrectly exposed, causing the risk of users' GitHub tokens to be used
by other entities for the purpose of increasing their rate limits by
pretending to be shields.io.
---
 README.md                   | 2 +-
 404.html => public/404.html | 0
 public/favicon.png          | 1 +
 public/index.html           | 1 +
 logo.svg => public/logo.svg | 0
 public/try.html             | 1 +
 server.js                   | 3 ++-
 7 files changed, 6 insertions(+), 2 deletions(-)
 rename 404.html => public/404.html (100%)
 create mode 120000 public/favicon.png
 create mode 120000 public/index.html
 rename logo.svg => public/logo.svg (100%)
 create mode 120000 public/try.html

diff --git a/README.md b/README.md
index 58bb31c73bc7c..55e5928e4d14f 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 <p align="center">
-    <img src="https://rawgit.com/badges/shields/master/logo.svg"
+    <img src="https://rawgit.com/badges/shields/master/public/logo.svg"
          height="130">
 </p>
 <p align="center">
diff --git a/404.html b/public/404.html
similarity index 100%
rename from 404.html
rename to public/404.html
diff --git a/public/favicon.png b/public/favicon.png
new file mode 120000
index 0000000000000..4a40dca5ae66f
--- /dev/null
+++ b/public/favicon.png
@@ -0,0 +1 @@
+../favicon.png
\ No newline at end of file
diff --git a/public/index.html b/public/index.html
new file mode 120000
index 0000000000000..79c5d6f02c996
--- /dev/null
+++ b/public/index.html
@@ -0,0 +1 @@
+../index.html
\ No newline at end of file
diff --git a/logo.svg b/public/logo.svg
similarity index 100%
rename from logo.svg
rename to public/logo.svg
diff --git a/public/try.html b/public/try.html
new file mode 120000
index 0000000000000..96b665b07f376
--- /dev/null
+++ b/public/try.html
@@ -0,0 +1 @@
+../try.html
\ No newline at end of file
diff --git a/server.js b/server.js
index 6d8359bcc0716..3607d9db80efd 100644
--- a/server.js
+++ b/server.js
@@ -3,9 +3,10 @@ var serverPort = +process.env.PORT || +process.argv[2] || (secureServer? 443: 80
 var bindAddress = process.env.BIND_ADDRESS || process.argv[3] || '::';
 var infoSite = process.env.INFOSITE || "http://shields.io";
 var githubApiUrl = process.env.GITHUB_URL || 'https://api.github.com';
+var path = require('path');
 var Camp = require('camp');
 var camp = Camp.start({
-  documentRoot: __dirname,
+  documentRoot: path.join(__dirname, 'public'),
   port: serverPort,
   hostname: bindAddress,
   secure: secureServer