[英]NodeJS / Express all requests to specific path
I'm not looking to serve a static folder/files. 我不希望提供静态文件夹/文件。 That being cleared, here is my issue:
这已经清除,这是我的问题:
I have a Login page, and after the user has been verified, I create a session. 我有一个“登录”页面,并且在验证用户之后,我创建了一个会话。 Based on this session, I want to give the client access/denial to every request they make to the url path example.com/admin
基于此会话,我想让客户端访问/拒绝他们对URL路径example.com/admin的每个请求
Why? 为什么? I have API calls to this url but also a file inside /public/admin/dashboard.html (and yes the /public folder is served as a static folder) - and all of these incoming requests should just be possible from clients with verified sessions.
我有对该URL的API调用,也有/public/admin/dashboard.html中的一个文件(是的,/ public文件夹用作静态文件夹)-并且所有这些传入请求都应该仅来自具有已验证会话的客户端。
I tried to use app.get("/admin/*",...
but that seems also to affect all the other domains with get requests: 我尝试使用
app.get("/admin/*",...
但这似乎也影响到所有其他具有get请求的域:
app.get("/admin/*", function(req, res) {
if (req.session.email !== undefined) {
console.log("User is verified to access");
return res.redirect("/admin/dashboard.html");
} else {
console.log("Failed: User not verified, redirect to 404");
return res.redirect("/404.html");
}
})
And the code above is called before the 上面的代码在
app.use(express.static("./public"));
I'm not sure if you're having problems with the wildcard url matching, or serving up the static file. 我不确定您是否在通配符URL匹配或静态文件加载方面遇到问题。 Here is an example on how to use a middleware to take care of the authorization and then serve up the static file from a specific endpoint.
这是一个有关如何使用中间件来处理授权,然后从特定端点提供静态文件的示例。
It's not a copy paste to solve your problem, but I hope this might help you find a solution. 它不是解决问题的复制粘贴,但是我希望这可以帮助您找到解决方案。
const authenticate = function(req, res, next) {
if (req.sess.email === undefined) {
return res.redirect('/404/.html');
}
next();
}
app.get('/admin/dashboard.html', auhenticate, function(req, res) {
console.log('User is verified to access');
return res.sendFile([File location for dashboard.html],
{headers: {'Content-Type': 'text/html'}});
});
Write a function to validate users to allow /admin/*
route and then use it as follows: 编写一个函数来验证用户是否允许
/admin/*
路由,然后按以下方式使用它:
function validate(req, res, next){
//logic to verify user, validate session
if(user is allowed to access){
next();//Proceed to handle the request
}
else{
//end request with 401 as unauthorized
res.status(401).send();
}
}
app.get("/admin/*", validate, function(req, res) {
//Actual response to send
});
You can use validate functionality for any requests which need authorization. 您可以对需要授权的任何请求使用验证功能。
UPDATE: My bad. 更新:我不好。
/admin
checks for the URLs ending with /admin
only. /admin
检查仅以/admin
结尾的URL。 Hence, /admin/dashboard.html
won't work. 因此,/
/admin/dashboard.html
将不起作用。 If you want the authorization check to all URLs that have /admin
in the them, then regex pattern can be used like /admin/*
and then send response once validated. 如果要对其中所有带有
/admin
URL进行授权检查,则可以使用正则表达式模式(例如/admin/*
,然后在验证后发送响应。 Hope this explains your query. 希望这能解释您的查询。
Thanks to @lifetimeLearner007 and @R.Gulbrandsen who lead me into the right direction. 感谢@ lifetimeLearner007和@ R.Gulbrandsen将我引向正确的方向。 For anyone following up, a combination of both solved it (but dont know why)
对于任何跟进的人,两者的结合解决了这个问题(但不知道为什么)
app.get("/admin/*", validateUser, function(req, res, next) {
console.log("Validated");
next();
})
function validateUser(req, res, next) {
console.log(req.session.email)
if (req.session.email !== undefined) {
console.log("User is verified to access");
next();
} else {
console.log("Failed: User not verified, redirect to 404");
return res.redirect("/404.html");
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.