For a small project I want some users (they already got a jwt with a specific role) to view files that all other users are not allowed to see.
So my plan is:
- Create a GET controller for
/api/get-me-my-secret-fileswith a JWT-Validation-Middleware.
- Inside of the controller I access the files in
/top-secretvia fs (for example)
I assume - and that is also my question to you - by default the
/top-secret-directory will not be accessible by anyone. Is this correct?
So are files inside there only accessible by strapi itself and all I have to do is deliver the secret files as response to requests of my “allowed users”.
Any help / insight would be from great help because my “
nodejs-knowledge” is only earned from working with strapi.