coolaj86
/
serve-tpl-download.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
A template for serve-static with a direct download option (requires serve-index).
4 Commits 1 Branch 0 Tags 94 KiB
JavaScript 62.7%
CSS 24.2%
HTML 13.1%
Go to file
AJ ONeal 33c89f136e v1.0.1: rename as per npm policy 2018-08-12 03:40:45 -06:00
public remove empty file 2018-08-12 03:33:21 -06:00
.gitignore add deps and .gitignore 2018-08-12 03:36:55 -06:00
LICENSE initial commit 2018-08-12 03:27:28 -06:00
README.md v1.0.1: rename as per npm policy 2018-08-12 03:40:45 -06:00
index.js initial commit 2018-08-12 03:27:28 -06:00
package.json v1.0.1: rename as per npm policy 2018-08-12 03:40:45 -06:00

README.md

serve-tpl-attachment

A fork of the original serve-index template that, in combination with serve-static, provides support for direct file downloads (using the Content-Disposition attachment header).

var express = require('express');
var app = express();

var serveIndex = require('serve-index');
var serveTpl = require('serve-tpl-attachment');
var serveDirs = serveIndex({ template: serveTpl() });

app.use('/', function (req, res, next) {

  // enable direct downloads for express.static()
  if (req.query.download) {
    res.setHeader('Content-Type', 'application/octet-stream');
    res.setHeader('Content-Disposition', 'attachment; filename="'+path.basename(req.url)+'"');
  }
  express.static('./public')(req, res, function () {
    serveDirs(req, res, next);
  });
});

Additional Options

privatefiles

As an additional security precaution you can ignore files which are not world-readable.

For example, this would prevent files in a ~/.ssh from being read even when dotfiles are allowed.

{ privatefiles: 'ignore' }

var serveTpl = require('serve-tpl-attachment');

var serveTemplate = serveTpl({ privatefiles: 'ignore' })

This is most effective on Unix-based systems (macOS, Linux, Android). Windows may rely on ACLs instead of user-group-other style permissions.