Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Exclude sub directory from static files in express

Is there any way to exclude sub directory from express static middleware in express 4.8.5.

For example if I have :

app.use(express.static(__dirname + 'public'));

And my public directory is like this :

- public  
   - css
   - images
   - scripts
   - index.html
   - exclude_me
        - scripts
        - views
        - index.html

So I need to exclude last sub directory and when user does :

GET /exclude_me

It should call my route rather than returning directory automatically.

I can't just remove it from public dir because it depends on stuff inside it because public directory is angular application and exclude_me is another angular application that fetches scripts from /exclude_me/scripts AND from /public/scripts.

I know it is little confusing but it is how it is and I cannot just remove it from public dir because it won't see public/scripts any more which are needed and I cannot leave it because I cannot authorize it then (all authorization is in public/scripts)

If there is some smarter way to do this, feel free to let me know :)

like image 309
Ivan Longin Avatar asked Feb 23 '15 18:02

Ivan Longin


2 Answers

You can add your own middleware. Here's what I did to exclude some folders:

app.use('/public', (req, res, next) => {
  if (env !== 'development') {
    var result = req.url.match(/^\/js\/(maps|src)\/.+\.js$/)
    if (result) {
      return res.status(403).end('403 Forbidden')
    }
  }
  next()
})
app.use('/public', express.static(path.join(__dirname, '/public')))
like image 59
Rivenfall Avatar answered Oct 22 '22 06:10

Rivenfall


It's possible by adding regular expressions to the first optional param of use method.

According with Express 4.x API path documentation.

Example, I don't want to give access to my secure folder inside public folder:

var express = require('express');
var app = express();

app.use([/^\/public\/secure($|\/)/, '/public'], express.static(__dirname + '/public'));

This will allow you to access all files but not the ones in the secure folder.

You can use it also to restrict a file extension, example files that ends with .js.map:

app.use([/(.*)\.js\.map$/, '/public'], express.static(__dirname + '/public'));

And you also can add multiple rules, like this example where secure folder and files that end with .js.map are ignored from the static folder:

app.use([/^\/public\/secure($|\/)/, /(.*)\.js\.map$/, '/public'], express.static(__dirname + '/public'));
like image 13
Gabriel Gartz Avatar answered Oct 22 '22 05:10

Gabriel Gartz