保护Google Cloud App Engine(NodeJS)中的文件
[英]Securing files in Google Cloud app engine (NodeJS)
问题描述
I have created a small web application with NodeJS Express. 
我使用NodeJS Express创建了一个小型Web应用程序。 Basically a webserver that has a 'webserver.properties' file. 基本上是一个具有“ webserver.properties”文件的网络服务器。 With a very basic app.yaml file. 具有非常基本的app.yaml文件。
After deploying it to Google Cloud by use of 'gcloud app deploy' I get the everything up and running. 使用“ gcloud应用程序部署”将其部署到Google Cloud之后,我将一切启动并运行。
However...when I open the following URL in the browser: https://webserverurl.com/webserver.properties , the webserver.properties file can be approached and is in turn downloaded immediately. 但是...当我在浏览器中打开以下URL时: https : //webserverurl.com/webserver.properties ,可以访问webserver.properties文件,然后立即下载该文件。
How can I prevent this from happening and make sure that such properties files are inaccessible from outside? 如何防止这种情况发生,并确保无法从外部访问此类属性文件?
1 个解决方案
解决方案1
0 已采纳 2018-02-28 14:51:08
The problem is that when you use this line: 问题是,当您使用此行时:
app.use('/', express.static(__dirname + '/'));
you are giving access to your root directory. 您可以访问您的根目录。 See this for a definition of __dirname . 见这对于一个定义__dirname 。 If you want to give access to a specific folder you can do this: 如果要授予对特定文件夹的访问权限,可以执行以下操作:
Lets say your root directory is src and you fave a dir with static files called src/myfiles . 可以说您的根目录是src并且您拥有一个名为src/myfiles静态文件的目录。 In order to give acces to files in myfiles you can use this line: 为了授予对myfiles文件的访问权限,您可以使用以下行:
app.use('/mypathname', express.static('myfiles'));
where: 哪里:
'/mypathname'is the part pertaining your URL.'/mypathname'是与您的URL有关的部分。 In your case it would behttps://webserverurl.com/mypathname/any-file-name.jpg在您的情况下,它将是https://webserverurl.com/mypathname/any-file-name.jpgexpress.static('myfiles')is the name of your local dir.express.static('myfiles')是本地目录的名称。
Hope this helps 希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.