使用res.sendFile（）处理url中的查询字符串

Question

I am in the process of learning node.js so that I can work on my personal project. I am also trying to get started on it "for real". In fact, my first big feature I am trying to get up is login feature. For some reason, it's not working properly anytime ? pops up in URL.

My code in appServer.js is something like:

var express = require('express');
var app = express();
var bodyParser = require('body-parser');
var session = require('client-sessions');   

var users = require('./helpers/users.js'),
    helpers = require('./helpers/helpers.js');

var fs = require('fs'),
    path = require('path');

var https = require('https');

function handleIncomingRequest(req, res)
{
    console.log("INCOMING REQUEST: " + req.method + " " + req.url);

    console.log("req.url == " + req.url);
    var questionMarkIndex = req.url.indexOf('?');
    console.log("questionMarkIndex == " + questionMarkIndex);
    var filename = req.url;
    if (questionMarkIndex != -1) filename = req.url.substr(0, questionMarkIndex);
    serveStaticFile(filename,
        res);
    //serveStaticFile(req.url, res);
}

app//.use(express.logger('dev'))
    .use(bodyParser.urlencoded({ extended: true }))
    .use(session({
    cookieName: 'session',
    secret: 'ckwtngqjqerrafourhpvi',
    duration: 30 * 60 * 1000,
    activeDuration: 15 * 60 * 1000,
    httpOnly: true,
    secure: true,
    ephemeral: true
}))
    .get("/YALApp/*", 
        requirePageLogin,
        function(req, res)
        {
            handleIncomingRequest(req, res);
        }
    )
    .get("/YALApp", 
        function (req, res) {
            res.redirect('/YALApp/');
        }
    )
    .post('/service/login', users.login)
    .get("*",
        function(req, res)
        {           
            res.writeHead(404, { "Content-Type" : "application/json" });
            res.end(JSON.stringify(helpers.makeError("file_not_found",
                    "The requested file cannot be accessed: " + req.url), null, '\t') + '\n');
        }
    );
app.listen(8080);
/*https.createServer(options, app).listen(8080, function()
{
    console.log("server listening on port 8080");
});
*/
function serveStaticFile(file, res)
{
    console.log("file == " + file);
    var url = '/var/www/html' + file;
    if (url.charAt(url.length - 1) == '/' || url.lastIndexOf('.') == -1)
    {
        console.log(res.sendFile);
        res.sendFile(url + '/index.html');
        return;
    }
    res.sendFile(url);
}

Initial static page (URL: /YALApp/loginPage.html ) loads just fine, but its dependencies don't (and thus page doesn't work) Here is that static page:

<!DOCTYPE html>
<html>
    <head>
        <!-- Linking to define the colors (up one level, and in theme) -->
        <script src="../jQueryLib/theme/external/jquery/jquery.js"></script>
        <link href="../jQueryLib/theme/jquery-ui.css" rel="stylesheet" >
        <!-- Linking to setup the page -->
        <link href="css/loginPage.css" rel="stylesheet">
        <!-- Providing UI functionality -->
        <script type="text/javascript" src="../jQueryLib/theme/jquery-ui.js"></script>
         <!-- jQuery UI touch-punch -->
                <script type="text/javascript" src="../jQueryLib/theme/jquery.ui.touch-punch.min.js"></script>
        <!-- page functionality -->
        <script src="js/loginPage.js"></script>
        <title>Group Management Login Page</title>
    </head>
    <body>
        <h1 class="center">Group Management Tool</h1>
        <div id="login" class="pageCenter">
            <form id="loginForm">
                <h2 class="ui-widget-header row">Login</h2>
                <span class="row">
                    <label for="loginUserName" class="third">User name</label>
                    <input type="text" id="loginUserName" class="twoThirds"></input>
                </span>
                <span class="rowTight">
                    <label for="loginPassword" class="third">Password</label>
                    <input type="password" id="loginPassword" class="twoThirds"></input>
                </span>
                <span class="rowTight">
                    <!-- TODO: implement "forgot username" feature -->
                    <a id="forgotUsernameLink" class="center half" href="">Forgot username?</a>
                    <!-- TODO: implement "forgot password" feature -->
                    <a id="forgotPasswordLink" class="center half" href="">Forgot password?</a>
                </span>
                <span class="row">
                    <input type="submit" id="loginBtn" class="third" value="Login" />
                    <!--<button id="protoLogin" title="Populates login form with login data for the prototype" value="Prototype"-->
                </span>
            </form>
        </div>
    </body>
</html>

Result of trying:

What is happening here?!?!?

Answer 1

I think I found the error: I was trying to avoid a security catastrophe by my handling of GET requests for every other request. Namely, when I "back out" of YALApp folder, I am able to access at least the phpMyAdmin folder, and by merely requesting a file from it, downloading that file. I made it serve up 404 error.

This was simple to fix, in that all I had to do was add a route for /jQueryLib/* requests, and repeat what I did for /YALApp/* .