I have image upload in my system. I am struggling to understand what is the logic of serving images.
If I upload directly to wwwroot, the files will be accessible to everyone, which is not what I want.
I understand I could save the file contents in the database as base64 but those can be big files, and I would like them on the server in files.
I could convert them on the fly when requested. Most probably getting the path to file, then loading it in a memory stream and spitting out the base64. But seems overkill, and not an elegant solution. I use Automapper for most data and I have to write some crazy custom mappers, which I will If there is no other way.
I could create virtual path, which from what I understand maps physical path on server to a url which doesn't seem any different than option 1
I fancy there is a way to spit out a link/url that this user has access to (or at least logged users) that can be passed to the app so it can load it. Is this impossible or unreasonable? Or am I missing something?
What is the correct way of doing in general?
Also, what is a quick way to do it without spending days for setup?
To protect the specific static files, you can try the solutions explained in this official doc.
Solution A: Store static files you want to authorize outside of wwwroot, and call UseStaticFiles to specify a path and other StaticFileOptions after calling UseAuthorization, then set the fallback authorization policy.
Solution B: Store static files you want to authorize outside of wwwroot, and serve it via a controller action method to which authorization is applied and return a FileResult object.
Related
I want the user to upload his picture when he registers his information.
The thing is when the user uploads his image.. should automatically create a folder with his ID to be like this wwwroot/images/UserID/fadi.jpg
Basically: you really shouldn't. The wwwroot is for static assets used by the application. You're using server-side, so in theory it might be possible but that's not what the folder is meant for. An alternative method like AWS would be preferred, but if you can't do that (either because of payment requirements or other complications) I would suggest saving the image to your database. One way to do this would be to base64 encode the image and save it that way. I'm not going to give an example of that here, there are plenty available elsewhere. One such example is this.
I'm building an application (Rails 3.2.8) where user can upload music tracks and associated clip. While clips can be publicly accessible, track can't be accessible without purchasing. I'm using carrierwave for uploading the both types of files. However, I do not want to expose the actual track path to the users.
What techniques such services use to protect hotlinking and/or unauthorized access to the files?
Currently, the carrierwave path is like:
def store_dir
"tracks/#{model.user_id}/"
end
However, this is very vulnerable. Anyone can easily guess the url.
For authorised downloading, i can consider:
1. Static download link (this link is valid all time for that user. however, no guests or other users can use that URL)
2. General temporary links for each download!
Please enlighten me with the ways I can consider (i will study them) so that i can secure the files from downloading without purchases.
Seems like you want both, public for the clip and private for the track.
I am trying to implement this as well with the approach below (not tested)
def fog_public
return #job.job_kind == 'public'
end
s3 allows you to store private file, they will be available only for a given period and with an access token.
With carrierwave, you simply have to set the fog_publig to false as described here https://github.com/jnicklas/carrierwave#using-amazon-s3
I see that this has been asked here before, but nothing since Meteor.http has been available. I'm still grasping the concepts of Meteor and file uploads are totally eluding me.
Here's my question:
So, in what I believe to be the right method,
Meteor.http.call("POST", url, [options], [asyncCallback]) what do you put for the url? With the client/server javascript relationship in meteor, it doesn't seem like it really uses urls that much.
If anyone has a basic example of a file upload in meteor, that would just be extra awesome.
well been playing a bit with meteor. Made a collectionFS a mix of meteor and gridFS (could be compatible).
Test it here: http://collectionfs.meteor.com/
It support quit large files, multiple files, users etc. I've tested a 50Mb seems ok, if connection is lost or browser dies the user can resume upload.
It should even be possible to have multiple users upload to exact same file - haven't quit found a usecase for it, but it's possible.
Accounts, publishing etc. is as with collections - the test is in autopublish mode, though only meta data is avaliable - chunks of data is served in background via blobs.
I'll try getting it on github,
Take a look at filepicker.io. They handle the upload, store it into your S3, and return to you the url that you can dump into your db.
