限制对 ExpressJS 中静态文件的访问
我有一个服务器,它通过中间件路由几乎所有内容,以检查您是否已登录,但这仅适用于路由。我还希望它能够处理 public
目录中的静态文件。我该怎么做呢?
更新:最好不要担心保护/public
文件夹中的内容,因为express提供了res.download(...)
功能。 Express.JS GitHub 页面上的示例
I have a server that routes pretty much everything through middleware to check to see if you're logged in, but that only works for routes. I would also like it to work with static files in the public
directory. How would I go about doing that?
update: it's better to not worry about protecting what's in the /public
folder because express offers a res.download(...)
feature. Example on the Express.JS GitHub page
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为了澄清静态文件也是使用
express.static
中间件的 Express 服务器。理论上,您可以在其之前包含中间件来处理安全性。除此之外,静态中间件的想法是,您只能使文件夹public
自其 public 起静态可用。您可以在此处找到定义的 static 。您可以重写它以允许将中间件注入其中。
或者您可以自己编写一个简单的静态文件路由器。
您是否尝试过在静态中间件之前将自己的安全日志注入中间件中。
To clarify static files are also server by express using the
express.static
middleware. In theory you can include middleware before it to handle the security. Besides the idea of the static middleware is that you only make the folderpublic
statically available since its public.You can find static defined here. You can either rewrite it to allow you to inject middleware into it.
Or you can just write a naive static file router yourself.
Have you tried injecting your own security log in middleware before your static middleware.