David Rio Deiros
2006-Jan-19 17:37 UTC
[Rails] Where to place uploaded files for later download?
Hi there, I am working in a RoR application which allows certain users to upload files. Currently I store these files in a directory called "files". This directory is located in the RoR application directory: rails/rails_application/files So users don''t have access to them. Now I want users to be able to download some of these files (they will search based on some parameters). With this setup I cannot link from my views to that files since they are out of the public directory. I could move the files directory to the public directory but then everybody will have access to those files. Any idea about how to implement this? Thank you in advance, David
Adam Denenberg
2006-Jan-19 17:44 UTC
[Rails] Where to place uploaded files for later download?
what about a symlink? YOu need some way of getting those files into the public directory so its a matter of how you want to do it. Bottom line is they will need to be there at some point. Maybe on a per request basis copy the original file to the public directory with some random generated name to make it obscure, and then delete it. adam On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote:> Hi there, > > I am working in a RoR application which allows certain users > to upload files. Currently I store these files > in a directory called "files". This directory is located in > the RoR application directory: > > rails/rails_application/files > > So users don''t have access to them. > > Now I want users to be able to download some of these files > (they will search based on some parameters). With this > setup I cannot link from my views to that files since they > are out of the public directory. > > I could move the files directory to the public directory but > then everybody will have access to those files. > > Any idea about how to implement this? > > Thank you in advance, > > David > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Gerret Apelt
2006-Jan-19 17:51 UTC
[Rails] Where to place uploaded files for later download?
David -- send_file [1] is probably what you''re looking for. cheers Gerret [1] http://api.rubyonrails.com/classes/ActionController/Streaming.html#M000044 On 1/19/06, Adam Denenberg <straightflush@gmail.com> wrote:> what about a symlink? YOu need some way of getting those files into > the public directory so its a matter of how you want to do it. Bottom > line is they will need to be there at some point. > > Maybe on a per request basis copy the original file to the public > directory with some random generated name to make it obscure, and then > delete it. > > adam > > > On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote: > > Hi there, > > > > I am working in a RoR application which allows certain users > > to upload files. Currently I store these files > > in a directory called "files". This directory is located in > > the RoR application directory: > > > > rails/rails_application/files > > > > So users don''t have access to them. > > > > Now I want users to be able to download some of these files > > (they will search based on some parameters). With this > > setup I cannot link from my views to that files since they > > are out of the public directory. > > > > I could move the files directory to the public directory but > > then everybody will have access to those files. > > > > Any idea about how to implement this? > > > > Thank you in advance, > > > > David > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
You want to use an FCGI authorizer, but it is a fairly advanced
technique. The authorizer will ping your app and let you decide
whether to authorize access by returning HTTP 200 to grant access.
The big win is that the files are sent using the web server instead of
routing them through Ruby. lighttpd and apache use the OS implemented
sendfile() which is many times more CPU friendly that sending the file
with Rails. Think of what will happen if 500 users ask for a 100MB
file and they are all using dialup.
Here''s the lighttpd setup, apache supports it too but not webrick.
fastcgi.server = (
"/private" =>
( "localhost-d" =>
( "min-procs" => 1,
"max-procs" => 1,
"socket" => "log/fcgi.socket",
"bin-path" => "public/dispatch.fcgi",
"bin-environment" => ( "RAILS_ENV" =>
"development" ),
"docroot" => "private",
"mode" => "authorizer"
)
),
".fcgi" =>
( "localhost-f" =>
(
"min-procs" => 1,
"max-procs" => 1,
"socket" => "log/fcgi.socket",
"bin-path" => "public/dispatch.fcgi",
"bin-environment" => ( "RAILS_ENV" =>
"development" ),
"mode" => "responder"
)
)
)
--
Jon Smirl
jonsmirl@gmail.com
Roberto Saccon
2006-Jan-19 18:21 UTC
[Rails] Where to place uploaded files for later download?
if you use lighttpd, there is an anti-hotlinking mod http://lighttpd.net/documentation/trigger_b4_dl.html On 1/19/06, Jon Smirl <jonsmirl@gmail.com> wrote:> > You want to use an FCGI authorizer, but it is a fairly advanced > technique. The authorizer will ping your app and let you decide > whether to authorize access by returning HTTP 200 to grant access. > > The big win is that the files are sent using the web server instead of > routing them through Ruby. lighttpd and apache use the OS implemented > sendfile() which is many times more CPU friendly that sending the file > with Rails. Think of what will happen if 500 users ask for a 100MB > file and they are all using dialup. > > Here''s the lighttpd setup, apache supports it too but not webrick. > > fastcgi.server = ( > "/private" => > ( "localhost-d" => > ( "min-procs" => 1, > "max-procs" => 1, > "socket" => "log/fcgi.socket", > "bin-path" => "public/dispatch.fcgi", > "bin-environment" => ( "RAILS_ENV" => "development" ), > "docroot" => "private", > "mode" => "authorizer" > ) > ), > ".fcgi" => > ( "localhost-f" => > ( > "min-procs" => 1, > "max-procs" => 1, > "socket" => "log/fcgi.socket", > "bin-path" => "public/dispatch.fcgi", > "bin-environment" => ( "RAILS_ENV" => "development" ), > "mode" => "responder" > ) > ) > ) > > -- > Jon Smirl > jonsmirl@gmail.com > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Roberto Saccon - http://rsaccon.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060119/3441e7a7/attachment.html
Ryan Heneise
2006-Jan-19 18:27 UTC
[Rails] Where to place uploaded files for later download?
