Reputation: 53
Restricting route to static files in Express and Nodejs
I am currently trying to restrict the routes to users who haven't been logged. My main issue is that even if I define a page with a get method such as:
app.get('/alpha/information', isLoggedIn,
function(req, res){
res.sendFile(path.join(__dirname + '/alpha/pages/Example.html'));
});
The user can sill just edit the url to: http://localhost:3000/alpha/pages/Example.html and access the page. Now I have read several similar questions on SO but I cannot find the answer. Some of which I was inspired were: Q1,Q2, Q3. Nonetheless I was unable to find a solution to my issue.
My current file structure is: FileStructureLink
I am trying to restrict access to Example.html, ExampleTwo.html and blabla.html
I am using this code to set up the requests but I guess they might not be right:
app.use(express.static(path.join(__dirname, 'Alpha')));
app.use(express.static(path.join(__dirname, '/')));
app.use('/', express.static(__dirname + '/login.html'));
This app.use('/', express.static(__dirname + '/login.html')); specifically is used to make the default localhost:3000/ load as localhost:3000/login
How can I restrict access to all the static html files without having to write a route for each of them?
middleware function:
function isLoggedIn(req, res, next) {
console.log('here is Authenticated', req.isAuthenticated())
if (req.isAuthenticated()){
return next();
}
res.redirect('/login');
}
Upvotes: 5
Views: 6557
Answers (3)
Reputation: 19581
You can restrict your express static middleware, by attaching another middleware to it.
var express = require("express");
var path = require( "path" );
var app = express();
function isLoggedIn( req, res, next ) {
console.log("trying restricted file");
next();
}
app.use( '/Alpha', isLoggedIn, express.static( path.join( __dirname, 'Alpha' ) ) );
app.use( express.static( path.join( __dirname, 'anonymous' ) ) );
app.listen( 3000 );
By doing this every time you call localhost:3000/restricted/* will via isLoggedIn function.
EDIT: Code modified, according to your file structure.
Upvotes: 11
Reputation: 8325
Here is the concept how to do it:
var express = require('express'),
path = require('path');
app = express();
app.use(function(req, res, next) {
// Use your req.isAuthenticated logic here, that's all
console.log('I am called before static middleware.');
return next();
});
app.use(express.static( path.join(__dirname, 'public')));
app.use(function(req, res, next) {
console.log('I am called after static middleware.');
return next();
});
app.get('/', showClientRequest, function(req, res) {
res.send('Hi! I am direct message from server :)');
});
function showClientRequest(req, res, next) {
console.log('You can do something here too...');
return next();
}
app.listen(3000);
For complete repo:
Clone node-cheat express_server_restrict_static_files, run node app followed by npm install express.
Happy Helping!
Upvotes: 1
Reputation: 414
You are making the complete Alpha dir a public directory, thus everything is accessible. This technique is normally used to serve js/css/images.
You could make use of variable route to get the html file:
url: localhost:3000/alpha/Example
app.get('/alpha/:name', function(req, res) {
var page = req.params.name;
res.sendFile(path.join(__dirname + '/alpha/pages/' + page + '.html'));
})
Watch for capitalisation
Upvotes: 0
Related Questions
- How to serve static files in ExpressJS on some paths and not others
- How to set dynamic route for static files in express
- Serve Static Files on a Dynamic Route using Express
- How to serve static files to different routes in Express?
- Express: Serving static files for defined routes
- Different Path for Serving Static HTML files in Express
- Express serving static files and routing
- How do I restrict the user from accessing the static html files in a ExpressJS/NodeJS?
- NodeJS+Express: serving static files for diffrerent URLs
- Restricting access to static files in ExpressJS