Hello, I am creating a LMS that lets the user to download file. The user need the file should send me his token and after validating I let him download whatever he needs.
Now how can I stop user from downloading directly? because files are uploaded by admin in ftp, and ftp path is in my server
You can start by storing your files in your application in the assets folder then add authorization that only one type of user can download unlimited that file(ex: admin can download but user can’t).
If this scenario doesn’t work, then you can create a field in the user tables called plan. When a user pays you update the plan to paid. Then create a rule that only users with a paid plan can download files.
If you want to be even more specific then you will have to create another table with all the files structure like this:
id
file_name
Then create a join between the user tables with the files tables and verify each user to what file they belong
Also you will have to setup a payment system paypal stripe etc.
user buys product - you persist purchase in DB
user hits /download_file/#{file_id}
phoenix verifies the login/session and purchase and then reads the file (or streams it) and sends it to the user
if you have multiple files just show a list of files and then the user can download on /download_file/#{file_id}
that way the user never gets a direct link and if the user shares the link /download_file/#{file_id} - the “stranger” clicking it will fail on having a session/logged in - and will fail on the purchase… so it doesnt work…
To protect files in the past (and will be likely how I will do it in an upcoming Phoenix app) would be similar to how I do it with other tech stacks. I let nginx deal with it for the most part, while still doing authentication / authorization within Phoenix.
I’d keep the protected files outside of the main static assets folder.
Then have an “internal” location block in my nginx config like this:
location /supersecrets/download/ {
internal;
alias /supersecrets/;
}
Then for the download route at the Phoenix level, I’d authorize the download with a token and before I send the response, I’d set the Content-Disposition, X-Accel-Redirect and Content-Type headers which basically tells Phoenix to let nginx serve the file.
this is not chunk file, it loads a file with url and load it and uses a module named HttpStream, I saw this repo https://github.com/Arquanite/phoenix-streaming-app. they didn’t chunk file to what size they need like custom size
but that is upload. and that link you sent me it downloads on external link and runs with stream module , it doesn’t chunk file to many part with a size