Using express.static middleware in an authorized route

Question

I'm using node with express and passportjs to restrict access to files located in a private folder. I have reduced my code to the following. Everything in the public static folder works great but route targeting the private folder through the use of the staticMiddleware returns 404 errors.

var express = require('express')
,   util = require('util');

var app = express.createServer();
var staticMiddleware = express.static(__dirname + '/private');

app.configure(function() {
  app.use(app.router);
  app.use(express.logger('dev')); 
  app.use('/public',express.static(__dirname + '/public'));
});

app.get('/private/:file', function(req, res, next){
    console.log('about to send restricted file '+ req.params.file);
    staticMiddleware(req, res, next);
});
app.listen(16000);

I was using the following references that seems to work for others, so I must be missing something. It won't work for me showing only 404 responses for the content located in the private area.

Node.js module-specific static resources

NodeJS won't serve static files, even when using express.static

Redirecting to a static file in express.js

I could have sworn I had this working before, maybe it was broken in a new version of something.

Node v0.8.1
npm 1.1.12
express@2.5.11
connect@1.9.2

I was looking for the exact same thing. Had a few ideas on how to do it, but thanks for answering it yourself. This was a very nice solution. — Mathias, Nov 11 '15 at 23:56

eephillip · Accepted Answer · 2014-11-30T03:42:18.800

sheesh staring at me the whole time

app.get('/private/:file', function(req, res, next){
    console.log('about to send restricted file '+ req.params.file);
    req.url = req.url.replace(/^\/private/, '')
    staticMiddleware(req, res, next);
});

Edit 11-29-2014

So after someone posted to the question I came back to this answer to find that even though I mention passportjs I never showed how I ended up using this function.

var staticMiddlewarePrivate = express['static'](__dirname + '/private');

app.get('/private/*/:file', auth.ensureAuthenticated, function(req, res, next){
    console.log('**** Private ****');
    req.url = req.url.replace(/^\/private/, '');
    staticMiddlewarePrivate(req, res, next);
});

score 0 · Answer 2 · answered Nov 07 '14 at 19:47

0

You can also add express.static(__dirname + '/private'); to your app.config.

app.configure(function() {
  app.use(app.router);
  app.use(express.logger('dev')); 
  app.use('/public',express.static(__dirname + '/public'));
  app.use('/private',express.static(__dirname + '/private'));
});

The private path middleware would be executed anytime a path began with private.

answered Nov 07 '14 at 19:47

Kyle Copeland

479
1
3
14

1

This would expose the static files correctly, but it wouldn't keep them password protected. My understanding is that @eephillip wanted to have them served but also password protected through passwordJS. – Mathias Nov 11 '15 at 23:58

Using express.static middleware in an authorized route

2 Answers2

Linked