I've developed a MEAN webapp.
So I have an API driven by Node.js and Express. The DB is hosted with mLab. The API is then used by the Angular website, which sits in a static files folder that I have defined in my server.js file using:
app.use(express.static('site'));
(Also FYI: This is hosted with Heroku which I'm looking to move away from in favour of Digital Ocean.)
My question is:
Currently the API is visible across the internet e.g. xxxxx.com/thesuperapi however I want only those static files to be able to access it?
Heroku doesn't offer a fixed IP without having to pay for an add-on which i don't want to do. A Digital Ocean droplet would.
Is it possible to control only that folder static can access the API?
Or I guess another way to say it, only the files in the static folder should be accessible to the world.
And is this approach to declare that .static('site') the best way to go? Or is there a better practice that I should be following?
Hope that makes sense - any help would be appreciated.
Thanks!
