move image path to the session scope.

Author: shohhei1126

app.js

@@ -136,7 +136,6 @@ app.use(i18n.init)
 // static files
 app.use('/', express.static(path.join(__dirname, '/public'), { maxAge: config.staticCacheTime, index: false }))
 app.use('/docs', express.static(path.resolve(__dirname, config.docsPath), { maxAge: config.staticCacheTime }))
-app.use('/uploads', express.static(path.resolve(__dirname, config.uploadsPath), { maxAge: config.staticCacheTime }))
 app.use('/default.md', express.static(path.resolve(__dirname, config.defaultNotePath), { maxAge: config.staticCacheTime }))
 app.use(require('./lib/metrics').router)
 
@@ -172,6 +171,12 @@ app.use(flash())
 app.use(passport.initialize())
 app.use(passport.session())
 
+// routes with sessions
+app.use('/uploads', (req, res, next) => {
+  if (req.isAuthenticated()) next()
+  else response.errorNotFound(req, res)
+}, express.static(path.resolve(__dirname, config.uploadsPath), { maxAge: config.staticCacheTime }))
+
 // check uri is valid before going further
 app.use(require('./lib/middleware/checkURIValid'))
 // redirect url without trailing slashes

lib/config/environment.js

@@ -37,6 +37,7 @@ module.exports = {
   responseMaxLag: toIntegerConfig(process.env.CMD_RESPONSE_MAX_LAG),
   privacyPolicyURL: process.env.CMD_PRIVACY_POLICY_URL,
   imageUploadType: process.env.CMD_IMAGE_UPLOAD_TYPE,
+  uploadsPath: process.env.CMD_UPLOADS_PATH,
   imgur: {
     clientID: process.env.CMD_IMGUR_CLIENTID
   },