如何验证对sails.js中的Assets文件夹的访问 [英] How do I authenticate access to assets folder in sails.js

问题描述

我已经在使用护照对用户进行身份验证.我将kibana 3添加到资产文件夹，并希望用户仅在经过身份验证后才能访问它.我该怎么做?

I am already using passport to authenticate users. I added kibana 3 to the assets folder and want users to access it only if they are authenticated. how do i do this ?

推荐答案

资产文件夹用于存放图像和Java脚本等公开可用的文件.如果要保护这些文件，则可以覆盖Sails中的默认www中间件，这将激活Express静态处理程序为这些文件提供服务(请参阅

The assets folder is intended for publicly-available files, like your images and Javascripts. If you want to protect those files, you can either override the default www middleware in Sails, which activates the Express static handler to servet those files (see details on overriding default middleware in this answer), or save the files you want to protect in a different location and use a controller action to serve them (probably the more reasonable option).

因此，您可以将文件保存在 protected_files 中，然后将这样的路由添加到 config/routes.js :

So, you could save the files in protected_files, and add a route like this to config/routes.js:

'/protected/:file': 'ProtectedFileController.download'

然后在 controllers/ProtectedFileController 中:

var fs = require('fs');
var path = require('path');
module.exports = {
    download: function(req, res) {

        // Get the URL of the file to download
        var file = req.param('file');

        // Get the file path of the file on disk
        var filePath = path.resolve(sails.config.appPath, "protected_files", file);

        // Should check that it exists here, but for demo purposes, assume it does
        // and just pipe a read stream to the response.
        fs.createReadStream(filePath).pipe(res);

    }


};

然后使用与其他需要身份验证的区域相同的策略来保护该控制器/操作.

Then protect that controller / action using a policy like you would with any other area that needs authentication.

这篇关于如何验证对sails.js中的Assets文件夹的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！