served piping hot fresh from my svn repo:
http://svn.techno-weenie.net/projects/mongrel/mongrel_send_file/README
== mongrel_send_file GemPlugin
This is a simple plugin to handle the sending of secure files from a
rails app. Here''s the typical process:
- Rails app authorizes user to download file
- Rails app sets file info in the session, redirects to custom URL
like /file/UNIQUE_HASH/filename
- Mongrel handler pulls the full filename path and content type from
the session using the unique hash, sends it to the user
== Usage
After installing the gem, you''ll need to setup the handler for your
Rails app:
# config/mongrel_send_file.conf
uri "/file/", :handler => plugin("/handlers/sendfile",
:session_key =>
''_my_session_id'', :session_files_key => :files), :in_front
=> true
# rails action that sends the file
def download
# do whatever it is you do to find get the filename/content type
@attachment = Attachment.find(params[:id])
# this doesn''t matter as long as it''s unique
filehash = Digest::SHA1.hexdigest(
Time.now.to_s.split(''//'').sort_by { rand }.join )
# initialize session. Use the :session_files_key option here
session[:files] ||= {}
# set the value for this file with a 5 minute expiration time
session[:files][filehash] = [5.minutes.from_now.to_i,
@attachment.full_filename, @attachment.content_type]
# redirect to the path served by mongrel_send_file
redirect_to "/file/#{filehash}/#{@attachment.filename}"
end
# startup mongrel with this command
mongrel_rails -S config/mongrel_send_file.conf
== Note
I wrote this for a couple Rails apps that use the SqlSessionStore
plugin [1]. So, it''s very opinionated about how
it gets the info from the session. This app should work with any app
that runs on Mongrel (not just rails), just monkey
patch the SendFile#find_session method. Submit suggestions as patches
if you have them too.
[1] -
http://railsexpress.de/blog/articles/2006/09/15/sqlsessionstore-now-available-as-a-plugin
--
Rick Olson
http://weblog.techno-weenie.net
http://mephistoblog.com