Protected directory and API requests problem

Operating System & Version
OS X 15
cPanel & WHM Version
82.0

amirsolo

Registered
Jun 11, 2020
2
0
1
US
cPanel Access Level
Website Owner
Hey everyone.
I just deployed a Node.JS app on to my cpanel (shared hostings) but that nodejs app is a server (backend) that I can send request to different routes and get a response.
So basically a REST API app. but the problem is I don't want other people to have access to my files in the root directory
right now anyone can enter "mysite.com/package.json" or "mysite.com/server.js" and access these files (for example server.js or index.js)
So I did add password protection for that directory
But now the problem is that I can't send any request from my client app (with Javascript) and says "401 Unauthorized"
(a fetch request to my routes. for example: fetch("mysite.com/users/getname"))

What can I do ?? I don't want anyone to just type in the url and access my files but at the same time I need to send request from my client app
 

amirsolo

Registered
Jun 11, 2020
2
0
1
US
cPanel Access Level
Website Owner
After a day of searching and trying I finally solved that problem
so there are 2 ways for solving this problem, that I know of :)

1. You can change the permission of all of those files and make them to 640 permission, and by 640 It means that you should uncheck the read permission under "world"
so now, no one can read it even if they type the url and want to access your files

2. second way which is probably the better way to do it is to have a wild card in your Nodejs routes like this:
JavaScript:
if (process.env.NODE_ENV === 'production') {

    app.use(express.static('./build'));

    app.get('*', (req, res) => {
        res.sendFile(path.resolve(__dirname, 'build', 'index.html'))
    });

}
So you would have an index.html page to return to your users when they hit different urls and they won't get your private files

It was really a simple problem but since there are not a lot of resources out there on deploying NodeJS apps on Cpanel, It could be a little frustrating to find a solutions.
Hope this would help