Restricting route to static files in Express and Nodejs

Question

Restricting route to static files in Express and Nodejs

I am currently trying to restrict routes to users who have not been registered. My main problem is that even if I define a page with a get method like:

 app.get('/alpha/information', isLoggedIn,
        function(req, res){
            res.sendFile(path.join(__dirname + '/alpha/pages/Example.html'));
        });

The user can simply change the url: http://localhost:3000/alpha/pages/Example.html

and access the page. Now I have read several similar questions on SO, but I cannot find the answer. Some of which were inspired: Q1 , Q2 , Q3 . However, I could not find a solution to my problem.

My current file structure: FileStructureLink

I am trying to restrict access to Example.html, ExampleTwo.html and blabla.html

I am using this code to set up requests, but I think they might be wrong:

app.use(express.static(path.join(__dirname, 'Alpha')));
app.use(express.static(path.join(__dirname, '/')));
app.use('/', express.static(__dirname + '/login.html'));

This one is app.use('/', express.static(__dirname + '/login.html'));

used specifically for the default boot localhost:3000/

aslocalhost:3000/login

How can I restrict access to all static html files without having to write a route for each one?

middleware function:

function isLoggedIn(req, res, next) {
        console.log('here is Authenticated', req.isAuthenticated())
        if (req.isAuthenticated()){
            return next();
        }
        res.redirect('/login');
    }

+3

javascript html node.js express

coderJoe 05 May '17 at 13:16

source to share

3 answers

drinchev · Answer 1 · 2017-05-08T07:46:53+0000

You can limit your expressive static middleware by adding more middleware to it.

var express = require("express");
var path = require( "path" );
var app = express();

function isLoggedIn( req, res, next ) {
   console.log("trying restricted file");
   next();
}

app.use( '/Alpha', isLoggedIn, express.static( path.join( __dirname, 'Alpha' ) ) );
app.use( express.static( path.join( __dirname, 'anonymous' ) ) );

app.listen( 3000 );

Doing this every time you call localhost:3000/restricted/*

will execute the isLoggedIn function.

EDIT: The code has been modified to suit your file structure.

vandijkstef · Answer 2 · 2017-05-05T13:26:10+0000

You are making the full alpha directory public, so everything is available. This method is commonly used for serving js / css / images.

You can use variable route to get html file:

url: localhost: 3000 / alpha / Example

app.get('/alpha/:name', function(req, res) {
    var page = req.params.name;
    res.sendFile(path.join(__dirname + '/alpha/pages/' + page + '.html'));
})

Track capitalization

Zeeshan Hassan Memon · Answer 3 · 2017-05-05T15:20:32+0000

Here's how to do it:

var express = require('express'),
    path = require('path');
    app = express();

app.use(function(req, res, next) {
    // Use your req.isAuthenticated logic here, that all
    console.log('I am called before static middleware.');
    return next();
});
app.use(express.static( path.join(__dirname, 'public')));
app.use(function(req, res, next) {
    console.log('I am called after static middleware.');
    return next();
});

app.get('/', showClientRequest, function(req, res) {
    res.send('Hi! I am direct message from server :)');
});

function showClientRequest(req, res, next) {
    console.log('You can do something here too...');
    return next();
}

app.listen(3000);

For a full repo:

Clone node -cheat express_server_restrict_static_files , run node app

and then npm install express

.

Happy help!

Restricting route to static files in Express and Nodejs

More articles: