[英]Securing files in Google Cloud app engine (NodeJS)
I have created a small web application with NodeJS Express. 我使用NodeJS Express创建了一个小型Web应用程序。 Basically a webserver that has a 'webserver.properties' file.
基本上是一个具有“ webserver.properties”文件的网络服务器。 With a very basic app.yaml file.
具有非常基本的app.yaml文件。
After deploying it to Google Cloud by use of 'gcloud app deploy' I get the everything up and running. 使用“ gcloud应用程序部署”将其部署到Google Cloud之后,我将一切启动并运行。
However...when I open the following URL in the browser: https://webserverurl.com/webserver.properties , the webserver.properties file can be approached and is in turn downloaded immediately. 但是...当我在浏览器中打开以下URL时: https : //webserverurl.com/webserver.properties ,可以访问webserver.properties文件,然后立即下载该文件。
How can I prevent this from happening and make sure that such properties files are inaccessible from outside? 如何防止这种情况发生,并确保无法从外部访问此类属性文件?
The problem is that when you use this line: 问题是,当您使用此行时:
app.use('/', express.static(__dirname + '/'));
you are giving access to your root directory. 您可以访问您的根目录。 See this for a definition of
__dirname
. 见这对于一个定义
__dirname
。 If you want to give access to a specific folder you can do this: 如果要授予对特定文件夹的访问权限,可以执行以下操作:
Lets say your root directory is src
and you fave a dir with static files called src/myfiles
. 可以说您的根目录是
src
并且您拥有一个名为src/myfiles
静态文件的目录。 In order to give acces to files in myfiles
you can use this line: 为了授予对
myfiles
文件的访问权限,您可以使用以下行:
app.use('/mypathname', express.static('myfiles'));
where: 哪里:
'/mypathname'
is the part pertaining your URL. '/mypathname'
是与您的URL有关的部分。 In your case it would be https://webserverurl.com/mypathname/any-file-name.jpg
在您的情况下,它将是
https://webserverurl.com/mypathname/any-file-name.jpg
express.static('myfiles')
is the name of your local dir. express.static('myfiles')
是本地目录的名称。
Hope this helps 希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.