问题
I want to exclude the public folder and all static files and subfolders from express router.
Currently I have defined 1) the public folder, 2) the router as suggested in several SF answers:
// public folder
self.app.use(express.static(path.join(__dirname, 'public')));
// static pages
self._options.staticRoutes.forEach(route => {
self.app.use(BASEPATH + route, express.static(path.join(__dirname, 'public')));
});
// register page renderer
router.get(BASEPATH, renderer.render());
// templates
self._options.routes.forEach(route => {
self.app.use(BASEPATH + route, router);
});
// router
self.app.use(BASEPATH, router);
// register error handlers
self.app.use(renderer.logErrors());
self.app.use(renderer.clientErrorHandler());
self.app.use(renderer.catchAll());
Later on I have a catch all that checks the user login:
self.app.use(function (req, res, next) {
var redirect_uri = '/login';
if (req.user) {
return next();
} else {
return res.redirect(redirect_uri);
}
});
This route causes the 304 redirect on static files as well under the public folder.
An option would be to use a path based middleware like here:
var unless = function (middleware, ...paths) {
return function (req, res, next) {
const pathCheck = paths.some(path => path === req.path);
pathCheck ? next() : middleware(req, res, next);
};
};//unless
to be used like
app.use(unless(redirectPage, "/user/login", "/user/register"));
But how to apply in my case? Let's consider that public files are server under the / path (i.e. the public folder) and its subfolders (like css, js, images or even files like favicon.ico, robots.txt, etc.).
回答1:
There are multiple ways to use middlewares in express.
Instead of excluding the static/public resources from an application-level login check (here you could read the request and skip the check for certain paths), I would rather use router-level middlewares at your sensitive paths.
You can define router-level middlewares right there in your present routing calls like this:
router.get('/path_of_the_route', middleware1, middleware2, ..., requestHandler);
Usually I do something like this:
serverApp.use(express.static(__dirname + '/public'));
// loginController renders the login pages (and password-reset etc) and provides login/logout functionality
router.use('/', loginController);
router.use('/login', loginController);
// every request to the '/secured' path will be send through the authentication check middleware
router.use('/secured', loginController.checkLoginMiddleware, securedContentPageController);
来源:https://stackoverflow.com/questions/58375400/exclude-public-folder-from-express-router