kamaroly
How do you limit files download to authenticated users only?
How do you limit file download to authorised users only, even if they have a direct link?
I am working on app with options to upload files and share them among users, but my challenge is that a user can access the file without signing in, if they have the link or file path. I want to limit file access to only those who are logged in so that I can control who can see what file.
How can I achieve that in Phoenix? An example would be helpful.
Marked As Solved
kokolegorille
You need to serve your uploaded files through a controller, not plug static. You also need to persists metadata along side your uploads, for authorization purpose, like user_id, and more if You want a more granular access.
In the controller, You will be able to check who is allowed to access your data, and use send_download.
Also Liked
Hermanverschooten
You can continue using Plug.Static by doing something similar as in this article.
We have recently done this in an app, create the static pipeline, then combine it with a plug that does the authentication.
pipeline :static do
plug :accepts, ["html"]
plug MyAppWeb.Plugs.Authenticate
plug Plug.Static,
at: "/help",
from: {__MODULE__, :pages_path, []}
plug :needs_index
end
scope "/help", MyAppHelpWeb do
pipe_through :static
get "/*path", HelpController, :index
end
the :needs_index plug just checks to see if we are asking for a path instead of a file, and tags on index.html.
The controller renders a 404, because we only get there if the file doesn’t exist.








