ansaurus

Question

How to make a private download area with django?

Answer 1

A:

There's tons of tutorials on how to enable authentication in Django. Do you need help with that? If so, start here.

The next step is to create a View which lists your files. So do that, this is all basic Django. If you have problems with this step, go back and go through the Django tutorial. You'll get this.

Finally, refer back to the first link (here is is again: authentication docs) and take a close look at the LOGIN_REQUIRED decorator. Protect your view with this decorator.

This is all pretty basic Django stuff. If you've done this and have a specific question, post it here. But you put a pretty open ended question on SO and that's not a great way to get assistance.

marcc 2009-10-22 19:33:08

thanks for your answer. see my update.

luc 2009-10-22 19:52:11

What's with the downvotes? Clearly I answered his question in the best possible way when the question was asked. This answer helped and prompted the original asker to change his question a little.

marcc 2010-09-23 20:25:36

Answer 2

+2 A:

So, searching I found this discussion thread.

There were three things said you might be interested in.

First there is the mod_python method
Then there is the mod_wsgi method

Both of which don't seem all that great.

Better is the X-Sendfile header which isn't fully standard, but works at least within apache, and lighttpd.

kibbitzing from here, we have the following.

@login_required
def serve_file(request, context):
    if <check if they have access to the file>:
        filename = "/var/www/myfile.xyz" 
        response = HttpResponse(mimetype='application/force-download') 
        response['Content-Disposition']='attachment;filename="%s"'%filename
        response["X-Sendfile"] = filename
        response['Content-length'] = os.stat("debug.py").st_size
        return response
    return <error state>

and that should be almost exactly what you want. Just make sure you turn on X-Sendfile support in whatever you happen to be using.

emeryc 2009-10-22 20:37:20

I'm using X-Sendfile in a project right now and it's working well. I think I got my code from the same place also.

scompt.com 2009-10-22 20:44:17

Thansk for the answer. I am using FastCGI. Does that method work?

luc 2009-10-22 21:07:02

@luc that method is based on either using apache or lighttpd, If you are using either of those then the X-Sendfile will work without a problem, regardless of how you are getting requests to python.

emeryc 2009-10-22 23:19:14

As well as X-Sendfile, for nginx front end their is X-Accel-Redirect with private URL namespace mapping to private files. In Apache/mod_wsgi 3.0 there is Location header in daemon mode that behaves just like 200/Location in CGI. You would though in the latter need to possibly use mod_rewrite to effectively make URL subset where static files are only accessible to Apache internal subrequest trigger by Location and not be public.

Graham Dumpleton 2009-10-23 03:58:37

@emeryc: It seems to be the right approach but apache/FastCgi returns a blank file every time. Any idea? Please also not that the len(f) is not correct. I've replaced it by f.seek(0, 2) f.tell()

luc 2009-10-26 10:22:03

So, there was a dangling / after filename= that was left from the copied ruby.Also, I changed that len(f) to be the actually working os.statI think that dangling / might have been the problem. The only other problem that I can think of is that you need to make sure Apache has read access to the file, and that it might need to be a relative file with regards to an apache path, but I would try stripping the / first.

emeryc 2009-10-26 18:07:25

I've accepted your answer because i think it is the better approach in most cases. In my context, I've chosen a different path which is valid as well. See my answer below.

luc 2009-10-28 08:24:45

Answer 3

A:

The XSendfile seems to be the right approach but It looks to be a bit complex to setup. I've decided to use a simpler way.

Based on emeryc answer and django snippets http://www.djangosnippets.org/snippets/365/, I have written the following code and it seems to make what I want:

@login_required
def serve_file(request, filename):
    fullname = myapp.settings.PRIVATE_AREA+filename
    try:
        f = file(fullname, "rb")
    except Exception, e:
        return page_not_found(request, template_name='404.html')
    try:
        wrapper = FileWrapper(f)
        response = HttpResponse(wrapper, mimetype=mimetypes.guess_type(filename))
        response['Content-Length'] = os.path.getsize(fullname)
        return response
    except Exception, e:
        return page_not_found(request, template_name='500.html')

luc 2009-10-26 11:54:20

So, the reason that this might be bad, is in the case of using mod_python this will take up a lot of memory (if I remember correctly). On anything else the only downside is that it ties up the "expensive" threads going into django, instead of the much lighter file serving threads.This is only really a problem when you get to the point that requests/second being a whole number.

emeryc 2009-10-29 16:34:35

ansaurus

tags:

views:

answers:

How to make a private download area with django?

related questions