From 78b27e0ea681179d2e553c029869648227d8a034 Mon Sep 17 00:00:00 2001 From: Diederik van der Boor Date: Thu, 6 Oct 2016 16:45:20 +0200 Subject: [PATCH] IPO; first public version --- .gitignore | 17 ++ AUTHORS | 5 + CHANGES.rst | 10 + LICENSE | 201 ++++++++++++++++++ MANIFEST.in | 15 ++ README.rst | 120 +++++++++++ makemessages.py | 29 +++ private_storage/__init__.py | 2 + private_storage/appconfig.py | 8 + private_storage/fields.py | 62 ++++++ .../locale/en/LC_MESSAGES/django.po | 28 +++ .../locale/nl/LC_MESSAGES/django.po | 29 +++ private_storage/models.py | 31 +++ private_storage/permissions.py | 17 ++ private_storage/servers.py | 77 +++++++ private_storage/storage.py | 36 ++++ private_storage/urls.py | 6 + private_storage/utils.py | 27 +++ private_storage/views.py | 52 +++++ setup.cfg | 3 + setup.py | 81 +++++++ 21 files changed, 856 insertions(+) create mode 100644 .gitignore create mode 100644 AUTHORS create mode 100644 CHANGES.rst create mode 100644 LICENSE create mode 100644 MANIFEST.in create mode 100644 README.rst create mode 100755 makemessages.py create mode 100644 private_storage/__init__.py create mode 100644 private_storage/appconfig.py create mode 100644 private_storage/fields.py create mode 100644 private_storage/locale/en/LC_MESSAGES/django.po create mode 100644 private_storage/locale/nl/LC_MESSAGES/django.po create mode 100644 private_storage/models.py create mode 100644 private_storage/permissions.py create mode 100644 private_storage/servers.py create mode 100644 private_storage/storage.py create mode 100644 private_storage/urls.py create mode 100644 private_storage/utils.py create mode 100644 private_storage/views.py create mode 100644 setup.cfg create mode 100755 setup.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e63dffc --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +*.pyc +*.pyo +*.mo +*.db +*.egg-info/ +*.egg/ +.coverage +.project +.idea/ +.pydevproject +.idea/workspace.xml +.tox/ +.DS_Store +build/ +dist/ +docs/_build/ +htmlcov/ diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..3737f69 --- /dev/null +++ b/AUTHORS @@ -0,0 +1,5 @@ +Diederik van der Boor (@vdboor) + +Inspired by: +https://github.com/RacingTadpole/django-private-media +https://bitbucket.org/vvangelovski/django-private-files diff --git a/CHANGES.rst b/CHANGES.rst new file mode 100644 index 0000000..72c0328 --- /dev/null +++ b/CHANGES.rst @@ -0,0 +1,10 @@ +Changelog +========= + +Version 1.0 +----------- + +First PyPI release. + +The module design has been stable for quite some time, +so it's time to show this module to the public. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/MANIFEST.in b/MANIFEST.in new file mode 100644 index 0000000..9ed867b --- /dev/null +++ b/MANIFEST.in @@ -0,0 +1,15 @@ +include AUTHORS +include README.rst +include LICENSE +recursive-include fluent_contents/locale * +recursive-include fluent_contents/templates *.html +recursive-include fluent_contents/static * +recursive-include fluent_contents/plugins/*/static * +recursive-include fluent_contents/plugins/*/templates *.html +recursive-include fluent_contents/tests/testapp/templates *.html +global-exclude .DS_Store +global-exclude Thumbs.db +global-exclude Desktop.ini +global-exclude *.swp +global-exclude *~ +global-exclude *.bak diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..c66af72 --- /dev/null +++ b/README.rst @@ -0,0 +1,120 @@ +django-private-storage +====================== + +This module offers a private media file storage, +so user uploads can be protected behind a login. + +Installation +============ + +:: + + pip install django-private-storage + +Configuration +------------- + +Add to ``urls.py``: + +.. code-block:: python + + import private_storage.urls + + urlpatterns += [ + url('^private-media/', include(private_storage.urls)), + ] + +Add to the settings: + +.. code-block:: python + + PRIVATE_STORAGE_ROOT = '/path/to/private-media/' + PRIVATE_STORAGE_AUTH_FUNCTION = 'apps.utils.private_storage.permissions.allow_staff' + +Usage +----- + +In a Django model, add the ``PrivateFileField``: + +.. code-block:: python + + from django.db import models + from private_storage.fields import PrivateFileField + + class MyModel(models.Model): + title = models.CharField("Title", max_length=200) + file = PrivateFileField("Title") + +The ``PrivateFileField`` also accepts the following kwargs: + +* ``upload_to``: the subfolder in the ``PRIVATE_STORAGE_ROOT``. +* ``upload_subfolder``: a function that defines the folder, it receives the current model ``instance``. +* ``content_types``: allowed content types +* ``max_file_size``: maximum file size. + +Other topics +============ + +Defining access rules +--------------------- + +The ``PRIVATE_STORAGE_AUTH_FUNCTION`` defines which user may access the files. +By default, this only includes superusers. + +The function receives a ``private_storate.models.PrivateFile`` object, +which has the following fields: + +* ``request``: the Django request. +* ``storage``: the storage engine used to retrieve the file. +* ``relative_name``: the file name in the storage. +* ``full_path``: the full file system path. +* ``exists()``: whether the file exists. +* ``content_type``: the HTTP content type. + +Optimizing large file transfers +------------------------------- + +By default, the files are served by the Django instance. +This can be inefficient, since the whole file needs to be read in chunks +and passed through the WSGI buffers, OS kernel and webserver. +In effect, the complete file is copied several times through memory buffers. + +Hence, webservers offer a method to send the file on behalf of the backend application. +This happens with the ``sendfile()`` system call, +which can be enabled with the following settings: + +For apache +~~~~~~~~~~ + +.. code-block:: python + + PRIVATE_STORAGE_SERVER = 'apache' + +For Nginx +~~~~~~~~~ + +.. code-block:: python + + PRIVATE_STORAGE_SERVER = 'nginx' + PRIVATE_STORAGE_INTERNAL_URL = '/private-x-accel-redirect/' + +Add the following location block in the server config: + +.. code-block:: nginx + + location /private-x-accel-redirect/ { + internal; + alias /path/to/private-media/; + } + +Other webservers +~~~~~~~~~~~~~~~~ + +The ``PRIVATE_STORAGE_SERVER`` may also point to a dotted Python class path. +Implement a class with a static ``serve(private_file)`` method. + +Contributing +------------ + +This module is designed to be generic. In case there is anything you didn't like about it, +or think it's not flexible enough, please let us know. We'd love to improve it! diff --git a/makemessages.py b/makemessages.py new file mode 100755 index 0000000..fa5842d --- /dev/null +++ b/makemessages.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python +import os +import django +from os import path +from django.conf import settings +from django.core.management import call_command + +def main(): + if not settings.configured: + module_root = path.dirname(path.realpath(__file__)) + + settings.configure( + DEBUG = False, + INSTALLED_APPS = ( + 'private_storage', + ), + ) + + if django.VERSION >= (1,7): + django.setup() + + makemessages() + +def makemessages(): + os.chdir('private_storage') + call_command('makemessages', locale=('en', 'nl'), verbosity=1) + +if __name__ == '__main__': + main() diff --git a/private_storage/__init__.py b/private_storage/__init__.py new file mode 100644 index 0000000..5b52daa --- /dev/null +++ b/private_storage/__init__.py @@ -0,0 +1,2 @@ +# following PEP 440 +__version__ = "1.0" diff --git a/private_storage/appconfig.py b/private_storage/appconfig.py new file mode 100644 index 0000000..1f715e4 --- /dev/null +++ b/private_storage/appconfig.py @@ -0,0 +1,8 @@ +from django.conf import settings + +PRIVATE_STORAGE_ROOT = getattr(settings, 'PRIVATE_STORAGE_ROOT', None) +PRIVATE_STORAGE_SERVER = getattr(settings, 'PRIVATE_STORAGE_SERVER', 'django') +PRIVATE_STORAGE_AUTH_FUNCTION = getattr(settings, 'PRIVATE_STORAGE_AUTH_FUNCTION', 'apps.utils.private_storage.permissions.allow_superuser') + +# For Nginx X-Accel-Redirect +PRIVATE_STORAGE_INTERNAL_URL = getattr(settings, 'PRIVATE_STORAGE_INTERNAL_URL', '/private-x-accel-redirect/') diff --git a/private_storage/fields.py b/private_storage/fields.py new file mode 100644 index 0000000..0496542 --- /dev/null +++ b/private_storage/fields.py @@ -0,0 +1,62 @@ +#-*- coding: utf-8 -*- +from __future__ import unicode_literals +import os +from django.core.exceptions import ValidationError +from django.core.files.uploadedfile import UploadedFile +from django.db import