Release url that start one way

Asked

Viewed 41 times

0

I am using jwsonwebtoken and would like to release urls with dynamic ending that is to download files

For that I have the following code:

import * as jwt from 'jsonwebtoken'
import env from '../env';

const jwtMiddleware = deps =>{
    return async (req, res, next)=>{
        if( !deps.exclusions.includes( req.href() ) ){
            const token = req.headers['x-access-token']
            if( !token ){
                res.send( 403, {error: 'Token não fornecido'} )
                return false
            }
            try {
                req.decoded = jwt.verify( token, env.JWT_SECRET )
            } catch (error) {
                res.send( 403, { error: 'Falha ao autenticar o token'})
                return false
            }
        }
        next()
    }
}

export default jwtMiddleware

I delete url like this:

 routeProtect(){
        let exclusions = ['/api/usuario/login',
                          '/api/anexo/file/*']
        this.app.use( jwtMiddleware( {exclusions} ) )
    }

I would like to release all url starting with /api/attachment/file/ because the ending is dynamic:

http://localhost:300/api/anexo/file/yhml12ds.pdf

1 answer

1


Using the code req.url.substr(0,req.url.lastIndexOf('/')), it leaves the url this way http://localhost:300/api/anexo/file.

So if the url you are requesting is /api/anexo/file the system will release to pass through, it is also even the ones you add in the delete array.

import * as jwt from 'jsonwebtoken'
    import env from '../env';

    const jwtMiddleware = deps =>{
        return async (req, res, next)=>{
            if( !deps.exclusions.includes(req.url.substr(0,req.url.lastIndexOf('/')))) ){
                const token = req.headers['x-access-token']
                if( !token ){
                    res.send( 403, {error: 'Token não fornecido'} )
                    return false
                }
                try {
                    req.decoded = jwt.verify( token, env.JWT_SECRET )
                } catch (error) {
                    res.send( 403, { error: 'Falha ao autenticar o token'})
                    return false
                }
            }
            next()
        }
    }

    export default jwtMiddleware


   routeProtect(){
        let exclusions = ['/api/usuario/login','/api/anexo/file/']
        this.app.use( jwtMiddleware( {exclusions} ) )
    }

  • I’m trying and I still can’t... When you release the attachment blocks the login. Here my test code

  • I did it! Only from your idea I did the following: when the url has file in the middle, I release to the attachment, for example: final /api/attachment/, when I pass the url with final file. Ex.: /api/anexo/file, I did so: let url = req.url.lastIndexOf('file') > 0 ? req.url.substr( 0,req.url.lastIndexOf('file') ) : req.href(), and then added this url to includes: deps.exclusions.includes( url ) Ai worked!.. But it was from your idea. Thank you so much for the help!

  • Not at all, my friend, if you need us

Browser other questions tagged

You are not signed in. Login or sign up in order to post.