serve-tpl-download.js/README.md

serve-tpl-download
==================

A fork of the original `serve-index` template that, in combination with `serve-static`,
provides support for direct file downloads.

```js
var express = require('express');
var app = express();

var serveIndex = require('serve-index');
var serveTpl = require('serve-tpl-download');
var serveDirs = serveIndex({ template: serveTpl() });

app.use('/', function (req, res, next) {

  // enable direct downloads for express.static()
  if (req.query.download) {
    res.setHeader('Content-Type', 'application/octet-stream');
    res.setHeader('Content-Disposition', 'attachment; filename="'+path.basename(req.url)+'"');
  }
  express.static('./public')(req, res, function () {
    serveDirs(req, res, next);
  });
});
```

Additional Options
==================

### privatefiles

As an additional security precaution you can ignore files which are not world-readable.

For example, this would prevent files in a `~/.ssh` from being read even when `dotfiles` are allowed.

`{ privatefiles: 'ignore' }`

```js
var serveTpl = require('serve-tpl-download');

var serveTemplate = serveTpl({ privatefiles: 'ignore' })
```

This is most effective on Unix-based systems (macOS, Linux, Android).
Windows may rely on ACLs instead of user-group-other style permissions.
initial commit 2018-08-12 09:27:28 +00:00			`serve-tpl-download`
			`==================`

			A fork of the original `serve-index` template that, in combination with `serve-static`,
			`provides support for direct file downloads.`

			```js
			`var express = require('express');`
			`var app = express();`

			`var serveIndex = require('serve-index');`
			`var serveTpl = require('serve-tpl-download');`
			`var serveDirs = serveIndex({ template: serveTpl() });`

			`app.use('/', function (req, res, next) {`

			`// enable direct downloads for express.static()`
			`if (req.query.download) {`
			`res.setHeader('Content-Type', 'application/octet-stream');`
			`res.setHeader('Content-Disposition', 'attachment; filename="'+path.basename(req.url)+'"');`
			`}`
			`express.static('./public')(req, res, function () {`
			`serveDirs(req, res, next);`
			`});`
			`});`
			```

			`Additional Options`
			`==================`

			`### privatefiles`

			`As an additional security precaution you can ignore files which are not world-readable.`

			For example, this would prevent files in a `~/.ssh` from being read even when `dotfiles` are allowed.

			`{ privatefiles: 'ignore' }`

			```js
			`var serveTpl = require('serve-tpl-download');`

			`var serveTemplate = serveTpl({ privatefiles: 'ignore' })`
			```

			`This is most effective on Unix-based systems (macOS, Linux, Android).`
			`Windows may rely on ACLs instead of user-group-other style permissions.`