Skip to main content

A simple Django app to serve protected media

Project description

![Build Status](https://www.travis-ci.org/cobusc/protected-media-prototype.svg?branch=master)

Django Protected Media
======================

Django Protected Media is a Django app that manages media that are considered
sensitive in a protected fashion.

Not only does the media get stored in a separate filesystem location, but authorisation
is also required to access it.

The application allows for setups where Django performs the authorisation, but
hands off the serving of the file to a web server, like Nginx.

Quick start
-----------

1. Add "protected_media" to your INSTALLED_APPS setting like this:
```python
INSTALLED_APPS = [
...
'protected_media',
]
```

2. Include the URLconf in your project urls.py like this::
```
url(r'^protected/', include('protected_media.urls')),
```

3. Add the following settings to `settings.py` if the defaults need to be tweaked:
```python
PROTECTED_MEDIA_ROOT = "%s/protected/" % BASE_DIR
PROTECTED_MEDIA_URL = "/protected"
PROTECTED_MEDIA_SERVER = "nginx" # Defaults to "django"
PROTECTED_MEDIA_LOCATION_PREFIX = "/internal" # Prefix used in nginx config
```

4. Use the new field classes in your models:
```python
def SomeModel(models.Model):
document = ProtectedFileField(upload_to="uploads/")
picture = ProtectedImageField(upload_to="uploads/")
# Files will be stored under PROTECTED_MEDIA_ROOT + upload_to
```

Overview
--------

Django manages media based on the following definitions:
```python
BASE_DIR = "/some/application/dir/"
MEDIA_ROOT = "%s/media/" % BASE_DIR
MEDIA_URL = "/media/"
```

File- and image fields are typically defined as:
```python
document = models.FileField(upload_to="uploads/")
picture = models.ImageField(upload_to="uploads/")
# Files will be stored under MEDIA_ROOT + upload_to
```

In a typical production environment one would let `nginx` (or some other server) serve the media:
```
# Publicly accessible media
location ^~ /media/ {
alias /some/application/dir/media
}
```

This works well when the media should be publically accessible. However, if the media should be protected, we need a way for Django to check whether the request for the media should only be allowed for logged in (or more stringent criteria) users.

The `protected_media` application
--------------------------------
The `protected_media` application consists of
* new `settings.py` attributes,
* a customized FileSystemStorage class,
* a custom handler for the protected media URL and
* additional web server configuration if serving via `nginx` or something similar.

Protected media is stored in a different physical location to publically accessible media. The following settings can be specified in `settings.py`:
```python
PROTECTED_MEDIA_ROOT = "/some/application/dir/protected/"
PROTECTED_MEDIA_URL = "/protected"
PROTECTED_MEDIA_SERVER = "nginx" # Defaults to "django"
PROTECTED_MEDIA_LOCATION_PREFIX = "/internal" # Prefix used in nginx config
```

When defining a file or image field that needs to be protected, we use one of the
classes provided by the `protected_media` application:
* `ProtectedFileField`
* `ProtectedImageField`

Protected file- and image fields are typically defined as:
```python
document = ProtectedFileField(upload_to="uploads/")
picture = ProtectedImageField(upload_to="uploads/")
# Files will be stored under PROTECTED_MEDIA_ROOT + upload_to
```

These classes have a custom storage backend `ProtectedFileSystemStorage` which mananges the filesystem location and URLs associated with protected media.

When `nginx` is used, the configuration must be updated to look like this:
```
# Publicly accessible media
location /media {
alias /some/application/dir/media;
}

# Protected media
location /internal {
internal;
alias /some/application/dir/protected;
}
```

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-protected-media-0.0.2.tar.gz (7.5 kB view details)

Uploaded Source

File details

Details for the file django-protected-media-0.0.2.tar.gz.

File metadata

File hashes

Hashes for django-protected-media-0.0.2.tar.gz
Algorithm Hash digest
SHA256 6db4872ef5a9f2ea9f4facb62da743d495fffa3c58add7c7f7c8c10498d6ffcb
MD5 7ee522f5a34a691f27e13f8a42395be9
BLAKE2b-256 b3b29abf6d603fa2ebb4a05181f8fb0e4ad9533495dbd79b122624eb841ec88d

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page