I use lighttpd to create an asset server like files.myuser.example.com
# Asset Host
$HTTP["host"] =~
"^files\.([\w\d\.]+)\.example\.(com|org|net)" {
server.document-root = "/path/to/storage_dir/"
url.rewrite-once = ("/files/(.*)" => "/%1/$1")
}
This takes a request like:
http://files.myuser.example.com/files/images/mypic.gif
and routes it to:
/path/to/storage_dir/myuser/images/mypic.gif
You could combine this with FCGI authorizer like Jon Smirl mentioned.
- Ryan Heneise
On Jan 19, 2006, at 9:36 AM, David Rio Deiros wrote:
> Hi there,
>
> I am working in a RoR application which allows certain users
> to upload files. Currently I store these files
> in a directory called "files". This directory is located in
> the RoR application directory:
>
> rails/rails_application/files
>
> So users don''t have access to them.
>
> Now I want users to be able to download some of these files
> (they will search based on some parameters). With this
> setup I cannot link from my views to that files since they
> are out of the public directory.
>
> I could move the files directory to the public directory but
> then everybody will have access to those files.
>
> Any idea about how to implement this?
>
> Thank you in advance,
>
> David
>
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
David Rio Deiros
2006-Jan-19 21:26 UTC
[Rails] Where to place uploaded files for later download?
Hi there, Thanks to everybody for the replies. They are very helpful. I will evaluate all the different solutions but I think send_file is what I was looking for. Thanks again, David On Thu, Jan 19, 2006 at 06:51:20PM +0100, Gerret Apelt wrote:> David -- > > send_file [1] is probably what you''re looking for. > > cheers > Gerret > > [1] http://api.rubyonrails.com/classes/ActionController/Streaming.html#M000044 > > On 1/19/06, Adam Denenberg <straightflush@gmail.com> wrote: > > what about a symlink? YOu need some way of getting those files into > > the public directory so its a matter of how you want to do it. Bottom > > line is they will need to be there at some point. > > > > Maybe on a per request basis copy the original file to the public > > directory with some random generated name to make it obscure, and then > > delete it. > > > > adam > > > > > > On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote: > > > Hi there, > > > > > > I am working in a RoR application which allows certain users > > > to upload files. Currently I store these files > > > in a directory called "files". This directory is located in > > > the RoR application directory: > > > > > > rails/rails_application/files > > > > > > So users don''t have access to them. > > > > > > Now I want users to be able to download some of these files > > > (they will search based on some parameters). With this > > > setup I cannot link from my views to that files since they > > > are out of the public directory. > > > > > > I could move the files directory to the public directory but > > > then everybody will have access to those files. > > > > > > Any idea about how to implement this? > > > > > > Thank you in advance, > > > > > > David > > > > > > _______________________________________________ > > > Rails mailing list > > > Rails@lists.rubyonrails.org > > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails-- ---------------------- David Rio Deiros Software Engineer Console, Inc. Tel: 619.237.5552 Fax: 619.237.5269 http://www.console.net
On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote:> Hi there, > > Thanks to everybody for the replies. They are very helpful. > > I will evaluate all the different solutions but I think send_file > is what I was looking for.Note that ruby send_file ties up your FCGI process until the file is sent. This will take a long time for a video download or a dialup user. You may end up needing a lot of simultaneous FCGI processes. Authorizer ties up the web server for the duration, but not the FCGI process. The web server is is multithreaded so it can handle being tied up. -- Jon Smirl jonsmirl@gmail.com
On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote:> Hi there, > > Thanks to everybody for the replies. They are very helpful. > > I will evaluate all the different solutions but I think send_file > is what I was looking for.Note that ruby send_file ties up your FCGI process until the file is sent. This may take a long time for a video download or a dialup user. You may end up needing a lot of simultaneous FCGI processes. Authorizer ties up the web server for the duration, but not the FCGI process. -- Jon Smirl jonsmirl@gmail.com
Santiago Erquicia
2006-Jan-19 23:11 UTC
[Rails] Where to place uploaded files for later download?
On 1/19/06, Jon Smirl <jonsmirl@gmail.com> wrote:> You want to use an FCGI authorizer, but it is a fairly advanced > technique. The authorizer will ping your app and let you decide > whether to authorize access by returning HTTP 200 to grant access. > > The big win is that the files are sent using the web server instead of > routing them through Ruby. lighttpd and apache use the OS implemented > sendfile() which is many times more CPU friendly that sending the file > with Rails. Think of what will happen if 500 users ask for a 100MB > file and they are all using dialup. > > Here''s the lighttpd setup, apache supports it too but not webrick. >Do you have any documentation or website where I can find info about setting this up under apache? Thanks, Santiago
On 1/19/06, Santiago Erquicia <santiago.erquicia@gmail.com> wrote:> On 1/19/06, Jon Smirl <jonsmirl@gmail.com> wrote: > > You want to use an FCGI authorizer, but it is a fairly advanced > > technique. The authorizer will ping your app and let you decide > > whether to authorize access by returning HTTP 200 to grant access. > > > > The big win is that the files are sent using the web server instead of > > routing them through Ruby. lighttpd and apache use the OS implemented > > sendfile() which is many times more CPU friendly that sending the file > > with Rails. Think of what will happen if 500 users ask for a 100MB > > file and they are all using dialup. > > > > Here''s the lighttpd setup, apache supports it too but not webrick. > > > > Do you have any documentation or website where I can find info about > setting this up under apache?http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html> > Thanks, > Santiago > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Jon Smirl jonsmirl@gmail.com