I am using node.js and express as the route method, my route looks like:
Set the website routes
app.use('/public', express.static('./public'));
app.use('/web', express.static('./web'));
how can I set restrict access to 'public' and 'web' folders in one method, currently I am using two line, this code
app.get('/public*', checkPermissions, function(req,res,next){ next(); });
app.get('/web*', checkPermissions, function(req,res,next){ next(); });
The checkPermissions function should look like this:
function checkPermissions(req, res, next) {
// logic to check whether user has permissions or not.
// example:
if (req.user.permissions == 'admin') {
next();
} else {
// redirect if user doesn't have permission.
res.redirect('/no-permissions');
}
}
If you really want to make it fit in 1 line (dependent on lodash or underscore):
_.(['/public*', '/web*']).each(function(route) {
app.get(route, checkPermissions, function(req, res, next) { next(); });
});