-2

I am making a bot that users can request to have files sent to them, but I want to make sure that they don't ask for a file in, like

../../mysecretstash/stuff.jpg

Not just if it exists, if it is inside of a certain folder.

How can I do this in node.js?

holmrekR
  • 28
  • 5
  • Possible duplicate of [Check synchronously if file/directory exists in Node.js](https://stackoverflow.com/questions/4482686/check-synchronously-if-file-directory-exists-in-node-js) – cldrr Dec 19 '17 at 10:28
  • How do they request a file? Is the bot sitting behind an an http server? – Sello Mkantjwa Dec 19 '17 at 10:39

1 Answers1

0

I want to make sure that they don't ask for a file in

That you can configure by using a route and then checking if he can access or not access. If you are using Express, something like this would be enough:

app.all("/specialfolder/*", function (req, res) {
    // check what to do
    if(returnFile) {
       // send the file
    } else {
       // send 404 or other unauthorized codes, e.g. 403
    }
});

You can configure these routes for as many folders as you want, secondly you can configure a regex to match the URLs, or you can put all sensitive information inside a single folder and then control URL routing for that — the way I did above.

Also note, that bot would still be able to access the content. It is only the user who will not be able to access the file directly. If the access has to be controlled with the Bot, then that depends on the framework you are trying to use.

Lastly, please note that you would need to write this above any other 

app.use(express.static());

Because, the Node.js framework works in a pipeline, and this app.all() will intervene and deny the access to files before public access is granted.

Afzaal Ahmad Zeeshan
  • 15,669
  • 12
  • 55
  • 103