How to protect a file when downloading if authorization occurs through socketcluster?

T

Timur Evgazhukov2018-10-19 14:42:50

Node.js

Timur Evgazhukov, 2018-10-19 14:42:50

My site works entirely through websocket and uses the socketcluster library, including authorization goes through it. From a closed area, users need to download pdf files and no one else should be able to do this, but I don’t understand how to check if the get request to download a file from an authorized user passed, because. I catch the request through express.js, and all the authorization data is encapsulated in socketcluster and it’s not very clear to me how to combine them.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vlad, 2018-10-19
@DaFive

Generate a download link according to the authorization data that you put in the authToken. The file can be given for downloading from a closed folder according to this data. Add the user's hash to the link and put this hash in the token. If you requested an address for downloading with a token and there is a token (that is, the user is authorized) - give the file, otherwise 403.

I

Ivan Shumov, 2018-10-19
@inoise

Take authentication outside of your applications. Use openID + JWT.