Wget the filepicker script into your client folder.
wget https://api.filepicker.io/v0/filepicker.js
Insert a filepicker input tag
<input type="filepicker" id="attachment">
In the startup, initialize it:
Meteor.startup( function() {
filepicker.setKey("YOUR FILEPICKER API KEY");
filepicker.constructWidget(document.getElementById('attachment'));
});
Attach a event handler
Template.templateNameHere.events({
'change #attachment': function(evt){
console.log(evt.files);
}
});
(I had posted on How would one handle a file upload with Meteor? Sorry. I'm new here. Is it kosher to copy the same answer twice? Anyone who knows better can feel free to edit this.)
Checkout how to accomplish this using Meteor.Method on the server and the FileReader's api on the client
https://gist.github.com/dariocravero/3922137
After several searches, this looks to me the easiest (and for the moment the meteor's style way) to handle a file upload with no extra dependencies.
Since meteor includes JQuery by default, you can utilize a Jquery plugin for that, i presume, something like: https://github.com/blueimp/jQuery-File-Upload/wiki/Options can do the trick for you, and supports both GET and PUT.
Otherwise it would be a pain in the ass to get it to work, but not impossible, since you can access PUT in meteor.
If you would prefer a more pure JS sollution maybe you can look at: http://igstan.ro/posts/2009-01-11-ajax-file-upload-with-pure-javascript.html
And adapt it.
There is no ready made support for file uploads so share what you come up with, i would be very interested!
Alternatively (if you wouldn't like to use a 3rd party solution like filepicker) you could use the meteor router package.
This handles the HTTP requests on server-side.
I am using Zend Framework, and am creating a image upload for users. So, I decided to split the users images by having a folder per user in an example directory such as /var/www/upload/user and I am planning to use PHP mkdir to create a directory for each user. While the apache public data directory is at: /var/www/domain.com/public_html. So, I am not sure how am I supposed to proceed. Because the images are not in the public_html file, how will I link the images and display it on the website? What is the solution to this? or is my setup flawed?
If you store the images outside the public folder, then you probably need to create an controller/action that accepts info that identifies the image and then sends it back to the browser - complete with correct mime headers - via readfile().
In some circumstances, this makes sense: if these resources need to be restricted based upon some Auth/Acl criteria, for example. If the images uploaded by user X are not public to all users/visitors, but private to user X (or some other set of users/visitors you identify), then this approach applies.
But if these image resources are public to all, then running access to them through the entire MVC dispatch cycle seems like a lot of overhead.
I suggest you use a solution like this:
structure your applications:
application
data
library
public
in application.ini
data_uploads = APPLICATION_PATH "/../data/uploads"
in Bootstrap.php
public function _initDefines()
{
define('DATA_UPLOADS', $this->getOption('data_uploads'));
}
for single user create a dir in data/uploads
simple and effective! ;)
So, I have a bunch of HTML is being stored in a SQLite database, and they link back and forth amongst themselves. When a user clicks to follow a link, that request needs to be serviced by pulling the appropriate HTML out of the database. This could result in needing to load images, which are also being stored in the database (this is a future thing; there are no images yet, but I'd like to be able to use them). I've looked through the WebKit documentation, but can't quite figure out how to make this happen. I've mostly looked at WebFrameLoadDelegate and WebResourceLoadDelegate, but I didn't see one that would let me catch the request, grab the appropriate content, and then send that in a response.
Ideas? I'm pretty new to Objective-C and Cocoa, but I think I'm mostly getting the hang of things.
How do the pages which are stored in the database link to each other? It is probably easiest if they use some sort of customer URL scheme to start with.
The approach I would use is to implement
-webView:resource:willSendRequest:redirectResponse:fromDataSource:
in your resource load delegate. If the request is for a resource that is actually located in your database, return a new[1] NSURLRequest which uses a custom URL protocol which points to the database resource:
x-my-scheme:///table/row
[1] Unless you are already linking amongst your resources with the custom URL scheme - then you can skip this step.
Then, implement a custom NSURLProtocol for x-my-scheme which knows how to retrieve the data from the database. The PictureBrowser sample gives a simple example of how this is done.