express 防盗链

1、初始化静态资源目录

import express from 'express'

const app = express()
//自定义前缀   初始化目录
app.use('/assets',express.static('static'))


app.listen(3000,()=>{
    console.log('listening on port 3000')
})

2、增加防盗链

一般主要就是验证host 或者 referer

import express from "express";

const app = express();
const whiteList = ["localhost"];
const preventHotLingKing = (req, res, next) => {
    //referer 如果直接打开资源是获取不到的
const referer = req.get('referer')

if (referer) {
   const {hostname}  = new URL(referer)
   console.log(hostname)
   if (!whiteList.includes(hostname)) {
    res.status(403).send("Forbidden")
    return
   }
}
console.log(referer)
  next();
}
app.use(preventHotLingKing);


// app.use(express.static("static"));
app.use('/assets', express.static("static"));


app.listen(3000, () => {
  console.log("Server is running on port 3000");
});

http://127.0.0.1:3000/assets/tms.png 无权限

http://localhost:3000/assets/tms.png 有权限

posted @ 2025-03-20 11:06 蜗牛般庄阅读(13) 评论(0) 收藏举报

刷新页面返回顶部

大东在路上

express 防盗链

公告