使用.htaccess为RoR应用程序提供静态内容

Question

How can I give users the ability to upload their content to my RoR application but then subsequent access to such static content that would be:

1. served by APACHE web server [to avoid the overhead of going via Rails], but

2. still want to have an authentication/authorization check to occur before they can access the content

The constraint is I'm on DreamHost shared platform where I have only access to the Apache .htaccess file and I can't add my own Apache modules.

Answer 1

You can do a redirect to static content, like

class ImagesController
  def show
    @image = Image.find(params[:id])
    if user_has_access_to @image
      redirect_to @image.bizarre_and_secret_image_location_that_is_served_by_apache
    else
      access_denied
    end
  end
end

It doesn't protect content completely, sure. Maybe making the static URLs temporary will help:

RewriteRule ^/images/RANDOMIZED_PREFIX_HERE/(.+)$ images/SECRET_IMAGE_LOCATION/$1 [L]

...now change the .htaccess file each hour. Of course the application should know the prefix, too.