shahryarjb

shahryarjb

Downloading with user token

Hello, I am creating a LMS that lets the user to download file. The user need the file should send me his token and after validating I let him download whatever he needs.
Now how can I stop user from downloading directly? because files are uploaded by admin in ftp, and ftp path is in my server

I don’t know where I can start?

Thanks

Most Liked

cnck1387

cnck1387

To protect files in the past (and will be likely how I will do it in an upcoming Phoenix app) would be similar to how I do it with other tech stacks. I let nginx deal with it for the most part, while still doing authentication / authorization within Phoenix.

I’d keep the protected files outside of the main static assets folder.

Then have an “internal” location block in my nginx config like this:

  location /supersecrets/download/ {
    internal;
    alias /supersecrets/;
  }

Then for the download route at the Phoenix level, I’d authorize the download with a token and before I send the response, I’d set the Content-Disposition, X-Accel-Redirect and Content-Type headers which basically tells Phoenix to let nginx serve the file.

Here’s what that looks like in Python:

    response.headers['Content-Disposition'] = "attachment; filename=foo.zip"
    response.headers['X-Accel-Redirect'] = '/supersecrets/download/foo.zip'
    response.headers['Content-Type'] = 'application/octet-stream'

Of course you can change foo.zip to whatever file you’re serving.

I used this exact strategy like 5 years ago to serve a bunch of protected content and it held up very well.

wolfiton

wolfiton

You can start by storing your files in your application in the assets folder then add authorization that only one type of user can download unlimited that file(ex: admin can download but user can’t).

If this scenario doesn’t work, then you can create a field in the user tables called plan. When a user pays you update the plan to paid. Then create a rule that only users with a paid plan can download files.

If you want to be even more specific then you will have to create another table with all the files structure like this:

  • id
  • file_name

Then create a join between the user tables with the files tables and verify each user to what file they belong

Also you will have to setup a payment system paypal stripe etc.

Also this link may provide some help Phoenix file download

outlog

outlog

I would “proxy” the download through phoenix..

user buys product - you persist purchase in DB
user hits /download_file/#{file_id}
phoenix verifies the login/session and purchase and then reads the file (or streams it) and sends it to the user

if you have multiple files just show a list of files and then the user can download on /download_file/#{file_id}

that way the user never gets a direct link and if the user shares the link /download_file/#{file_id} - the “stranger” clicking it will fail on having a session/logged in - and will fail on the purchase.. so it doesnt work..

Where Next?

Popular in Questions Top

sen
Hi All, I set a environment variables in dev.exs , like below code. when i start server, how can i set the ${enable} value? thanks. d...
New
vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
nobody
How to bind a phoenix app to a specific ip address? could not find anything about that, nowhere, unfortunately, but for me this is quite...
New
jaysoifer
Is there a way to rollback a specific migration and only that one (“skipping” all the other ones)? Would mix ecto.rollback -v 200809061...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
beno
I will often find my self writing things similar to: case some_value do nil -> something() "" -> something() _ -> somethi...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
marick
I had some trouble figuring out how to make many-to-many associations work. Once I got it working, I wrote a blog post. Because I’m a nov...
New

Other popular topics Top

gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52341 488
New
jason.o
In the code below, if the create action is not set to accept “extra_key” as an input, it errors out with a message shown above. Is there ...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New

We're in Beta

About us Mission Statement