2018-08-12 03:27:28 -06:00

1.3 KiB

serve-tpl-download

A fork of the original serve-index template that, in combination with serve-static, provides support for direct file downloads.

var express = require('express');
var app = express();

var serveIndex = require('serve-index');
var serveTpl = require('serve-tpl-download');
var serveDirs = serveIndex({ template: serveTpl() });

app.use('/', function (req, res, next) {

  // enable direct downloads for express.static()
  if (req.query.download) {
    res.setHeader('Content-Type', 'application/octet-stream');
    res.setHeader('Content-Disposition', 'attachment; filename="'+path.basename(req.url)+'"');
  }
  express.static('./public')(req, res, function () {
    serveDirs(req, res, next);
  });
});

Additional Options

privatefiles

As an additional security precaution you can ignore files which are not world-readable.

For example, this would prevent files in a ~/.ssh from being read even when dotfiles are allowed.

{ privatefiles: 'ignore' }

var serveTpl = require('serve-tpl-download');

var serveTemplate = serveTpl({ privatefiles: 'ignore' })

This is most effective on Unix-based systems (macOS, Linux, Android). Windows may rely on ACLs instead of user-group-other style permissions.