如何保护nodejs中的公共动态文件夹 [英] how to protect a public dynamic folder in nodejs
问题描述
我在公开/图片/ picture.jpg中用翡翠显示图片,但是我想保护一些图片或限制公开文件夹的访问权限。
i show pictures with jade in public/images/picture.jpg but i want to protect some pictures or restrict the access to the public folder how do that??
project
node_modules
public
images
image.jpg
javascripts
stylesheets
protected_folder*
image_protected.jpg
views
推荐答案
注意:对于所有这些例子,我使用的结构如下:
Note: for all these examples, I'm using an application structured like the following:
.
├── app.js
└── public
├── protected
│ └── file.txt <-- contains text "protected file"
└── regular
└── file.txt <-- contains text "regular file"
您有几个选项。最简单的方法是通过路由器在公共中间件之前通过路由器发送请求,允许您拦截请求:
You have a couple of options. The simplest one is to have Express route the request through your router before the public middleware, allowing you to intercept the request:
var express = require('express');
var http = require('http');
var path = require('path');
var app = express();
// use app.router before express.static
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
function userIsAllowed(callback) {
// this function would contain your logic, presumably asynchronous,
// about whether or not the user is allowed to see files in the
// protected directory; here, we'll use a default value of "false"
callback(false);
};
app.get('/', function(req, res, next) {
res.end('Home page');
});
app.get('/protected/*', function(req, res, next) {
userIsAllowed(function(allowed) {
if (allowed) {
next(); // call the next handler, which in this case is express.static
} else {
res.end('You are not allowed!');
}
});
});
http.createServer(app).listen(3000, function(){
console.log('Express server listening on port 3000');
});
结果:
http://localhost:3000/regular/file.txt # regular file
http://localhost:3000/protected/file.txt # You are not allowed!
这种方法的问题是请求必须通过应用程序的路由器一个静态文件可以提供,这不是很有效率,但可能对你的需要很满意(你需要采取一些测量,并为自己找出)。
The problem with this approach is that the request has to make it all the way through your app's router before a static file can be served, which is not quite as efficient, but may be fine for your needs (you'd need to take some measurements and find out for yourself).
另一个选项是将一个小功能插入到基本相同的中间件链中,但这不需要遍历整个应用程序路由器:
The other option is to insert a small function into the middleware chain that does basically the same thing, but that doesn't require a run through the entire app router:
var express = require('express');
var http = require('http');
var path = require('path');
function userIsAllowed(callback) {
// this function would contain your logic, presumably asynchronous,
// about whether or not the user is allowed to see files in the
// protected directory; here, we'll use a default value of "false"
callback(false);
};
// This function returns a middleware function
var protectPath = function(regex) {
return function(req, res, next) {
if (!regex.test(req.url)) { return next(); }
userIsAllowed(function(allowed) {
if (allowed) {
next(); // send the request to the next handler, which is express.static
} else {
res.end('You are not allowed!');
}
});
};
};
var app = express();
app.use(protectPath(/^\/protected\/.*$/));
app.use(express.static(path.join(__dirname, 'public')));
app.get('/', function(req, res, next) {
res.end('Home page');
});
http.createServer(app).listen(3000, function(){
console.log('Express server listening on port 3000');
});
执行基本相同的逻辑,而不是通过整个 app路由器,它在每个请求开始时运行一个小功能,检查所请求的URL是否与您传入的正则表达式匹配。如果是,则运行检查以查看用户是否可以访问该文件。
This performs basically the same logic, but instead of routing every request through the entire app router, it runs a small function at the beginning of each request that checks to see if the requested URL matches the regular expression you passed in. If it does, it runs the check to see if the user can access the file.
结果:
http://localhost:3000/regular/file.txt # regular file
http://localhost:3000/protected/file.txt # You are not allowed!
这篇关于如何保护nodejs中的公共动态文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
