All geek questions in one place

How to protect static files in one application using node.js

I plan to develop a website with a public area and a private area. Both areas of the site will be separate single-page applications implemented using AngularJS. I am using Node.js to create a REST web service for the front end.

Access to the private area is possible only with authentication (username / password). Authentication is also required to invoke REST API calls.

Files in the public area will be saved in a subfolder / public and files for a private folder in a subfolder / in private mode. I serve static files for a public zone using nginx. I also want to serve static private area files using nginx.

How can I prevent users from accessing files directly, like www.example.com/private/js/app.js

Only authenticated users should be able to open files in the / private folder.

+4
source share
1 answer

Unfortunately, if you use nginx for the server in static private files, you are limited to very basic authentication methods, for example:

  • Basic auth: from the htpasswd file, which contains a list of users and passwords.
  • LDAP auth: create an LDAP directory (this is a third-party module)

However, if your systems store users in a database, nginx does not know how to authenticate users. In addition, if authentication on your system should be combined with authorization , that is, user1 can only access /private/user1/kittenpicture.jpg and user2 /private/user2/nakedpics.jpg , nginx will not help you either, and you there is no other choice but to serve your personal files with nodejs (since then you can combine all kinds of authentication / authorization intermediaries with intermediaries to serve static files.

0
source

Source: https://habr.com/ru/post/1488035/

More articles:


All Articles