Protected directory and API requests problem

Operating System & Version
OS X 15
cPanel & WHM Version
82.0
A

amirsolo

Registered
Jun 11, 2020
2
0
1
US
cPanel Access Level
Website Owner
Hey everyone.
I just deployed a Node.JS app on to my cpanel (shared hostings) but that nodejs app is a server (backend) that I can send request to different routes and get a response.
So basically a REST API app. but the problem is I don't want other people to have access to my files in the root directory
right now anyone can enter "mysite.com/package.json" or "mysite.com/server.js" and access these files (for example server.js or index.js)
So I did add password protection for that directory
But now the problem is that I can't send any request from my client app (with Javascript) and says "401 Unauthorized"
(a fetch request to my routes. for example: fetch("mysite.com/users/getname"))

What can I do ?? I don't want anyone to just type in the url and access my files but at the same time I need to send request from my client app
 
A

amirsolo

Registered
Jun 11, 2020
2
0
1
US
cPanel Access Level
Website Owner
After a day of searching and trying I finally solved that problem
so there are 2 ways for solving this problem, that I know of :)

1. You can change the permission of all of those files and make them to 640 permission, and by 640 It means that you should uncheck the read permission under "world"
so now, no one can read it even if they type the url and want to access your files

2. second way which is probably the better way to do it is to have a wild card in your Nodejs routes like this:
JavaScript: 
if (process.env.NODE_ENV === 'production') {

    app.use(express.static('./build'));

    app.get('*', (req, res) => {
        res.sendFile(path.resolve(__dirname, 'build', 'index.html'))
    });

}
So you would have an index.html page to return to your users when they hit different urls and they won't get your private files

It was really a simple problem but since there are not a lot of resources out there on deploying NodeJS apps on Cpanel, It could be a little frustrating to find a solutions.
Hope this would help
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
000 is secure use "open_basedir" in PHP8 ?, or how to enable shell_exec() ONLY over ONE directory? Developer Experience 6
O Is the @INC directory for custom Perl modules safe from being overwritten? Developer Experience 1
S Password protected directory login form? Developer Experience 9
N Password Protected Directories and Comparing Passwords Developer Experience 3
I I need help developing password protected directories! Developer Experience 3
Similar threads
is secure use "open_basedir" in PHP8 ?, or how to enable shell_exec() ONLY over ONE directory?
Is the @INC directory for custom Perl modules safe from being overwritten?
Password protected directory login form?
Password Protected Directories and Comparing Passwords
I need help developing password protected directories!
Top Bottom