DigitalOcean

Question

How to Restrict Access to a Directory

Hello DigitalOcean Commmunity!

I’m very new to app development, but the tutorials in this community have given me the confidence and the inspiration to learn a lot about what the DigitalOcean App Platform is capable of. And I’m having a lot of fun!

I need a little help understanding how I can restrict access to a directory on the DigitalOcean App Platform.

So far, I built a small app using Node.js with Express for the backend, powered by the Bootstrap framework on the frontend. Both are listed as resources for my app and are functioning well.

The problem I’m having is: I want to restrict users from accessing the /app directory if they’re not logged in. In other words, if a user who isn’t logged in tries to access https://www.example.com/app (or https://www.example.com/app/index.html), I want the user to be redirected to https://www.example.com/login.html.

Here’s an example of the file structure I’m working with right now:

| api
| |-- app.js
| app
| |-- index.html
|-- index.html
|-- login.html

The /app directory will house the majority of the app, while the root directory (with its own index.html and login.html files) will serve as the landing site/splash page for first-time users.

I’ve previously used a .htaccess file to restrict access to certain directories using Apache, but since I’m not running a VPS and I don’t need to block access to the entire directory (since logged in users should be permitted access), how can I accomplish this on the App Platform?

Apologies if this question is a bit naïve. I’m new to this and am really using it as a sandbox for the time being, but I’m hopeful I can learn a bit and press on with the design of my app to build something useful.

Thank you in advance for the help!

Edit: Formatting.

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
February 13, 2024

Heya @lovableaquamarinewalrus,

Welcome to the exciting world of app development! It’s great to hear that you’ve been inspired by the DigitalOcean community and tutorials.

To achieve the functionality where unauthorized users are redirected to the login page when they try to access the /app directory, you can use middleware in your Express application. Middleware functions are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle.

Here’s a basic example of how you could implement this:

  1. Create a Middleware Function: This function will check if the user is logged in. If not, it will redirect them to the login page.
function ensureAuthenticated(req, res, next) {
    if (req.isAuthenticated()) { // `isAuthenticated` should be a function that checks user's login status
        return next();
    }
    res.redirect('/login.html'); // Redirect to login if not authenticated
}

Apply the Middleware to Your App Directory: Use this middleware function for routes that you want to protect.

const express = require('express');
const app = express();

// Other middleware setup like body-parser, etc.

app.use('/app', ensureAuthenticated); // Protecting the /app route

// Define other routes

Implement Authentication Check (isAuthenticated): The isAuthenticated function used in the middleware should be a part of your authentication logic. This might involve checking if there’s a valid session or if the user’s credentials are stored and valid.

Session Management: Ensure that your application correctly manages user sessions. This is usually done using packages like express-session and potentially passport for handling user authentication.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Learn more

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Learn more

Featured Tutorials

Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes

DigitalOcean Products

CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel
© 2024 DigitalOcean, LLC.Sitemap.