Smalltalk › Frameworks & Tools › Seaside › Seaside General

Serving private static files

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

4 messages Options

fstephany

Serving private static files

Hi list,

I want to serve private static file from disk with Seaside. By private,
I mean that only logged-in users can access those files. Users would
only see the files they have the permission to see/download.

What's the best solution to achieve this ? I see two directions:

- embed something like WAExternalFileLibrary, access the session and
serving the files through Seaside.
- store the files on S3 and generate an url with a token, only active
during a given amount of time. The files would be in a private bucket.

Have you ever encountered that use case ? What would you recommend ?

Cheers,
Francois
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

fstephany

Re: Serving private static files

I've finally implemented a quite simple (and probably stupid) solution:

Downloadable items have a specific url: "/private-stuff/<a specific token>".

When one of those URL is hit, the session looks if the item is available
for the user and serve the file (or throw a 404).

It seems weird to me that the file is served by the session... Do you
see a cleaner solution ?

On 23/10/11 12:53, Francois Stephany wrote:

> Hi list,
>
> I want to serve private static file from disk with Seaside. By private,
> I mean that only logged-in users can access those files. Users would
> only see the files they have the permission to see/download.
>
> What's the best solution to achieve this ? I see two directions:
>
> - embed something like WAExternalFileLibrary, access the session and
> serving the files through Seaside.
> - store the files on S3 and generate an url with a token, only active
> during a given amount of time. The files would be in a private bucket.
>
> Have you ever encountered that use case ? What would you recommend ?
>
> Cheers,
> Francois

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Nick

Re: Serving private static files

Hi Francois,

I've finally implemented a quite simple (and probably stupid) solution:

Downloadable items have a specific url: "/private-stuff/<a specific token>".

When one of those URL is hit, the session looks if the item is available for the user and serve the file (or throw a 404).

It seems weird to me that the file is served by the session... Do you see a cleaner solution ?

Do you mean that Seaside server loads and serves the file?

You might like to look into X-Sendfile (though you'll need support from a front-end server Apache/Nginx/lighttp...)

I have no direct experience of using X-SendFile, but I believe others on the list have used it successfully and there is support in the latest versions of WAFileLibrary.

(http://code.google.com/p/seaside/issues/detail?id=637)

Nick

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

fstephany

Re: Serving private static files

Hi Nick,

> Do you mean that Seaside server loads and serves the file?

Yep. But only for private files. All the public pictures, JS, CSS,
whatever are served with nginx.

The problem for private files is that I need to know which user wants to
access the file (and the user is kept in a seaside session)

> You might like to look into X-Sendfile (though you'll need support from
> a front-end server Apache/Nginx/lighttp...)
> I have no direct experience of using X-SendFile, but I believe others on
> the list have used it successfully and there is support in the latest
> versions of WAFileLibrary.
> (http://code.google.com/p/seaside/issues/detail?id=637)

Thanks, I'll have a look !
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside