阻止直接访问节点js中的html页面 [英] Prevent direct access to html page in node js

问题描述

我想阻止用户直接输入页面的URL，并引导到页面。
如何在节点中实现此功能？
我知道在Web应用程序放置文件在WEB-INF文件夹下，阻止直接访问它们。

I would like to prevent the user from directly typing in the url of the page and getting led to the page. How can I achieve this functionality in node ? I know that in web applications placing the files under the WEB-INF folder prevent direct access to them.

推荐答案

如果您使用 Express ，您可以使用这样的内容检查中间件的引用者，您应根据需要进一步调整您的确切目的：

If you are using Express you can check referer in middleware with something like this, which you should adapt further as needed for your exact purposes:

var express = require('express')
var app = express()

permittedLinker = ['localhost', '127.0.0.1'];  // who can link here?

app.use(function(req, res, next) {
  var i=0, notFound=1, referer=req.get('Referer');

  if ((req.path==='/') || (req.path==='')) next(); // pass calls to '/' always

  if (referer){
      while ((i<permittedLinker.length) && notFound){
      notFound= (referer.indexOf(permittedLinker[i])===-1);
      i++;
      }
  }

  if (notFound) { 
     res.status(403).send('Protected area. Please enter website via www.mysite.com');
  } else {
    next(); // access is permitted, go to the next step in the ordinary routing
  }
});

app.get('/', function(req,res){
    res.send('<p>Hello.  You are at the main page. </p><a href="page2">page 2</a>');
});

app.get('/page2', function(req,res){
    res.send('<p>You are at page 2</p>');
});

app.listen(3000);  // test at http://localhost:3000

测试（和对策）

我们可以得到主页吗？ 是

wget http://localhost:3000/

--2014-10-10 04:01:18--  http://localhost:3000/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response... 
200 OK
Length: 67 [text/html]
Saving to: ‘index.html’

我们可以直接获得第二页吗？ 否

Can we get the second page directly? No

wget http://localhost:3000/page2
--2014-10-10 04:04:34--  http://localhost:3000/page2
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response... 403 Forbidden
2014-10-10 04:04:34 ERROR 403: Forbidden.

我们可以从第一页获取第二页吗？ 是

Can we get the second page from the first page? Yes

 wget --referer="http://localhost" http://localhost:3000/page2
--2014-10-10 04:05:32--  http://localhost:3000/page2
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:3000... connected.
HTTP request sent, awaiting response... 
200 OK
Length: 24 [text/html]
Saving to: ‘page2’

任何脚本小孩都可以学习使用wget --referer来击败这个保护方案吗？

Can any script kiddie learn to use wget --referer to defeat this "protection" scheme?

是的。它只阻挡了诚实的人。不是真正想要内容的人。

这篇关于阻止直接访问节点js中的html页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！