www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - Vibe.d serve files from filesystem

reply eXodiquas <exodiquas gmail.com> writes:
Hello everyone,

I build a web tool that allows people to upload some files. Those 
files should not be public, so I copy them into a folder hidden 
away on the filesystem. But, I want an authenticated user to be 
able to look at them. Those files are PDFs and mp3/4s. So my idea 
was to use an `iframe` with a `src="path/to/file"` but this is 
not working, because vibed wants to map it to a route but there 
is and there should be none. Is there a way to use iframes in 
this way, or do I need to approach this problem differently?

Thanks in advance.

eXo
Jan 11 2023
parent evilrat <evilrat666 gmail.com> writes:
On Wednesday, 11 January 2023 at 18:56:47 UTC, eXodiquas wrote:

 Hello everyone,

 I build a web tool that allows people to upload some files. 
 Those files should not be public, so I copy them into a folder 
 hidden away on the filesystem. But, I want an authenticated 
 user to be able to look at them. Those files are PDFs and 
 mp3/4s. So my idea was to use an `iframe` with a 
 `src="path/to/file"` but this is not working, because vibed 
 wants to map it to a route but there is and there should be 
 none. Is there a way to use iframes in this way, or do I need 
 to approach this problem differently?

 Thanks in advance.

 eXo


You will probably need to write a custom route handler that 
handles some authentication and returns files in response to a 
user.

Since vibe.d routes handled in order you will need to add such 
route before generic '*' route.

Take a look at this example
https://vibed.org/docs#http-routing

You can probably just write a handler like addUser for 
router.get('*', serveMyFiles) and write your own file handling 
logic.


```d
// PSEUDOCODE

// use this handler in router.get('*', serveMyFiles)
void serveMyFiles(HTTPServerRequest req, HTTPServerResponse res)
{
   enforceHTTP("file" in req.form, HTTPStatus.badRequest, "No file 
specified.");
   // don't just use raw input from the user, users can access 
your whole filesystem with some hackery!!
   res.writeBody(readfile("/users/"~req.form["file"]));
}

```
Jan 12 2023