限制访问ExpressJS中的静态文件 [英] Restricting access to static files in ExpressJS
问题描述
public 目录中的静态文件一起使用。我如何去做? 更新:最好不要担心保护 / public 文件夹,因为express提供了一个 res.download(...)功能。 Express.JS GitHub页面上的示例
澄清静态文件也是通过使用 express.static 中间件通过express进行服务的。理论上你可以包括中间件来处理安全。除了静态中间件的想法之外,您只能从公开之后静态使用文件夹 public 。
您可以在 static 中找到这里。您可以重写它,以便您可以在其中注入中间件。
或者你可以自己写一个天真的静态文件路由器。
你是否尝试注入自己的安全日志在您的静态中间件之前的中间件。
app.use(security);
app.use(express.static(dirname +'/ public'));
I have a server that routes pretty much everything through middleware to check to see if you're logged in, but that only works for routes. I would also like it to work with static files in the public directory. How would I go about doing that?
update: it's better to not worry about protecting what's in the /public folder because express offers a res.download(...) feature. Example on the Express.JS GitHub page
To clarify static files are also server by express using the express.static middleware. In theory you can include middleware before it to handle the security. Besides the idea of the static middleware is that you only make the folder public statically available since its public.
You can find static defined here. You can either rewrite it to allow you to inject middleware into it.
Or you can just write a naive static file router yourself.
Have you tried injecting your own security log in middleware before your static middleware.
app.use(security);
app.use(express.static(dirname + '/public'));
这篇关于限制访问ExpressJS中的静态文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
