From c9c27b86c4d4e41a7fd2543a98db187f0cc38b6d Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Tue, 25 Jul 2017 13:50:37 -0400
Subject: [PATCH] added back logic to strip leading slashes, but after the fix
 to app.all

---
 src/middleware/index.js |  9 +++++++++
 src/routes/index.js     | 12 +++++-------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/middleware/index.js b/src/middleware/index.js
index 2b39184b86..8b84fbae1b 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -34,6 +34,15 @@ require('./maintenance')(middleware);
 require('./user')(middleware);
 require('./headers')(middleware);
 
+middleware.stripLeadingSlashes = function (req, res, next) {
+	var target = req.originalUrl.replace(nconf.get('relative_path'), '');
+	if (target.startsWith('//')) {
+		res.redirect(nconf.get('relative_path') + target.replace(/^\/+/, '/'));
+	} else {
+		next();
+	}
+};
+
 middleware.pageView = function (req, res, next) {
 	analytics.pageView({
 		ip: req.ip,
diff --git a/src/routes/index.js b/src/routes/index.js
index f88ccb0f27..5139dda53f 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -113,13 +113,11 @@ module.exports = function (app, middleware, hotswapIds, callback) {
 	pluginRouter.hotswapId = 'plugins';
 	authRouter.hotswapId = 'auth';
 
-	app.all(relativePath + '(/api|/api/*?)', middleware.prepareAPI);
+	app.all(relativePath + '(/+api|/+api/*?)', middleware.prepareAPI);
+	app.all(relativePath + '(/+api/admin|/+api/admin/*?)', middleware.isAdmin);
+	app.all(relativePath + '(/+admin|/+admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin);
 
-	app.all(relativePath + '(/api/admin|/api/admin/*?)', middleware.isAdmin);
-	app.all(relativePath + '(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin);
-
-	// router.all('(/api/admin|/api/admin/*?)', middleware.isAdmin);
-	// router.all('(/admin|/admin/*?)', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin);
+	app.use(middleware.stripLeadingSlashes);
 
 	adminRoutes(router, middleware, controllers);
 	metaRoutes(router, middleware, controllers);
@@ -138,7 +136,7 @@ module.exports = function (app, middleware, hotswapIds, callback) {
 	groupRoutes(router, middleware, controllers);
 
 	for (x = 0; x < routers.length; x += 1) {
-		app.use(relativePath ? relativePath : '/', routers[x]);
+		app.use(relativePath || '/', routers[x]);
 	}
 
 	if (process.env.NODE_ENV === 'development') {