Skip to main content

Django storage backend that can be used to serve files via lighttpd's mod_secdownload module. This storage backend is an extension to the reqular FileSystemStorage that will generate proper signed download urls.

Project description

Django storage backend that can be used to serve files via lighttpd’s mod_secdownload module. This storage backend is an extension to the reqular FileSystemStorage that will generate proper signed download urls.

Installation

pip install django-secdownload-storage

or:

easy_install django-secdownload-storage

or via source checkout:

hg clone https://bitbucket.org/ionelmc/django-secdownload-storage
cd django-secdownload-storage
python setup.py install

Usage

In your django models you should add storage=SecDownloadFileSystemStorage() to the fields you want served via secdownload.

Required settings:

SEC_DOWNLOAD_ENABLED = True
SEC_DOWNLOAD_SECRET_KEY = 'VERYVERYSECRET'
SEC_DOWNLOAD_MEDIA_URL = MEDIA_URL + 'dl/'

Example model:

import secdownload_storage

class Foo(models.Model):
  secret_picture = models.ImageField(upload_to='secret-pictures', storage=secdownload_storage.SecDownloadFileSystemStorage())

You need to enable mod_secdownload and have configuration similar to this (see http://redmine.lighttpd.net/wiki/1/Docs:ModSecDownload for more info):

secdownload.secret = "VERYVERYSECRET"
secdownload.document-root = "/path/to/media"
secdownload.uri-prefix = "/dl/"
secdownload.timeout = 3600

Also, note that you should disallow access to those files in the lighttpd configuration as they would be served with your regular media files. Eg:

$HTTP["url"] =~ "^/media/secret-pictures" {
    url.access-deny = ("")
}

Configuration

  • SEC_DOWNLOAD_ENABLED - set this to False to disable signing the urls and generate them like FileSystemStorage. This is useful for development (if you use django’s devserver).

  • SEC_DOWNLOAD_SECRET_KEY - this is the secret key that is used to sign the requests

  • SEC_DOWNLOAD_MEDIA_URL - this is the prefix path that’s used instead of MEDIA_URL when SEC_DOWNLOAD_ENABLED is set to True. If SEC_DOWNLOAD_ENABLED is set to False SecDownloadFileSystemStorage will use MEDIA_URL for the prefix instead.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-secdownload-storage-0.1.1.tar.gz (2.7 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page