我在public / images / picture.jpg中显示带有玉石的图片,但是我想保护一些图片或限制对公共文件夹的访问,怎么办?
project node_modules public images image.jpg javascripts stylesheets protected_folder* image_protected.jpg views
注意:对于所有这些示例,我使用的应用程序结构如下:
. ├── app.js └── public ├── protected │ └── file.txt <-- contains text "protected file" └── regular └── file.txt <-- contains text "regular file"
您有两种选择。最简单的方法是让Express 在公共中间件 之前 通过路由器路由请求,从而使您可以截获请求:
var express = require('express'); var http = require('http'); var path = require('path'); var app = express(); // use app.router before express.static app.use(app.router); app.use(express.static(path.join(__dirname, 'public'))); function userIsAllowed(callback) { // this function would contain your logic, presumably asynchronous, // about whether or not the user is allowed to see files in the // protected directory; here, we'll use a default value of "false" callback(false); }; app.get('/', function(req, res, next) { res.end('Home page'); }); app.get('/protected/*', function(req, res, next) { userIsAllowed(function(allowed) { if (allowed) { next(); // call the next handler, which in this case is express.static } else { res.end('You are not allowed!'); } }); }); http.createServer(app).listen(3000, function(){ console.log('Express server listening on port 3000'); });
结果:
http://localhost:3000/regular/file.txt # regular file http://localhost:3000/protected/file.txt # You are not allowed!
这种方法的问题在于,在提供静态文件之前,请求必须一直通过应用程序的路由器进行处理,虽然效率不高,但可以满足您的需求(您需要采取一些措施)测量并自己找出)。
另一个选择是在中间件链中插入一个基本功能相同的小功能,但不需要在整个应用路由器中运行:
var express = require('express'); var http = require('http'); var path = require('path'); function userIsAllowed(callback) { // this function would contain your logic, presumably asynchronous, // about whether or not the user is allowed to see files in the // protected directory; here, we'll use a default value of "false" callback(false); }; // This function returns a middleware function var protectPath = function(regex) { return function(req, res, next) { if (!regex.test(req.url)) { return next(); } userIsAllowed(function(allowed) { if (allowed) { next(); // send the request to the next handler, which is express.static } else { res.end('You are not allowed!'); } }); }; }; var app = express(); app.use(protectPath(/^\/protected\/.*$/)); app.use(express.static(path.join(__dirname, 'public'))); app.get('/', function(req, res, next) { res.end('Home page'); }); http.createServer(app).listen(3000, function(){ console.log('Express server listening on port 3000'); });
这执行的逻辑基本相同,但是它不是在 整个 应用路由器中路由每个请求,而是在每个请求的开头运行一个小功能,以检查所请求的URL是否与您传入的正则表达式匹配。它运行检查以查看用户是否可以访问该文件。
