TechQA.

How to Serve Django media user uploaded files using Cherokee with restriction to logged users

875 views Asked by At

How to configure Django and Cherokee to serve media (user uploaded) files from Cherokee but to logged in users only as with @login_required on production.

django cherokee django-media
Original Q&A
2

There are 2 answers

0
Cherif KAOUA On BEST ANSWER

I will answer my own question

As you are using Cherokee

  1. Remove direct access to media folder with the media URL as localhost/media/.. for exemple by removing the virtuelhost serving it

  2. Activate (check) Allow X-Sendfile under Handler tab in Common CGI Options in the virtuelserver page that handle Django request.

  3. Let's say you have users pictures under media/pictures to protect that will be visible to all users only. (can be modified as you want just an exemple)

Every user picture is stored in media/pictures/pk.jpg (1.jpg, 2.jpg ..)

Create a view :

@login_required(redirect_field_name=None)
def media_pictures(request,pk):

  response = HttpResponse()
  path=os.path.join (settings.MEDIA_ROOT,'pictures',pk+'.jpg')
  if os.path.isfile(path):
    #response['Content-Type']="" # add it if it's not working without ^^
    response['X-Accel-Redirect'] = path
    #response['X-Sendfile'] = path # same as previous line,
    # X-Accel-Redirect is for NGINX and X-Sendfile is for apache , in our case cherokee is compatible with two , use one of them.

    return response

  return HttpResponseForbidden()

Cherokee now take care of serving the file , it's why we checked the Allow X-Sendfile , this will not work without path variable here is the full path to the file, can be anywhere , just read accsible by cherokee user or group 4. Url conf As we disable direct access of Media folder, we need to provide an url to access with from Django using the previous view

for exemple , To make image of user with id 17 accessible

localhost/media/pictures/17.jpg

url(r"^media/pictures/(?P<pk>\d+)\.jpg$", views.media_pictures,name="media_pictures"),

This will also work for Apache, Nginx etc , just configure your server to use X-Sendfile (or X-Accel-Redirect for Nginx), this can be easily found on docs

Using this, every logged user can view all users' pictures , feel free to add additional verifications before serving the file , per user check etc

Hope it will help someone

3
Mikko Ohtamaa On

Create a Django view which servers the file

  • Use @login_required on this view to restrict the access

  • Read the file from the disk using standard Python io operations

  • Use StreamingHttpResponse so there is no latency or memory overhead writing the response

  • Set response mimetype correctly

Related Questions in DJANGO

Related Questions in CHEROKEE

Related Questions in DJANGO-MEDIA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions