For a small project I want some users (they already got a jwt with a specific role) to view files that all other users are not allowed to see.
So my plan is:
- Create
/top-secret-directory - add
/top-secret-directory toadmin.js/watchIgnoreFiles. - Create a GET controller for
/api/get-me-my-secret-fileswith a JWT-Validation-Middleware. - Inside of the controller I access the files in
/top-secretvia fs (for example)
I assume - and that is also my question to you - by default the /top-secret-directory will not be accessible by anyone. Is this correct?
So are files inside there only accessible by strapi itself and all I have to do is deliver the secret files as response to requests of my “allowed users”.
Any help / insight would be from great help because my “nodejs-knowledge” is only earned from working with strapi. 