Expose routes on different domains - node.js

I am struggling with something that doesn't look that hard : let's say I have 2 urls to access my server :
http://localhost:80/
and an external url
http://domain.com/internal/
Is there a way to do add a basepath internal if the forwarded host is equal to the external url host?
Something like :
app.use(function(req, res, next) {
if (req.headers['x-forwarded-host'] === 'domain.com') {
app.use('/internal', routes);
} else {
next();
}
})

There wont be any direct method as in a shortcut to work your way around for personal use cases.
I suggest this simple method though. Let's take example of app.get('/xyz') route.
This can be accessed locally via http://locahost:80/xyz or yourdomain.com/xyz via any application not hosted locally (Unless you make a call using your domainname in your own application).
Add a header element with every request when the call is internal.
Now, whenever our/xyz route is called check for that header element using a if condition and if the request is made internally you'll have that header element there and then you can simply use either res.redirect or any other method that you find useful (Exporting function in current route or anything else you find easy and needful).

Related

How can I share a root path using Express?

I want to be able to have two endpoints sharing the root path, both for different purposes.
One will be for obtain a user via its ID and the other via token.
Right now I have the following routes:
router.get('/:idUser', paramValidationRules(), validate, verifyJWT, getUserFromId);
router.route('/me').get(verifyJWT, getUserFromToken);
Running tests, the 'me' on the second route is considered a parameter and its redirected to the first route. Is possible to share a root path specifying that one will be used strictly to 'me' and the other one to an integer?
First, you're always hitting /:idUser before /me, so it will always stop at /:iduser and never react me.
So to solve the issue that you can never access /me, put the /me route declaration before /:idUser.
As to only catching numbers, there isn't a built in way, but you could use middleware (and change the order of your routes to the original):
router.get('/:idUser', function(req, res, next) {
req.id = /^\d+$/.test(req.params.idUser);
next();
}, paramValidationRules(), validate, verifyJWT, getUserFromId);
Then, (unfortunately) in all your middleware and handler (or just the handler) in the opening of the function add:
if(!req.id)
return next();

What is the best way to conditionally serve static files in Express?

I'm building an application that has two separate parts to it, which on the frontend I am building as two separate Angular apps. I am doing it this way so that I can better divide control access to he codebase and not unnecessarily give some team members access to code they do not need.
So there are two separate applications, served from the same NodeJS server. The app that is served depends on whether the user is logged in. If they are a guest user, they get one version app, if they are registered user they get a privileged version of the app with more features.
How can I conditionally/dynamically serve static files in Express, so as to say, "if User1 is a guest, serve Application A, otherwise serve Application B"?
If it's just one file you're talking about serving (e.g. app-1.js or app-2.js) then you don't need express.static. You can just handle the request in a normal route handler with res.sendFile like so:
app.get('/get-app', function(req, res) {
if (userIsLoggedIn()) {
res.sendFile('/path-to-logged-in-app.js')
} else {
res.sendFile('/path-to-logged-out-app.js')
}
})
More about res.sendFile here.
If you want to serve multiple files via express.static, you'll need two instances of express.static middleware, and another piece of middleware on top of that to modify the request url depending up on the user's logged in status. Maybe something along the lines of the following:
// Middleware function to modify the request url based on user's status
function checkUser(req, res, next) {
if (userIsLoggedIn()) {
req.url = `/app-1/${req.url}`
} else {
req.url = `/app-2/${req.url}`
}
next()
}
// Set up the middleware stack
app.use(checkUser)
app.use('/app-1', express.static(path.join(__dirname, 'app-1')))
app.use('/app-2', express.static(path.join(__dirname, 'app-2')))
More about writing your own middleware here. You also might want to add some logic in checkUser to only prepend to urls requesting static files (e.g. request urls to /assets/foo.js get the prepend treatment but requests to /api/some-api-function do not).
All that said, I'm not that familiar with Angular but I'd suggest investigating other ways to serve logged in / logged out content. I'm assuming there is some concept of components or "views" in Angular, and it's probably a lot cleaner to just render a "LoggedIn" or "LoggedOut" component/view vs. sending a whole different "app".

