tags:

views:

81

answers:

3
+2  Q: 

Allow users to play mp3 files but dont expose them directly on the web

I want to store some mp3s in a folder wich is no public, cant be directly accessed trough the web and allow users to hear/download the songs with a browser only if they are logged in.

How can I do that ?

I do my web development with django, but If I know how it works is enough.

+3  A: 

You first need to setup authentication. The django tutorials thoroughly explore this.

You don't' link the mp3's directly, You link to a django script that checks the auth, then reads the mp3 and serves it to the client with a mp3 content type header.

http://yourserver.com/listen?file=Fat+Boys+Greatest+Hits

Byron Whitlock  2010-07-06 18:32:03
whats up with the downvoters today. sheesh.
Byron Whitlock  2010-07-06 18:55:54
A: 

I assume you use django. Then you can try something like this:

from django.conf import settings
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse


@login_required
def listen(request, file_name):
    # note that MP3_STORAGE should not be in MEDIA_ROOT
    file = open("%smp3/%s" % (settings.MP3_STORAGE, file_name))
    response = HttpResponse(file.read(), mimetype="audio/mpeg")
    return response

Note that you will get dramatic speed decrease. Using generator to read file in blocks may help to save memory.

http://stackoverflow.com/questions/519633/lazy-method-for-reading-big-file-in-python

Dmitry Gladkov  2010-07-06 18:53:20
+1  A: 
  • File outside of public access (not in MEDIA_URL folders)
  • Check if user logged in
  • Serve files only via a view, with unique links for every user

Pseudocode:

class Mp3(models.Model):
    file = models.FileField(upload_to=path_outside_of_public_access)
    hash = models.CharField(unique=True)


def generate_link_hash(request, file):
    return hashlib.md5("%s_%i_%s_%s" % (request.session.session_key, file.id, str(file.date_added), file.hash)) # or however u like


def files_list(request)
    """ view to show files list """
    for file in files:
        file.link_hash = generate_link_hash(request, file)


@login_required
def download_file(request, file_hash, link_hash):
    """ view to download file """
    file = Mp3.objects.get(hash=file_hash)
    if link_hash == generate_link_hash(request, file):
        file = open(file.file)
        return HttpResponse(file.read(), mimetype="audio/mpeg")
    else:
        raise Http404

Should do the job enough, but remember - what is once accessed, you have no control where it goes from now on. And that every file download needs reading the file through the app (it's not given statically), which will affect the performance of your app.

zalew  2010-07-06 19:19:51

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?