Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/node.js/34.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Javascript 保护上载的文件并仅允许授权用户访问_Javascript_Node.js - Fatal编程技术网
Fatal编程技术网
  • javascript/
  • Javascript 保护上载的文件并仅允许授权用户访问

Javascript 保护上载的文件并仅允许授权用户访问

javascript node.js

Javascript 保护上载的文件并仅允许授权用户访问,javascript,node.js,Javascript,Node.js,我正在使用Multer上传一些文件,我想知道上传后保护对这些文件的访问的推荐方法是什么 我有两种类型的用户;管理员和普通用户。用户只能上传照片,只有管理员可以访问照片的url 上载文件的我的文件夹结构:/public/uploads/teacher/ 这是我的代码: server.js // This is auth middleware which checks if access token is valid to access API app.all('/api/*', [require(

我正在使用Multer上传一些文件,我想知道上传后保护对这些文件的访问的推荐方法是什么

我有两种类型的用户;管理员和普通用户。用户只能上传照片,只有管理员可以访问照片的url

上载文件的我的文件夹结构:
/public/uploads/teacher/

这是我的代码:

server.js

// This is auth middleware which checks if access token is valid to access API
app.all('/api/*', [require('./validateReq')]);

app.use('/', require('./routes'));
app.use(express.static('public'));

var teacher = require('./teachers.js');

router.post('/upload', teacher.uploadAvatar);

var multer      = require('multer');
var upload      = multer({ dest: 'uploads/teacher/' }).single('avatar');

uploadAvatar: function(req, res) {
    upload(req, res, function(err) {
        console.log(req.body);
        console.log(req.file);

        if(err) {
            return res.end("Error uploading file.");
        }
        res.end("File is uploaded");
    });
}
routes/index.js

// This is auth middleware which checks if access token is valid to access API
app.all('/api/*', [require('./validateReq')]);

app.use('/', require('./routes'));
app.use(express.static('public'));

var teacher = require('./teachers.js');

router.post('/upload', teacher.uploadAvatar);

var multer      = require('multer');
var upload      = multer({ dest: 'uploads/teacher/' }).single('avatar');

uploadAvatar: function(req, res) {
    upload(req, res, function(err) {
        console.log(req.body);
        console.log(req.file);

        if(err) {
            return res.end("Error uploading file.");
        }
        res.end("File is uploaded");
    });
}
routes/teachers.js

// This is auth middleware which checks if access token is valid to access API
app.all('/api/*', [require('./validateReq')]);

app.use('/', require('./routes'));
app.use(express.static('public'));

var teacher = require('./teachers.js');

router.post('/upload', teacher.uploadAvatar);

var multer      = require('multer');
var upload      = multer({ dest: 'uploads/teacher/' }).single('avatar');

uploadAvatar: function(req, res) {
    upload(req, res, function(err) {
        console.log(req.body);
        console.log(req.file);

        if(err) {
            return res.end("Error uploading file.");
        }
        res.end("File is uploaded");
    });
}
如果用户上传了一个文件
john_doe.png
,我如何将对以下Url的访问权限限制为只允许教师/管理员访问,使其不公开:
localhost:8000/uploads/teacher/john_doe.png
。在这种情况下,最佳做法是什么?

这与在返回资源之前添加身份验证过程没有什么不同。有各种各样的方法可以做到这一点。例如,在最基本的级别中,可以使用。您还可以使用cookies(特别是httpOnly cookies)来传递授权cookies等等

鉴于您已经有了类似的中间件,您可以使用它来检查用户是否具有管理员权限,然后再授权他们查看资源