我现在正在使用撇号cms,并已使用Apostrophe-Saml将整个应用程序置于SAML IDP后面。但是,我注意到用户上传的文件被放置在“公共”目录中,并且无需登录即可查看。有没有办法可以在身份验证之后保护上传的图像/视频/文件?
撇号表达模块具有中间件选项,但是在访问静态内容时似乎未使用该选项。
我的下一个尝试是重写撇号方法
self.servePublicAssets = function() {
var middleware = [];
if (self.lessMiddleware) {
// bc: only if the new implementation of enableLessMiddleware is in place.
// If it's an old override, it'll already be added to Express and
// this property won't be set
middleware.push(self.lessMiddleware);
}
//THIS NEXT LINE IS THE LINE OF INTEREST
middleware.push(self.apos.express.static(self.apos.rootDir + '/public'));
//SEE THE LINE ABOVE
self.expressMiddleware = {
// Run really early, before all of the stuff apostrophe-express normally
// puts in, for performance reasons. Preempts expensive
// queries related to `apostrophe-global` on every static file
when: 'beforeRequired',
middleware: middleware
};
};
我实质上是试图将“兴趣线”换成类似这样的东西:
middleware.push(self.apos.app.use(self.apos.rootDir + '/public', authMethod(), self.apos.express.static(self.apos.rootDir + '/public')));
但这似乎也不起作用。是否有人有任何想法或确切地知道该怎么做?谢谢。