Nginx + Express仅向经过身份验证的用户提供静态文件

Question

I'm working on a static website built with gatsby.

I want it to be accessible only for visitors who know the password and I can't do it with the .htaccess since i want my own custom "login" page, not just some brower's popup.

I figured that i would just build a very simple express API with the following endpoints:

"/" - serves the static files (gatsby build files, the actual website), 
if you dont have a certain cookie, you get redirected to "/login"

GET "/login" - my custom login page (simple input for the password)

POST "/login" - in here you send the password, if its correct, 
you get the cookie and you get redirected to "/" so to the actual website

Everything works fine, but Im a bit concerned about not using nginx. I will be deploying the app soon (digital ocean) and im trying to understand how the performance of serving the static files via express instead of nginx lowers the speed.

My question is, how can I implement it in the way that its nginx that serves the files, but if there is no cookie then redirects to "/login" just like now?

I keep reading a lot and i have no problem doing the serving via nginx part, but i have problems understanding "check-if-cookie" flow.

Is it even a good practice to check cookie (and redirect if not found) in nginx? Or maybe i should do things differently?

Thanks for any help.

Answer 1

function checkAuth(req, res, next) {
    if (!checkAuth) {
        res.redirect('/login');
    } else {
        next();
    }
}

app.use('/admin/information', checkAuth, information);

Do same concept as above.