node.js 如何用护照保护快递中的静态文件夹
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21335868/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to protect static folder in express with passport
提问by toutpt
I have a project based on express with a required authentication based on passport.
我有一个基于 express 的项目,需要基于护照的身份验证。
The backoffice is an angularjs app served as static files.
后台是一个用作静态文件的 angularjs 应用程序。
My authentication code is completly based on https://github.com/jaredhanson/passport-local/blob/master/examples/express3-no-connect-flash/app.js
我的身份验证代码完全基于https://github.com/jaredhanson/passport-local/blob/master/examples/express3-no-connect-flash/app.js
To do not serve the angular app if you are not authenticated. I have try by adding ensureAuthenticated on the /admin route but it make the route not working (404). Once I remove ensureAuthenticated the /admin is served.
如果您未通过身份验证,请不要提供 angular 应用程序。我尝试在 /admin 路由上添加 ensureAuthenticated 但它使路由不起作用(404)。一旦我删除了 ensureAuthenticated,就会提供 /admin 服务。
app.use(express.static(path.join(__dirname, 'public')));
app.use('/admin', ensureAuthenticated, express.static(path.join(__dirname, 'admin')));
//serve routes
app.use(app.router);
The public folder contains the login page.
public 文件夹包含登录页面。
How could I achieve this ?
我怎么能做到这一点?
采纳答案by MikeSmithDev
You can check the route using middleware and redirect them if they aren't logged in and are hitting admin pages, something like (untested):
您可以使用中间件检查路由,如果他们没有登录并且正在访问管理页面,则可以重定向它们,例如(未经测试):
app.use(function(req, res, next) {
if (req.user == null && req.path.indexOf('/admin') === 0)
{
res.redirect('/login');
}
next();
});
回答by Bobz
Ran into same issue, this is what I ended up doing!
遇到同样的问题,这就是我最终要做的!
app.use doesn't let you chain middlewares in that way. The various app.VERB functions do, but app.use doesn't. That's for one middleware at a time.
If you split the 2 middlewares out into separate calls, you should get the results you want:
app.use 不允许您以这种方式链接中间件。各种 app.VERB 函数可以,但 app.use 不行。这是一次一个中间件。
如果您将 2 个中间件拆分为单独的调用,您应该会得到您想要的结果:
app.use('/admin', ensureAuthenticated);
app.use('/admin', express.static(path.join(__dirname, 'admin')));
Cannot use basic authentication while serving static files using express
回答by vodolaz095
app.use('/admin', function(req,res,next){
if(req.user){
return express.static(path.join(__dirname, 'public'));
} else {
res.render(403, 'login', {message:'Please, login!'});
}
});
//serve routes
app.use(app.router);
回答by l2ysho
Update for [email protected]+, [email protected], and [email protected]
更新[email protected]+,[email protected]和[email protected]
First setup a passport auth strategy. If you use a jwt, you can take a token from a query parameter, if not you can use another Extract function (or multiple using Jwt.ExtractJwt.fromExtractors())
首先设置护照身份验证策略。如果使用 jwt,则可以从查询参数中获取令牌,否则可以使用另一个 Extract 函数(或多个 using Jwt.ExtractJwt.fromExtractors())
passport.use('basic-user',
new Jwt.Strategy({
...jwtConfig.options,
jwtFromRequest: Jwt.ExtractJwt.fromUrlQueryParameter('token')
}, verifyUser)
);
Then you can use a passport authenticate function before serving static files
然后您可以在提供静态文件之前使用护照身份验证功能
app.use('/files', [
passport.authenticate(['basic-user'], { session: false }),
express.static(path.join(__dirname, 'files')) //make sure you access proper directory
])
