sinfonie/photo26
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Merge branch 'force_auth' into 'master'

Browse source 
Use NGINX X-Accel-Redirect to protect media

Closes #22

See merge request bde/photo21!13
This commit is contained in:
erdnaxe 2021-10-22 17:56:15 +02:00
commit fb43ac14b7
3 changed files with 22 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/nginx_photos
View file

@ -34,8 +34,14 @@ server {
error_log /var/log/nginx/photos.crans.org_error.log; error_log /var/log/nginx/photos.crans.org_error.log;
access_log /var/log/nginx/photos.crans.org_access.log; access_log /var/log/nginx/photos.crans.org_access.log;
# Allow 2Go upload at once
client_max_body_size 2G;
# Django statics and media # Django statics and media
location /media { # Do not directly serve media, it must be authorized
# by a Django view to check permissions
location /protected/media {
internal;
alias /var/www/photos/photo21/media; alias /var/www/photos/photo21/media;
} }
location /static { location /static {

6
photo21/urls.py
View file

@ -14,11 +14,11 @@ Including another URLconf
2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) 2. Add a URL to urlpatterns: path('blog/', include('blog.urls'))
""" """
from django.contrib import admin from django.contrib import admin
from django.urls import include, path from django.urls import include, path, re_path
from django.conf import settings from django.conf import settings
from django.conf.urls.static import static from django.conf.urls.static import static
from .views import IndexView from .views import IndexView, MediaAccess
# photologue_custom overrides some photologue patterns # photologue_custom overrides some photologue patterns
urlpatterns = [ urlpatterns = [
@ -33,3 +33,5 @@ urlpatterns = [
if settings.DEBUG: if settings.DEBUG:
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
else:
urlpatterns.append(re_path('^media/(?P<path>.*)', MediaAccess.as_view(), name='media'))

12
photo21/views.py
View file

@ -2,10 +2,20 @@
# SPDX-License-Identifier: GPL-3.0-or-later # SPDX-License-Identifier: GPL-3.0-or-later
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.generic import ListView from django.views.generic import ListView, View
from django.http import HttpResponse
from photologue.models import Gallery from photologue.models import Gallery
class MediaAccess(LoginRequiredMixin, View):
def get(self, request, path):
response = HttpResponse()
# Content-type will be detected by nginx
del response['Content-Type']
response['X-Accel-Redirect'] = '/protected/media/' + path
return response
class IndexView(LoginRequiredMixin, ListView): class IndexView(LoginRequiredMixin, ListView):
queryset = Gallery.objects.on_site().is_public() queryset = Gallery.objects.on_site().is_public()
paginate_by = 4 paginate_by = 4