System Information
- Strapi Version: 4.10.5
- Operating System: Windows Server 2019
- Database: MySQL
- Node Version: 18.13.0
- NPM Version: 8.19.3
- Yarn Version: -
Hi,
I found this to protect my /uploads folder:
In the documentation they are talking about policyContext.state.user:
But when I am trying to use it then it returns undefined in:
const koaStatic = require("koa-static");
const { defaultsDeep } = require("lodash/fp");
const defaults = {
maxAge: 60000,
defaultIndex: true,
};
module.exports = (plugin, config) => {
const { defaultIndex, maxAge } = defaultsDeep(defaults, config);
strapi.server.routes([
{
method: "GET",
path: "/(.*)",
handler: koaStatic(strapi.dirs.static.public, {
maxage: maxAge,
defer: true,
}),
config: {
auth: false,
policies: [
async (policyContext, config, { strapi }) => {
if (policyContext.state.user) { // if a session is open
// go to next policy or reach the controller's action
return true;
}
return false; // If you return nothing, Strapi considers you didn't want to block the request and will let it pass
},
],
},
},
]);
return plugin;
};
Basically what I am trying to achieve is that the /uploads/ can only directly accessed if the user is logged in