A Django app to use backblaze b2 as storage.
Project description
pypi version python version django version
A storage backend for Django that uses Backblaze’s B2 APIs.
Implementation wraps Official Python SDK
How to use
Install from this repo, or install from PyPi: pip install django-backblaze-b2 As tested, requires python 3.6 or greater but solely due to type annotations. PRs welcome :)
Configure your django settings. The absolute minimum config would be:
BACKBLAZE_CONFIG = {
"application_key_id": os.getenv("BACKBLAZE_KEY_ID"), # however you want to securely retrieve these values
"application_key": os.getenv("BACKBLAZE_KEY"),
}
from django_backblaze_b2 import BackblazeB2Storage
class MyModel(models.Model):
fileField = models.FileField(
upload_to="uploads",
storage=BackblazeB2Storage
)
Public/Logged-In/Private storage
Add django_backblaze_b2 to your INSTALLED_APPS
Add the urls to your urlpatterns in the root urls.py:
urlpatterns = [
...
path('', include('django_backblaze_b2.urls')),
]
Configurations
To specify different buckets to use for your public, logged-in, staff storage, you can set the specificBucketNames attribute of the settings dict.
Why
There are several Django storage packages out there already which support B2, but none met my needs. These are:
-
Large community engagement ✅
Well-tested ✅
Disconnect in configuration and actual use ❌
PR list with low turnaround ❌
-
Similar aim to this project, around official backblaze SDK ✅
Mixed goals (storage, scripts) ❌
Tests?? ❌
-
Simple configuration ✅
Not based around python SDK (potentially harder to keep up with version changes) ❌
Tests?? ❌
S3 Compatible API
Backblazed can be used with an S3-compatible API This is great, but most packages use an older version of the S3 Api (v2). Backblaze uses v4.
What this package offers
Type Annotations
Tested
No hacks required to get up and running around API deficiencies (any hacks are not exposed in API)
Support for public/private files, restricted via Django user permissions
How it works
A simple implementation of the django.core.files.storage.Storage class provides handling for storage behaviour within your Django application
Three url routes are appended to the root of your application:
/b2/
/b2l/
/b2s/ These routes act as a proxy/intermediary between the requester and backblaze b2 apis. The public /b2/ allows exposing files from a private bucket, and the logged-in and staff routes will perform the known validations of a django app to prevent unauthorized access.
Gotchas
The original filename + any upload paths is stored in the database. Thus your column name must be of sufficient length to hold that (unchanged behaviour from FileSystemStorage)
When retrieving files from the PublicStorage, LoggedInStorage or StaffStorage, you may not override the "bucket" or authorization options, or else when the app proxies the file download, it will be unable to retrieve the file from the respective bucket.
Simply using LoggedInStorage or StaffStorage is not enough to protect your files if your bucket is not public. If any individual gains access to the file ids/urls for these files, there is no authentication around them. It is up to the implementer to ensure the security of their application.
Once the file is uploaded, and someone obtains a file url (e.g. http://djangodomain.com/b2l/uploads/image.png), the model will no longer be checked for the file. This means that if you share the bucket between multiple use-cases, you could in theory find finds that don’t belong to your django app, or similarly if you delete/change your models, the files could still be downloaded. Consider using an app like django-cleanup if this is important to you
Contributing
Contributions welcome!
Please ensure test coverage does not decrease in a meaningful way.
Ensure formatting is compliant (make lint)
Setting up for development
Requires
python
GNU Make
(optional) pyenv - align local version
(optional) docker - run sample app
Running
make setup
You can run django with make run-django to test django app.
You can run tests with make test
You can view test coverage with make test-coverage, then see in the terminal, open test/htmlcov/index.html or use cov.xml in your favourite IDE like VSCode
Releasing
TWINE_PASSWORD=<api key> make release
Cleanup
make cleanup
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_backblaze_b2-1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a28db94f1752aaa94fe89bbc22012b138163a1aac1ba33bcf729b3c26a2a6198 |
|
MD5 | f4fcdbca70f0db194e31c23cb6803de9 |
|
BLAKE2b-256 | 3aa4f52d882dfb385332ab8755c72a50e63e0548651677d079973e5ee605c935 |