#!/bin/sh

FILE_DIR="/var/nex"
INDEX_FILE="index"

read -r REQUEST

# Remove carriage returns and leading/trailing whitespace
REQUEST=$(echo "$REQUEST" | tr -d '\r' | tr -d ' ')

# Extract filename. Handle cases with and without leading slash.
if [ "${REQUEST#/}" != "$REQUEST" ]; then
  REQUESTED_FILE="${REQUEST#/}"
else
  REQUESTED_FILE="$REQUEST"
fi

# Sanitize filename
REQUESTED_FILE=$(echo "$REQUESTED_FILE" | sed 's/[^a-zA-Z0-9._-]//g')

if [ -z "$REQUESTED_FILE" ]; then
  FILE_TO_SERVE="$FILE_DIR/$INDEX_FILE"
else
  FILE_TO_SERVE="$FILE_DIR/$REQUESTED_FILE"
fi

# Explicitly check file existence and readability
if [ -f "$FILE_TO_SERVE" ] && [ -r "$FILE_TO_SERVE" ]; then
    # Use cat with full path to avoid shell interpretation
    /bin/cat "$FILE_TO_SERVE"
else
    exit 1
fi