Skip to main content

Django Time-Token File Storage

Project description

This is a simple extension to Django’s FileSystemStorage that adds a URL parameter carrying a shared token, which is only valid for a defined period of time.

Functionality

This is a drop-in replacement for the Django FileSystemStorage, usable if media files are served by Django itself. It does currently not work if media files are served from an independent web server.

The storage and its accompanying view do the following:

  • When a URL to a storage file is generated, a HMAC-based token is generated

  • The token and the timestamp when it was generated are appended as request parameters to the URL

  • Upon retrieval of the file through the accompanying view, the requested file name and the passed timestamp are used to recalculate the HMAC-based token

  • Only if the tokens match, and a configured timeout has not passed, is the file served

The HMAC-based token ensures that the token is invalidated when:

  • The filename changes

  • The timestamp changes

  • The mtime of the file changes

  • The SECRET_KEY changes

The HMAC is salted with the SECRET_KEY.

Installation

To add django-titofisto to a project, first add it as dependency to your project, e.g. using poetry:

$ poetry add django-titofisto

django-titofisto will use the base FileSystemStorage for almost everything, including determining the MEDIA_ROOT. It merely adds a token as URL parameter to whatever the base FileSystemStorage.url() method returns.

Add the following to your settings:

DEFAULT_FILE_STORAGE = "titofisto.TitofistoStorage"
TITOFISTO_TIMEOUT = 3600  # optional, this is the default
TITOFISTO_PARAM = "titofisto_token"  # optional, this is the default

Add the following to your URL config:

from django.conf import settings
from django.urls import include, path

urlpatterns += [
    path(settings.MEDIA_URL.removeprefix("/"), include("titofisto.urls")),
]

Django will start serving media files under the configured MEDIA_URL.

Credits

django-titofisto was developed for the AlekSIS school information system by its team.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-titofisto-0.1.2.post1.tar.gz (9.6 kB view details)

Uploaded Source

Built Distribution

django_titofisto-0.1.2.post1-py3-none-any.whl (15.2 kB view details)

Uploaded Python 3

File details

Details for the file django-titofisto-0.1.2.post1.tar.gz.

File metadata

  • Download URL: django-titofisto-0.1.2.post1.tar.gz
  • Upload date:
  • Size: 9.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/52.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.2

File hashes

Hashes for django-titofisto-0.1.2.post1.tar.gz
Algorithm Hash digest
SHA256 e3b0783142d075aadda1c041061f84affdbe767ffaeebd0f615359723339c208
MD5 32fe74ecaf19f6b911abdca3f0cc6157
BLAKE2b-256 9528910d278a342a934134c59bd3caff2ab12df70c1cff26da8b26bff96495e0

See more details on using hashes here.

File details

Details for the file django_titofisto-0.1.2.post1-py3-none-any.whl.

File metadata

  • Download URL: django_titofisto-0.1.2.post1-py3-none-any.whl
  • Upload date:
  • Size: 15.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/52.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.2

File hashes

Hashes for django_titofisto-0.1.2.post1-py3-none-any.whl
Algorithm Hash digest
SHA256 abebb5db39562bde9999ffd4afe67d43eefae37c8a7ec7abbe611420e6f8aca0
MD5 9ff41888b08915959f1ec3e1eb594242
BLAKE2b-256 5c933d9bcf33ee0a1419a868c05e64878a8fb13ad1ea5c787f944bf84b3f7116

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page