I am trying to allow users to save and download static files. But have the files be accessible only for logged in (authorized) users.

routes/files.js

var express = require('express');
var router = express.Router();

/* Get files */
router.get('/*', isLoggedIn, function(req, res, next) {
 console.log('get files called ');
 express.static(path.join(__dirname, 'files'));
});

function isLoggedIn(req, res, next){
 if(req.isAuthenticated()) return next();
 res.redirect('/');
}

module.exports = router;

This works with any get request but not static files. They can be accessed with out being logged in.

app.js

 var filesRouter = require('./routes/files');
 app.use(express.static(__dirname));
 app.use('/files', filesRouter);

I must be missing something simple - Thanks!!

CodePudding user response：

Calling express.static(path.join(__dirname, 'files')); just returns a middleware function. It doesn't actually execute anything more than that. It doesn't serve any files until you call the function that it returns. You could get that middleware function once and then execute it conditionally, but it's easier to just do this:

/* Get files */
router.get('/*', isLoggedIn, express.static(path.join(__dirname, 'files')));

CodePudding user response：

You should use express.static as a middleware. And then to only allow authenticated users to access files, you coulld register isLoggedIn middleware before it. Please , see the code bellow, this should work.

var express = require('express');
var router = express.Router();

router.use(isLoggedIn); // this must come before express.static
router.use(express.static(path.join(__dirname, 'files')));

/* Get files */
router.get('/*', function(req, res, next) {
 console.log('get files called ');
});

function isLoggedIn(req, res, next){
 if(req.isAuthenticated()) return next();
 res.redirect('/');
}

module.exports = router;