Forum: Ruby on Rails Where to place uploaded files for later download?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
60c6b87c4cc2716c83a737e0ba2d3bc0?d=identicon&s=25 David Rio Deiros (Guest)
on 2006-01-19 19:16
(Received via mailing list)
Hi there,

I am working in a RoR application which allows certain users
to upload files. Currently I store these files
in a directory called "files". This directory is located in
the RoR application directory:

rails/rails_application/files

So users don't have access to them.

Now I want users to be able to download some of these files
(they will search based on some parameters). With this
setup I cannot link from my views to that files since they
are out of the public directory.

I could move the files directory to the public directory but
then everybody will have access to those files.

Any idea about how to implement this?

Thank you in advance,

David
F15fdc7cb2e911b3808837f2be244add?d=identicon&s=25 Adam Denenberg (Guest)
on 2006-01-19 19:22
(Received via mailing list)
what about a symlink? YOu need some way of getting those files into
the public directory so its a matter of how you want to do it.  Bottom
line is they will need to be there at some point.

Maybe on a per request basis copy the original file to the public
directory with some random generated name to make it obscure, and then
delete it.

adam
5ceea097a3b29cb6a5da6705926410f4?d=identicon&s=25 Gerret Apelt (Guest)
on 2006-01-19 19:31
(Received via mailing list)
David --

send_file [1] is probably what you're looking for.

cheers
Gerret

[1]
http://api.rubyonrails.com/classes/ActionControlle...
67cb6fef42a83929955ce5a5b3f33f6e?d=identicon&s=25 Jon Smirl (Guest)
on 2006-01-19 19:52
(Received via mailing list)
You want to use an FCGI authorizer, but it is a fairly advanced
technique. The authorizer will ping your app and let you decide
whether to authorize access by returning HTTP 200 to grant access.

The big win is that the files are sent using the web server instead of
routing them through Ruby. lighttpd and apache use the OS implemented
sendfile() which is many times more CPU friendly that sending the file
with Rails. Think of what will happen if 500 users ask for a 100MB
file and they are all using dialup.

Here's the lighttpd setup, apache supports it too but not webrick.

fastcgi.server = (
"/private" =>
  ( "localhost-d" =>
    ( "min-procs" => 1,
      "max-procs" => 1,
      "socket" => "log/fcgi.socket",
      "bin-path" => "public/dispatch.fcgi",
      "bin-environment" => ( "RAILS_ENV" => "development" ),
      "docroot" => "private",
      "mode" => "authorizer"
    )
  ),
".fcgi" =>
  ( "localhost-f" =>
    (
      "min-procs" => 1,
      "max-procs" => 1,
      "socket"    => "log/fcgi.socket",
      "bin-path"  => "public/dispatch.fcgi",
      "bin-environment" => ( "RAILS_ENV" => "development" ),
      "mode" => "responder"
    )
  )
)

--
Jon Smirl
jonsmirl@gmail.com
30269682335f1fb247d71969fa715b5e?d=identicon&s=25 Roberto Saccon (rsaccon)
on 2006-01-19 20:01
(Received via mailing list)
if you use lighttpd, there is an anti-hotlinking mod

http://lighttpd.net/documentation/trigger_b4_dl.html
4bc282522ae33709ea17e4dab3a3fe7d?d=identicon&s=25 Ryan Heneise (Guest)
on 2006-01-19 20:07
(Received via mailing list)
I use lighttpd to create an asset server like files.myuser.example.com

# Asset Host
$HTTP["host"] =~ "^files\.([\w\d\.]+)\.example\.(com|org|net)" {
     server.document-root = "/path/to/storage_dir/"
     url.rewrite-once = ("/files/(.*)" => "/%1/$1")
}

This takes a request like:
   http://files.myuser.example.com/files/images/mypic.gif
and routes it to:
   /path/to/storage_dir/myuser/images/mypic.gif

You could combine this with FCGI authorizer like Jon Smirl mentioned.

  - Ryan Heneise
60c6b87c4cc2716c83a737e0ba2d3bc0?d=identicon&s=25 David Rio Deiros (Guest)
on 2006-01-19 23:05
(Received via mailing list)
Hi there,

Thanks to everybody for the replies. They are very helpful.

I will evaluate all the different solutions but I think send_file
is what I was looking for.

Thanks again,

David

On Thu, Jan 19, 2006 at 06:51:20PM +0100, Gerret Apelt wrote:
> > what about a symlink? YOu need some way of getting those files into
> > On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote:
> > >
> > > Thank you in advance,
> > Rails@lists.rubyonrails.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

--

----------------------
David Rio Deiros
Software Engineer
Console, Inc.
Tel: 619.237.5552
Fax: 619.237.5269
http://www.console.net
67cb6fef42a83929955ce5a5b3f33f6e?d=identicon&s=25 Jon Smirl (Guest)
on 2006-01-19 23:47
(Received via mailing list)
On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote:
> Hi there,
>
> Thanks to everybody for the replies. They are very helpful.
>
> I will evaluate all the different solutions but I think send_file
> is what I was looking for.

Note that ruby send_file ties up your FCGI process until the file is
sent. This will take a long time for a video download or a dialup
user.  You may end up needing a lot of simultaneous FCGI processes.

Authorizer ties up the web server for the duration, but not the FCGI
process.  The web server is is multithreaded so it can handle being
tied up.

--
Jon Smirl
jonsmirl@gmail.com
67cb6fef42a83929955ce5a5b3f33f6e?d=identicon&s=25 Jon Smirl (Guest)
on 2006-01-19 23:50
(Received via mailing list)
On 1/19/06, David Rio Deiros <driodeiros@gmail.com> wrote:
> Hi there,
>
> Thanks to everybody for the replies. They are very helpful.
>
> I will evaluate all the different solutions but I think send_file
> is what I was looking for.

Note that ruby send_file ties up your FCGI process until the file is
sent. This may take a long time for a video download or a dialup user.
 You may end up needing a lot of simultaneous FCGI processes.

Authorizer ties up the web server for the duration, but not the FCGI
process.

--
Jon Smirl
jonsmirl@gmail.com
8b4ee2d4c81b34a644c1b0f5606ed5ee?d=identicon&s=25 Santiago Erquicia (Guest)
on 2006-01-20 00:51
(Received via mailing list)
On 1/19/06, Jon Smirl <jonsmirl@gmail.com> wrote:
> Here's the lighttpd setup, apache supports it too but not webrick.
>

Do you have any documentation or website where I can find info about
setting this up under apache?

Thanks,
Santiago
67cb6fef42a83929955ce5a5b3f33f6e?d=identicon&s=25 Jon Smirl (Guest)
on 2006-01-20 00:57
(Received via mailing list)
On 1/19/06, Santiago Erquicia <santiago.erquicia@gmail.com> wrote:
> >
> > Here's the lighttpd setup, apache supports it too but not webrick.
> >
>
> Do you have any documentation or website where I can find info about
> setting this up under apache?

http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html

>
> Thanks,
> Santiago
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>


--
Jon Smirl
jonsmirl@gmail.com
This topic is locked and can not be replied to.