Express-公用目录划分为授权/未经授权的用户

Question

I have an app written in express.js and I'm trying to divide this application to 2 sections:

• one for unauthorized users (with routes only to / - landing page, /login and /* - error404)
• and second (routes will be: / - landing page, /app/* - angular SPA which will handle routing on its own)

Express is also configured to take static files from /unauth/public/ And I want to add second static folder for request from authorized routes - /auth/public which goes to /app/*

My route config looks like this:

var authRoutes = express.Router();
var unauthRoutes = express.Router();

authRoutes.get('/app/*', function(req, res, next) {
    if(!req.isAuthenticated())
        return res.redirect("/login/");
    res.send("AUTHORIZED");
});

unauthRoutes.get('/', function(req, res, next) {
    res.send("LANDING PAGE");
});

unauthRoutes.get('/login/', function(req, res, next) {
    if(req.isAuthenticated())
        return res.redirect("/app/");
    res.send("LOGIN PAGE");
});

unauthRoutes.get('/registration/', function(req, res, next) {
    if(req.isAuthenticated())
        return res.redirect("/app/");
    res.send("REGISTRATION PAGE");
});

unauthRoutes.get('/*', function(req, res, next) {
    res.send("ERROR 404");
});

app.use('/', authRoutes);
app.use('/', unauthRoutes);

I tried to modify req.url and call another static oruter express.static('auth/public') based on this:

Using express.static middleware in an authorized route

But I don't know, how to handle route app.get('/auth/*', ...) - previous modification will replace url and this route will never be called..

Answer 1

You could try something like this:

// Create your static middlewares
var unauthStatic = express.static('unauth/public');
var authStatic = express.static('auth/public');

// This goes in place of where you would normally load your static middleware
app.use(function(req, res, next) {
    if (req.isAuthenticated()) {
        authStatic(req, res, next);
    } else {
        unauthStatic(req, res, next);
    }
});

edit:

if you want authenticated users to be able to access files from both the auth and unauth directories, you can make two calls to app.use , like this:

app.use(unauthStatic);
app.use(function(req, res, next) {
    if (! req.isAuthenticated()) {
        return next();
    }
    authStatic(req, res, next);
});

Answer 2

Remember that express uses middleware in a stack, meaning to serve a given request, all registered middleware is used in the order it's use d. Once a bit of middleware calls req.send, no further middleware gets executed. Anyway, try something like this:

function Authorization(req, res, next) {
    if(!req.isAuthenticated())
        return res.redirect("/login");
    next();
}

var AnonRouter = express.Router()
    // GET /style.css will request /unauth/public/style.css
    .use(express.static('unauth/public'))
    .get('/', function (req, res) { })
    .get('/login', function (req, res) { });

var AuthRouter = express.Router()
    .use(Authorization)
    // GET /app/style.css will request /auth/public/style.css
    .use(express.static('auth/public')) 
    .get('*', function (req, res, next) {
       // Handle reqs for non-static files
    });

app.use('/', AnonRouter);
app.use('/app', AuthRouter);
app.get('*', function (req, res) {
    res.status(404).send('404!');
});

But I don't know, how to handle route app.get('/auth/*', ...) - previous modification will replace url and this route will never be called..

This statement makes me think that you are trying to somehow handle the request after express's static middleware has been called. This is not possible: the static middleware serves static files and you cannot execute additional logic after it does so, but you can run stuff before! Note that in my code, the Authorization middleware will run before the static file is sent.