Hey fellow zope fiends. I've got a little project I'm working on that involves setting up multiple one-time downloads. I'm curious if anyone out there has done something similar that would like to share ideas and or code. My concept was to have all the files in a secure directory somewhere. Make a temporary directory somewhere with a random id "oahnw3487cfyawcry7baw385vbyawy348vyaw" or whatever... Set the directory name and a flag into a db somewhere. Then after the download is complete (or after a certain amount of time, delete the dir and the files. Anyone have something like this already? Thanks! -ed- -- Green Graphics ::: Print and Web Design ::: 510.923.0000
On Wed, 18 Jun 2003 10:51:38 -0700 (PDT) Ed Colmar <ed@greengraphics.net> wrote:
Hey fellow zope fiends.
I've got a little project I'm working on that involves setting up multiple one-time downloads.
I'm curious if anyone out there has done something similar that would like to share ideas and or code.
My concept was to have all the files in a secure directory somewhere. Make a temporary directory somewhere with a random id "oahnw3487cfyawcry7baw385vbyawy348vyaw" or whatever... Set the directory name and a flag into a db somewhere. Then after the download is complete(or after a certain amount of time, delete the dir and the files.
Yes, it is not real hard. You will probably need an external method. Here is what I do, more or less: import sha, os my_secret='Put your site secret string here' f_base='absolute path to file base' def upload(self, name, attachment): # make sure index.html is there # to block people from simply reading the directory if not os.access(f_base+'/index.html', os.F_OK): f.open('index.html', w) f.write("""<html><head><title>No Peaking</title></head> <body>No Peaking!</body></html>""" f.close() so=sha.new(my_secret+name) hx=so.hexdigest() fpth=f_base+name+hx+'.html' # or whatever extension f=open(fpth, 'wb') while 1: s=attachment.read(4096) if not s: break once = 1 f.write(s) f.close() return fpth Then you can use fpth to compose your email, athough you probably actually want to construct an URL, not a file path. And a simple cron job can take care of cleaning the directory for you periodically. Just try to avoid deleting index.html. Jim Penny
Anyone have something like this already?
Thanks!
-ed-
-- Green Graphics ::: Print and Web Design ::: 510.923.0000
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Hi Ed, Ed Colmar wrote:
Hey fellow zope fiends.
I've got a little project I'm working on that involves setting up multiple one-time downloads.
I'm curious if anyone out there has done something similar that would like to share ideas and or code.
My concept was to have all the files in a secure directory somewhere. Make a temporary directory somewhere with a random id "oahnw3487cfyawcry7baw385vbyawy348vyaw" or whatever... Set the directory name and a flag into a db somewhere. Then after the download is complete (or after a certain amount of time, delete the dir and the files.
Anyone have something like this already?
No need to create something in Zope for every possible download. You place your file somewhere in a download directory. You remove "view" permission from it for anonymous you can add a role in root folder for example, called "download" - give the view permission to manager and download for this file. Place a python script in the path where you want to provide the download. Give that script proxy role as "download" (you must also have this role to make this - simply edit your user object in acl_users) The script should read like this: cookie,filename=traverse_subpath if context.sqlQueryToCheckId(identification=cookie) file=context.filefolder[filename] response.setHeader('content-type':file.content_type) return file.data return context.ErrorMessageTemplate(context) You can add something to check the filename, although if you do it right the script can only provide access to files when the cookie is the right one and where the fileobject is accessible for the role "download". From your HTML or E-Mail you refer to the file like this: http://yourserver/pathToDownload/DownloadScript/1qwe7aadea7868sfsfd/file_to_... ^^^^^^^^ ^^^^^^ ^^^^ The script above the "cookie" the file HTH Tino Wildenhain
Thanks for all the responses. Here is what I ended up doing, for those of you that would like to do something similar. I love the zope community. You all rock! -ed- def genfoldername(self): """ generate a random folder name """ chars = string.letters + string.digits foldername = '' for i in range(23): foldername = foldername + choice(chars) return foldername def make_download_folder(self, filename, useridref): """ make a temporary download location """ f_base = "/somestoragefolder/" # file storage d_base = "/sometempfolder/" # temporary download location ## First, Generate a random string foldername = self.genfoldername() ## Make a download folder tempdlpath = d_base + foldername os.mkdir(tempdlpath) ## Make a symbolic link to the temporary folder filepath = f_base + filename tempfilepath = tempdlpath + '/' + filename os.symlink(filepath, tempfilepath) ## Check DB for other items matching this useridref result = self.SQL_get_downloads_by_useridref(useridref=useridref) ## Delete all outstanding downloads for download in result: this_downloadid = download['downloadid'] this_filename = download['filename'] this_folder = download['foldername'] this_file_location = d_base + this_folder + '/' + this_filename this_folder_location = d_base + this_folder os.remove(this_file_location) os.rmdir(this_folder_location) self.SQL_mark_file_downloaded(downloadid=this_downloadid) ## Insert download record into DB self.SQL_add_download(foldername=foldername, filename=filename, useridref=useridref) return foldername + '/' + filename -- Green Graphics ::: Print and Web Design ::: 510.923.0000
participants (3)
-
Ed Colmar -
Jim Penny -
Tino Wildenhain