when .hidden option is set, also check hidden directories

closes #17

Author: laravelcms-zz

index.js

@@ -58,7 +58,7 @@ function send(ctx, path, opts) {
     path = resolvePath(root, path);
 
     // hidden file support, ignore
-    if (!hidden && leadingDot(path)) return;
+    if (!hidden && isHidden(root, path)) return;
 
     // serve gzipped file when possible
     if (encoding === 'gzip' && gzip && (yield fs.exists(path + '.gz'))) {
@@ -93,8 +93,12 @@ function send(ctx, path, opts) {
  * Check if it's hidden.
  */
 
-function leadingDot(path) {
-  return '.' == basename(path)[0];
+function isHidden(root, path) {
+  path = path.substr(root.length).split('/');
+  for(var i = 0; i < path.length; i++) {
+    if(path[i][0] === '.') return true;
+  }
+  return false;
 }
 
 /**

test/fixtures/.hidden

@@ -0,0 +1 @@
+You should never get here

test/fixtures/.private/id_rsa.txt

@@ -0,0 +1 @@
+You should never get here

test/index.js

@@ -311,6 +311,49 @@ describe('send(ctx, file)', function(){
       })
     })
   })
+  describe('.hidden option', function() {
+    describe('when trying to get a hidden file', function(){
+      it('should 404', function(done){
+        var app = koa();
+
+        app.use(function *(){
+          yield send(this, 'test/fixtures/.hidden');
+        });
+
+        request(app.listen())
+        .get('/')
+        .expect(404, done);
+      })
+    })
+
+    describe('when trying to get a file from a hidden directory', function(){
+      it('should 404', function(done){
+        var app = koa();
+
+        app.use(function *(){
+          yield send(this, 'test/fixtures/.private/id_rsa.txt');
+        });
+
+        request(app.listen())
+        .get('/')
+        .expect(404, done);
+      })
+    })
+
+    describe('when trying to get a hidden file and .hidden check is turned off', function(){
+      it('should 200', function(done){
+        var app = koa();
+
+        app.use(function *(){
+          yield send(this, 'test/fixtures/.hidden', {hidden: true});
+        });
+
+        request(app.listen())
+        .get('/')
+        .expect(200, done);
+      })
+    })
+  });
 
   it('should set the Content-Type', function(done){
     var app = koa();