Mongrel_crypted_download GemPlugin
IMPORTANT!! Required encrypted_strings plugin agilewebdevelopment.com/plugins/encrypted_strings
The need to send secured files in a fast and reliable way is common.
Sending a file from inside of a web application can be slow and also utilizes an entire application thread/process until the user is done downloading the file. Also is crypt path by encrypted_strings plugin agilewebdevelopment.com/plugins/encrypted_strings
<uri-prefix> is a directory that does not exist in the directory structure of the application but does exist in the directory structure of the server. example: /download_file
<relative-path> is the crypted by encrypted_strings plugin path to the file. example: /public/attachments/
<file-name> is the name of file without path.
<timestamp> is the number of seconds since epoch until the time when this download expires example (in ruby on rails): 1.minute.from_now.to_i.to_s
<token> is the SHA1 hash of the concatenation of the following items:
To use the plugin you need to do the following:
1) setup the handler within a configuration script and pass in the secret string.
example configuration script:
uri “/download_file”, :handler => plugin(‘/handlers/crypteddownload’)
2) In your application, form a secured URI by creating the proper parameters and perform an SHA1 hash of the parameters to create the proper token
example code (ruby on rails): @track = Track.find(params) @attachment = Attachment.find(params)
url = CryptedDownload.generate(@attachment.filename, “/public”[email protected]_filename.gsub(/#@[email protected]/, ”), “/download_files”, request)
redirect_to url
3) Start mongel by passing in the location of the configuration script from step 1 with the -S command line switch
example:
mongrel_rails start -S config/mongrel_crypted_download.conf
Error messages
If any of the parameters in the URI or the secret_string are missing the handler returns a 500 Application Error.
If the token passed in as a parameter does not match the token generated by the handler (if someone tries to guess the token) the handler returns a 403 Forbidden error.
If the timestamp is earlier than the current server time, meaning that the file is no longer a valid download then the handler returns a 408 Request Time-out Error. This error is not technically correct but it makes the most sense in the context of the handler.