限制对 ExpressJS 中静态文件的访问

发布于 2024-11-02 04:47:05 字数 332 浏览 1 评论 0原文

我有一个服务器,它通过中间件路由几乎所有内容,以检查您是否已登录,但这仅适用于路由。我还希望它能够处理 public 目录中的静态文件。我该怎么做呢?

更新:最好不要担心保护/public文件夹中的内容,因为express提供了res.download(...)功能。 Express.JS GitHub 页面上的示例

I have a server that routes pretty much everything through middleware to check to see if you're logged in, but that only works for routes. I would also like it to work with static files in the public directory. How would I go about doing that?

update: it's better to not worry about protecting what's in the /public folder because express offers a res.download(...) feature. Example on the Express.JS GitHub page

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

何处潇湘 2024-11-09 04:47:05

为了澄清静态文件也是使用 express.static 中间件的 Express 服务器。理论上,您可以在其之前包含中间件来处理安全性。除此之外,静态中间件的想法是,您只能使文件夹 public 自其 public 起静态可用。

您可以在此处找到定义的 static 。您可以重写它以允许将中间件注入其中。

或者您可以自己编写一个简单的静态文件路由器。

您是否尝试过在静态中间件之前将自己的安全日志注入中间件中。

app.use(security);
app.use(express.static(dirname + '/public'));

To clarify static files are also server by express using the express.static middleware. In theory you can include middleware before it to handle the security. Besides the idea of the static middleware is that you only make the folder public statically available since its public.

You can find static defined here. You can either rewrite it to allow you to inject middleware into it.

Or you can just write a naive static file router yourself.

Have you tried injecting your own security log in middleware before your static middleware.

app.use(security);
app.use(express.static(dirname + '/public'));
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文