Added optional jsonWebToken authorization before getting uploads.

parent 810b2765
......@@ -22,6 +22,7 @@ const express = require('@feathersjs/express')
const primus = require('@feathersjs/primus')
const auth = require('@feathersjs/authentication')
const jwt = require('@feathersjs/authentication-jwt')
const jsonWebToken = require('jsonwebtoken')
const middleware = require('./middleware')
const services = require('./services')
......@@ -77,13 +78,26 @@ app.service('authentication').hooks({
}
})
app.get('/uploads/:domain/:id', function (req, res) {
res.sendFile(`${req.params.domain}/${req.params.id}`, {root: `${dataDirectoryPath}/uploads/`}, err => {
if (err) {
res.status(err.status).end()
}
app.get('/uploads/:domain/:id',
// authenticate request with JSONWebToken
// optional
function (req, res, next) {
jsonWebToken.verify(req.headers.authorization, secretFile.secret, (err) => {
if (err) {
res.status(401).end()
} else {
next()
}
})
},
// fetch file and return
function (req, res) {
res.sendFile(`${req.params.domain}/${req.params.id}`, {root: `${dataDirectoryPath}/uploads/`}, err => {
if (err) {
res.status(err.status).end()
}
})
})
})
// Configure other middleware (see `middleware/index.js`)
app.configure(middleware)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment