Rails + Amazon S3 + Heroku: url to files on S3 are public how to secure, and how can admin add files to users folders?
Question
I have a rails app, where Im having a drop box like feature-set.
Each user has a login an password Each user can upload and download their own files. On their index page they see all the files they have uploaded. The urls to the files are saved in the db: within heroku
I have a few questions on how to approach some functionality that Id like to add to the app.
1) I, as an admin, would like to add files to the users folders, which will show up when the user logs into their app next time. Currently even if I drop the files in the folders users cant see it becuase their index.html page pulls up only those files that have their urls stored in the db
2) Currently file acces is by url so its public. This is a big problem. I would like to set up the app such that the url is not public. Since Im using heroku I cannot store them on the heroku servers and I wouldn't want to stream them into the app and then provide them to the user through Heroku. So whats the best way to server them directly from S3 but not reveal the url.
Thanks for your help
1 answers
solution1
0 ACCPTED 2012-06-19 02:46:13
I think the answer to 1) is to create an action that allows the admin to create a file object and associate it with a user.
As for 2) (and this should help with figuring out 1), incidentally), the Paperclip gem supports attaching files to a model, with an option to store the file on S3 (and the ability to specify the URL to that file).
Here's one of many related tutorials that walks through some considerations for protecting access to those files.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.