www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - Vibe.d serve files from filesystem

reply eXodiquas <exodiquas gmail.com> writes:
Hello everyone,

I build a web tool that allows people to upload some files. Those 
files should not be public, so I copy them into a folder hidden 
away on the filesystem. But, I want an authenticated user to be 
able to look at them. Those files are PDFs and mp3/4s. So my idea 
was to use an `iframe` with a `src="path/to/file"` but this is 
not working, because vibed wants to map it to a route but there 
is and there should be none. Is there a way to use iframes in 
this way, or do I need to approach this problem differently?

Thanks in advance.

eXo
Jan 11 2023
parent evilrat <evilrat666 gmail.com> writes:
On Wednesday, 11 January 2023 at 18:56:47 UTC, eXodiquas wrote:
 Hello everyone,

 I build a web tool that allows people to upload some files. 
 Those files should not be public, so I copy them into a folder 
 hidden away on the filesystem. But, I want an authenticated 
 user to be able to look at them. Those files are PDFs and 
 mp3/4s. So my idea was to use an `iframe` with a 
 `src="path/to/file"` but this is not working, because vibed 
 wants to map it to a route but there is and there should be 
 none. Is there a way to use iframes in this way, or do I need 
 to approach this problem differently?

 Thanks in advance.

 eXo
You will probably need to write a custom route handler that handles some authentication and returns files in response to a user. Since vibe.d routes handled in order you will need to add such route before generic '*' route. Take a look at this example https://vibed.org/docs#http-routing You can probably just write a handler like addUser for router.get('*', serveMyFiles) and write your own file handling logic. ```d // PSEUDOCODE // use this handler in router.get('*', serveMyFiles) void serveMyFiles(HTTPServerRequest req, HTTPServerResponse res) { enforceHTTP("file" in req.form, HTTPStatus.badRequest, "No file specified."); // don't just use raw input from the user, users can access your whole filesystem with some hackery!! res.writeBody(readfile("/users/"~req.form["file"])); } ```
Jan 12 2023