Node-restify: NotAuthorized when serving static files.

Created on 5 Mar 2014  路  13Comments  路  Source: restify/node-restify

I'm trying to serve a static index.html file and I think my code is correct but when I go to http://localhost/static I get:

{
  code: "NotAuthorized",
  message: "/static"
}

Is it an issue with the current changes that have been made to the static file serving JS or is it an issue with my code?

Route:

app.get(/\/static\/?.*/, restify.serveStatic({ 
    directory: "./",
    default: "index.html"
}));
Bug Help Wanted Serve

Most helpful comment

Solved by changing "./" to __dirname

app.get(/\/static\/?.*/, restify.serveStatic({
        directory: __dirname,
        'default': 'index.html'
    }));

All 13 comments

restify does not do authorization checks for you, so you must have put
those in somewhere?

On Wed, Mar 5, 2014 at 2:36 PM, Trevor Starick [email protected]:

I'm trying to serve a static index.html file and I think my code is
correct but when I go to http://localhost/static I get:

{
code: "NotAuthorized",
message: "/static"
}

Is it an issue with the current changes that have been made to the static
file serving JS or is it an issue with my code?

Route:

app.get(/\/static\/?.*/, restify.serveStatic({
directory: "./",
default: "index.html"
}));

Reply to this email directly or view it on GitHubhttps://github.com/mcavage/node-restify/issues/549
.

What do you mean by authorization checks. As in OAuth/Basic?

Solved by changing "./" to __dirname

app.get(/\/static\/?.*/, restify.serveStatic({
        directory: __dirname,
        'default': 'index.html'
    }));

As in restify will not return a 403 unless you have something in the chain
to do that.

On Wed, Mar 5, 2014 at 3:02 PM, Trevor Starick [email protected]:

What do you mean by authorization checks. As in OAuth/Basic?

Reply to this email directly or view it on GitHubhttps://github.com/mcavage/node-restify/issues/549#issuecomment-36805777
.

Strange since this is my code I'm using.

var restify = require('restify');
var register = function(app) {
    app.get('/', function(req, res, next) {
        res.send('hw');
        next();
    });
    app.get(/\/static\/?.*/, restify.serveStatic({
        directory: './',
        default: 'index.html'
    }));
};
var http = restify.createServer();
register(http);
http.listen(80);

I don't specify 403's anywhere

Which version are you using, on what operating system? Your code works fine for me. Also, you should use a port number greater than 1024, so you won't need super user rights to run it.

the serveStatic function definitely does pass a NotAuthorizedError:
https://github.com/mcavage/node-restify/blob/master/lib/plugins/static.js#L105

I'm seeing the same thing, I'm not sure where it's coming from (I agree it seems impossible). It started when I used npm to re-install Restify in an effort to troubleshoot a bodyParser/multipart issue.

path.join returns the filename normalized without a leading . (e.g., ./public/index.html becomes public/index.html). But the check @sbergmann refers to tests whether the filename begins with a . and returns the error if not. Perhaps normalization is O/S-dependent, but on a Mac it looks like it's impossible in 2.8.2. to _not_ hit a NotAuthorizedError. I had to change the line to file = '.' + path.join... to get it to work.

I can confirm that it is impossible to not hit a NotAuthorizedError when trying to serve static files. Explanation same as above.

I got this to work (inspired by @zepheiryan ) by changing this line to var file = './' + path.join(opts.directory,.

node-restify v0.12.7 (via npm)
Debian 8
Node v0.12.7

I got the same issue, too.
I fixed it by changing directory: ''. to directory: __dirname,.
node-restify ^4.0.2
Node 4.0.0

I was having this exact issue with no auth checks in my code.
Switching from directory: '' to directory: __dirname fixed the problem for me too.

On Windows 10
Node 5.8.0
Restify 4.0.4

Was this page helpful?
0 / 5 - 0 ratings