[Catalyst] File downloads - Plugin?
Andy Grundman
andy at hybridized.org
Thu Aug 18 19:45:37 CEST 2005
Matt S Trout wrote:
> On Thu, Aug 18, 2005 at 04:32:32PM +0100, Toby Corkindale wrote:
>
>>On Thu, Aug 18, 2005 at 03:55:51PM +0100, Matt S Trout wrote:
>>
>>>On Thu, Aug 18, 2005 at 02:55:58PM +0100, Toby Corkindale wrote:
>>>
>>>>Ah, the thing is, I'd like to continue to use Catalyst for the authentication
>>>>and session management in regards to retrieving these files - plus there is
>>>>metadata associated with the files-in-database that is accessed/modified when
>>>>you go to download the file.
>>>>
>>>>It'd just be.. nice.. if I could do it thru Catalyst.
>>>
>>>What you *could* do is mirror them to disk and then use the latest version
>>>of AndyG's Static::Simple plugin, which under mod_perl will return DECLINED
>>>- at which point apache will serve them, but you still go through Catalyst
>>>in the process.
>>
>>Hmm, so upon the request I dump the blob to a temporary disk file, then do
>>a redirect? yeah, that could work.. Is there any danger of the user being able
>>to manually specify a different filename and accessing the other users' data?
>
>
> No no no, static returns DECLINED which makes apache try the file *for the
> same request*. No redirect required, so no danger - every request still goes
> through Catalyst; that way it can return DECLINED to apache if they're allowed
> to see the file, or send an error page from your Catalyst app as normal.
> the file,
>
I'm not sure this will work, though. Static::Simple short-circuits the
dispatch phase when it finds a valid static file (by checking if the
request path is a valid file on the filesystem with an extension). Once
this comes back as true, it sends the static file right away. There
isn't really a chance to put any kind of security logic in place. Maybe
this would be better done with the original Static plugin, where you can
put that logic in your Static controller.
-Andy
More information about the Catalyst
mailing list