#!/usr/bin/lua5.4

local base = "/var/nex"

local function sanitize(req)
  req = req:gsub("[\r\n/]+$", "")
  if req:find("%.%.") then
    io.stderr:write("Blocked path traversal: " .. req .. "\n")
    os.exit(1)
  end
  return req == "" and "index" or req
end

local function is_dir(path)
  local f = io.open(path, "r")
  if not f then return false end
  local ok = f:seek("end")
  f:close()
  return ok == nil
end

local req = io.read("*l") or ""
req = sanitize(req)
local path = base .. "/" .. req

if not path:find(base, 1, true) then
  io.stderr:write("Blocked unsafe path: " .. path .. "\n")
  os.exit(1)
end

if is_dir(path) then path = path .. "/index" end

local f = io.open(path, "r")
if f then
  local content = f:read("*a")
  f:close()
  if content then io.write(content) else os.exit(1) end
else
  os.exit(1)
end