and*_*a86 5 node.js express pug
我在公共/ images/picture.jpg中显示带有玉的图片,但我想保护一些图片或限制访问公共文件夹怎么做?
project
node_modules
public
images
image.jpg
javascripts
stylesheets
protected_folder*
image_protected.jpg
views
Mic*_*ley 19
注意:对于所有这些示例,我使用的结构如下:
.
??? app.js
??? public
??? protected
? ??? file.txt <-- contains text "protected file"
??? regular
??? file.txt <-- contains text "regular file"
你有几个选择.最简单的方法是在公共中间件之前让Express通过路由器路由请求,允许您拦截请求:
var express = require('express');
var http = require('http');
var path = require('path');
var app = express();
// use app.router before express.static
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
function userIsAllowed(callback) {
// this function would contain your logic, presumably asynchronous,
// about whether or not the user is allowed to see files in the
// protected directory; here, we'll use a default value of "false"
callback(false);
};
app.get('/', function(req, res, next) {
res.end('Home page');
});
app.get('/protected/*', function(req, res, next) {
userIsAllowed(function(allowed) {
if (allowed) {
next(); // call the next handler, which in this case is express.static
} else {
res.end('You are not allowed!');
}
});
});
http.createServer(app).listen(3000, function(){
console.log('Express server listening on port 3000');
});
结果:
http://localhost:3000/regular/file.txt # regular file
http://localhost:3000/protected/file.txt # You are not allowed!
这种方法的问题在于,在提供静态文件之前,请求必须一直通过应用程序的路由器,这不是那么有效,但可能适合您的需求(您需要采取一些措施)测量并找出适合自己的方法).
另一种选择是在中间件链中插入一个基本相同的小功能,但不需要运行整个应用程序路由器:
var express = require('express');
var http = require('http');
var path = require('path');
function userIsAllowed(callback) {
// this function would contain your logic, presumably asynchronous,
// about whether or not the user is allowed to see files in the
// protected directory; here, we'll use a default value of "false"
callback(false);
};
// This function returns a middleware function
var protectPath = function(regex) {
return function(req, res, next) {
if (!regex.test(req.url)) { return next(); }
userIsAllowed(function(allowed) {
if (allowed) {
next(); // send the request to the next handler, which is express.static
} else {
res.end('You are not allowed!');
}
});
};
};
var app = express();
app.use(protectPath(/^\/protected\/.*$/));
app.use(express.static(path.join(__dirname, 'public')));
app.get('/', function(req, res, next) {
res.end('Home page');
});
http.createServer(app).listen(3000, function(){
console.log('Express server listening on port 3000');
});
这基本上执行相同的逻辑,但它不是通过整个应用程序路由器路由每个请求,而是在每个请求开始时运行一个小函数,检查请求的URL是否与您传入的正则表达式匹配.如果是,它运行检查以查看用户是否可以访问该文件.
结果:
http://localhost:3000/regular/file.txt # regular file
http://localhost:3000/protected/file.txt # You are not allowed!
| 归档时间: |
|
| 查看次数: |
9107 次 |
| 最近记录: |