Unable to access ExpressJS route via href link

I'm not sure if this is a security feature or if I'm missing something obvious. I need to access one of my ExpressJS routes directly via a standard link on the page.
If I type the URL in to my browser location bar, I get the desired result. However, if I put that exact URL in a standard link on one of the pages on the site, the route never gets hit.
EDIT: Even if I pull this out of the router and add directly to app.js I get the same results. I'm simply trying to use Passport's Facebook authentication. The first route looks like this:
router.get('/login/facebook', function(req, res, next) {
passport.authenticate('facebook')(req, res, next);
});
I realize the req function wrapper is not needed, I was using it for debugging so I could see when the route gets called.
If I set a breakpoint there, it works fine if I just type the "/api/login/facebook" URL into my browser, but if I put the exact URL in a link on the page, the route never gets hit.
It turns out this was caused by Angular's routing mechanism intercepting the links. I found the solution here:
How to get Angular UI Router to respect "non-routed" URLs

Easiest way to password protect my Laravel app online for development purposes

I am wanting to password protect my laravel application, ideally just on the deployment server (I'm using Fortrabbit), however, I don't mind logging in to my local development server.
I initially thought a route filter would suffice, but this doesn't seem to work:
Route::get('/', array('before' => 'auth.basic', function()
{
// Only authenticated users may enter...
}));
At the top of my route file, this is completely ineffective, however, at the bottom of my route file, it does seem to work, but if I physically type a sub-directory in, i.e. localhost:8888/user/ it seems to override it.
Any guidance as to how you show your applications to clients (without Google, anyone else finding them), would be hugely appreciated.
You need to apply the 'before' auth filter to all routes that require it.
The reason why it does not work at the top of your routes file is probably because you're specifying another GET route pointing to '/', whereas at the bottom of the file it will work fine since the route with auth.basic overwrites it.
You can do something like this to specify that all routes should be protected:
Route::group(array('before' => 'auth.basic'), function()
{
// all your routes placed in here will be protected by auth.basic
});
Can you make a group around your routes.
http://laravel.com/docs/routing#route-groups
(as suggested before me I see so I borrowed the code (give credit to that poster))
Route::group(array('before' => 'auth.basic'), function()
{
// all your routes placed in here will be protected by auth.basic
});
or
maybe you can use a patern based "*" wildcard at your routes?
Route::get('*', array('before' => 'auth.basic', function() {
// Only authenticated users may enter... }));
http://laravel.com/docs/routing#route-filters
Is a .htaccess file possible at fortrabbit?
than maybe use: http://www.htaccesstools.com/articles/password-protection/
Sometimes I use Pagekite to temporarily allow access to a site on my local development box : https://pagekite.net/

Node.js redirect to another node.js file

I want to do a re-direction from one nodejs file to another nodejs file. I used res.redirect(URL), but when execute it says "cannot GET /nodepage"
Currently I am using
// Handler for GET /
app.get('/nodepostgres', function(req, res){
res.redirect('/nodepost.js?a=1');
});
I think there are a few things that you don't explain properly or don't understand properly in your question.
I am not sure what you mean about "re-direction from one nodejs file to another nodejs file". You seems to think that a node script file correspond to a URL (or a page). That's wrong. A node script correspond to an application that may (or may not) expose several pages through several URL and can imports application logic from other script files (you will run a single root script file for a site or application). It's totally different from what you may know with (vannilla, no framework) PHP.
Exposing different pages through different url is called Routing, all Express documentation about routing can be found here.
What I understand is that your trying to make a function / page / Url per script : nodepost.js file is a page. Code organization is a good thing but let's focus on how node + express works first.
From what I understand, you're applicaton has a few exposed url, let's say :
"/" homepage
"/nodepostgre" (maybe accepting an 'a' arg ?)
"/nodepost" accepting an arg : a
Note : we forget the id of file = page, we don't want an extension to appear on URL so nodepost.js becomes nodepost
What you can do is setup the 3 url expositions :
app.get('/', function(req, res) { res.render('home'); }); // render the home page
app.get('/nodepost', function(req, res) { // expose the nodepost function
var a = req.params.a;
doSomethingWith(a);
// res.render, res.send ? whatever you want...
]);
app.get('/nodepostgres', function(req, res){ // use of res.redirect(url[, status])
res.redirect('/nodepost');
});
Is that what you want ?
Then, here is a more elegant way to handle params ("a").
app.get('/notepost/:a', function(req, res) { // called via /nodepost/here_goes_a_valu ; no "?"
var a = req.params.a;
});
Why is it better ?
Respect REST (may not be the best link to describe rest but...)
Allows you to expose '/nodepost' without params
Certainly one million other things

Resources