express handlebars.js private secure-coding

How can I access secure files with express?

nodeapp
   -public
            -CSS
                       -style.css
   -pictures
            -secretImage.png
   -views
            -index.hbs
            -login.hbs
            -profile.hbs
   -server.js

const staticFiles = path.join(__dirname, './public')
app.use(express.static(staticFiles))
app.set('view engine', 'hbs')

I'm keeping my css in the public directory accessed in html like this: href="/css/style.css" which is fine, but I need to store some pictures that should only be available to users that are logged in. If my pictures are in the pictures folder, how can I access them?

Solution

You can use the sendFile method...

app.get('/picture/:pictureName', (req, res) => {
     const valid = /* Do your logic to grant access */

     if (valid === false) {
         return res.status(403).send('Not allowed')
     }

     res.sendFile('your file path')
})

Cookies headers are present but Cookies are not stored in browser
Why is my Node.js server returning a 404 error for valid routes?
How to fix 'Error: querySrv EREFUSED' when connecting to MongoDB Atlas?
How to loop through JSON Object to some of key - value pair which are related in key-name
Extend Express Request object using Typescript
How to name an anonymous function or a express middleware in JavaScript?
Configure Nginx and Express to correctly serve static files
How to insert data from a React form to mysql?
Deploying NodeJS application in IIS server
How to stop CORS from blocking connections to my node netlify server?
Except from memory and CPU leaks, what will be reasons for Node.js server might go went down?
Jest mockImplementation doesn't appear to override initial mocked module's function
Feach data from node.js backend - 401 (Unauthorized)
Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client. Why does it occurs?
res.render ONLY after multiple data queries have finished
Node JS + Mongo DB: ValidationError: User validation failed: username: Path `username` is required
CORS issue with express.js
Node.js/Express configuration for Azure OIDC not returning requested refresh token
React/Express set-cookie not working across different subdomains
How can I write multiline MySQL queries in Node.js using backticks?
Retrieve customer ID in stripe during checkout
Make indentation without new line?
Does anyone know why express module type imports are not supported by graph ql upload?
Error : "Could not connect to any servers in your MongoDB Atlas cluster"
How do I resolve JetBrains WebStorm 'Unresolved variable webServ' warning?
Is there a way to include hyperlinks in the body of a Twilio SMS?
Express Server not able to bind to any port. app.Listen() is returning `Uncaught Exception` for all ports I am trying
Error: secretOrPrivateKey must have a value
How can I set NODE_ENV=production on Windows?
Why do I get this error: Postman Error: Malformed part header?