Pinax＆Apache：仅向经过验证的用户传递附件

Question

我希望Apache和Pinax仅向经过身份验证的用户传递附件。

我发现这个post，但我不能让它工作。

我的Apache-conf的文件：

WSGIPythonPath /usr/local/bin/python 

<VirtualHost *:80> 
    ServerName  www.domain.com 
    ServerAlias  domain.com 


    WSGIDaemonProcess k-production python-path=/path/to/app/pinax-env/lib/python2.6/site-packages 
    WSGIProcessGroup k-production 

    Alias /site_media /path/to/app/cp/site_media  
    <Directory /path/to/app/cp/site_media> 
    Order deny,allow 
    Allow from all 
    </Directory> 

    WSGIScriptAlias /site_media/media/attachments /path/to/app/cp/deploy/pinax.wsgi 
    <Directory /path/to/app/cp/site_media/media/attachments> 
    Deny from all 
    </Directory> 

    XSendFile On 
    XSendFileAllowAbove On 

    WSGIScriptAlias//path/to/app/cp/deploy/pinax.wsgi 
    <Directory /path/to/app/cp/deploy> 
     Order deny,allow 
     Allow from all 
    </Directory> 

</VirtualHost> 

和我（仍然粗糙）认为，这应该被调用：

@login_required 
def sendfile(request, slug): 

    app, content_object_id, img = slug.split('/') 
    project_file = get_object_or_404(Attachment, attachment_file = 'attachments/'+slug) 
    response = HttpResponse() 
    response['X-Sendfile'] = os.path.join(settings.MEDIA_ROOT, 'attachments/'+slug) 
    content_type = 'application/octet-stream' 
    response['Content-Type'] = content_type 
    response['Content-Disposition'] = 'attachment; filename="%s"' % os.path.basename(os.path.join(settings.MEDIA_ROOT, 'attachments/'+slug)) 
    return response 

阿帕奇抛出一个403无论用户是否登录

通过开发服务器我可以访问视图，但没有数据会被传输。

出了什么问题？

Answer 1

我正在尝试做几乎完全相同的事情，并且解决方案竟然没有使用WSGIScriptAlias，而是使用常规别名来定义wsgi处理程序的目录。对于视图，我基本上只是写了一个django.views.static.serve的包装。

我的Apache的conf结束这样看：

# myproject 
<VirtualHost *:8080> 
    #DocumentRoot /var/www/myproject/public 
    ServerName myproject 
    ErrorLog /var/www/myproject/logs/apache_error_log 
    CustomLog /var/www/myproject/logs/apache_access_log common 

    AliasMatch ^/(media/uploads/protected/.*) /var/www/myproject/src/myproject-trunk/server/django.wsgi/$1 
    Alias /media/ /var/www/myproject/public/media/ 
    Alias//var/www/myproject/src/myproject-trunk/server/django.wsgi/ 

    <Directory /var/www/myproject/src/myproject-trunk/server> 
     Options ExecCGI 
     AddHandler wsgi-script .wsgi 
     # WSGIApplicationGroup %{GLOBAL} 
     Order allow,deny 
     Allow from all 
    </Directory> 

    <Directory /var/www/myproject/public/media> 
     Order deny,allow 
     Allow from all 
    </Directory> 
</VirtualHost> 

Answer 2

尝试集中在开发服务器上的第一 - 因为它是一个简单的设置，因此不容易出错。

也许试试这个：

@login_required def sendfile(request, slug): 
    ## these are never used  
    # app, content_object_id, img = slug.split('/') 
    # project_file = get_object_or_404(Attachment, attachment_file = 'attachments/'+slug) 

    response = HttpResponse() 
    response['X-Sendfile'] = os.path.join(settings.MEDIA_ROOT, 'attachments/'+slug) 

    import pdb; pdb.set_trace() 
    # your development server will stop here 
    # you can now inspect the your context, e.g. 
    # >> p response['X-Sendfile'] 
    # this should print the value of response['X-Sendfile'] 
    # >> c 
    # this will continue program execution 
    # for more commands see http://www.python.org/doc/2.4/lib/debugger-commands.html 

    content_type = 'application/octet-stream' 
    response['Content-Type'] = content_type 
    # Content-Disposition filename is only for suggesting a name for the file 
    # when the user tries to download it, e.g.: 
    # response['Content-Disposition'] = 'attachment; filename='localfile.txt' 
    response['Content-Disposition'] = 'attachment; filename="%s"' % os.path.basename(os.path.join(settings.MEDIA_ROOT, 'attachments/'+slug)) 
    return response 

---

但是，通过使用开发服务器，你不会得到任何文件送达，因为Apache会做服务的文件。 你可以确保发送给Apache的数据是正确的。 或者使用（不建议用于生产服务器）

f = open(os.path.join(settings.MEDIA_ROOT, 'attachments/'+slug), 'rb') 
response = HttpResponse(f.read()) 

，而不是

response = HttpResponse() 
response['X-Sendfile'] = os.path.join(settings.MEDIA_ROOT, 'attachments/'+slug) 

几个环节：

• Similar topic at stackoverflow