models +from django.template.defaultfilters import filesizeformat +from django.utils.encoding import smart_str +from django.utils.translation import ugettext_lazy as _ +from .storage import private_storage + + +class PrivateFileField(models.FileField): + """ + Filefield with private storage, custom filename and size checks. + + Extra settings: + - ``upload_subfolder``: a lambda to find the subfolder, depending on the instance. + - ``content_types``: list of allowed content types. + - ``max_file_size``: maximum file size. + """ + + def __init__(self, *args, **kwargs): + self._upload = kwargs.pop('upload_subfolder', None) + self.content_types = kwargs.pop("content_types", None) or () + self.max_file_size = kwargs.pop("max_file_size", None) + + kwargs.setdefault('storage', private_storage) + if self._upload: + kwargs.setdefault('upload_to', 'uploads') # shut up warnings from Django 1.6- model validation + super(PrivateFileField, self).__init__(*args, **kwargs) + + def clean(self, *args, **kwargs): + data = super(PrivateFileField, self).clean(*args, **kwargs) + file = data.file + if isinstance(file, UploadedFile): + # content_type is only available for uploaded files, + # and not for files which are already stored in the model. + content_type = file.content_type + + if self.content_types and content_type not in self.content_types: + raise ValidationError(_('Filetype not supported.')) + + if self.max_file_size and file.size > self.max_file_size: + raise ValidationError(_('Please keep the file size under {max_size}, the uploaded file is {cur_size}').format( + max_size=filesizeformat(self.max_upload_size), + cur_size=filesizeformat(file.size) + )) + + return data + + def generate_filename(self, instance, filename): + subdir_func = self._upload + if subdir_func: + subdirs = [self.storage.get_valid_name(dir) for dir in subdir_func(instance)] + else: + subdirs = [self.upload_to] + + if not subdirs: + subdirs = [self.get_directory_name()] + dirs = list(subdirs) + [self.get_filename(filename)] + return smart_str(os.path.join(*dirs)) diff --git a/private_storage/locale/en/LC_MESSAGES/django.po b/private_storage/locale/en/LC_MESSAGES/django.po new file mode 100644 index 0000000..4c293bb --- /dev/null +++ b/private_storage/locale/en/LC_MESSAGES/django.po @@ -0,0 +1,28 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2016-10-06 16:02+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: fields.py:42 +msgid "Filetype not supported." +msgstr "" + +#: fields.py:45 +#, python-brace-format +msgid "" +"Please keep the file size under {max_size}, the uploaded file is {cur_size}" +msgstr "" diff --git a/private_storage/locale/nl/LC_MESSAGES/django.po b/private_storage/locale/nl/LC_MESSAGES/django.po new file mode 100644 index 0000000..79bb7ff --- /dev/null +++ b/private_storage/locale/nl/LC_MESSAGES/django.po @@ -0,0 +1,29 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2016-10-06 16:02+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: fields.py:42 +msgid "Filetype not supported." +msgstr "" + +#: fields.py:45 +#, python-brace-format +msgid "" +"Please keep the file size under {max_size}, the uploaded file is {cur_size}" +msgstr "" diff --git a/private_storage/models.py b/private_storage/models.py new file mode 100644 index 0000000..d5b7796 --- /dev/null +++ b/private_storage/models.py @@ -0,0 +1,31 @@ +import mimetypes +import os + +from django.utils.functional import cached_property + + +class PrivateFile(object): + """ + A wrapper object that describes the file that is being accessed. + """ + + def __init__(self, request, storage, relative_name): + self.request = request + self.storage = storage + self.relative_name = relative_name + + @cached_property + def full_path(self): + # Not using self.storage.open() as the X-Sendfile needs a normal path. + return self.storage.path(self.relative_name) + + def exists(self): + return os.path.exists(self.full_path) + + @cached_property + def content_type(self): + """ + Return the HTTP ``Content-Type`` header value for a filename. + """ + mimetype, encoding = mimetypes.guess_type(self.full_path) + return mimetype or 'application/octet-stream' diff --git a/private_storage/permissions.py b/private_storage/permissions.py new file mode 100644 index 0000000..46dcbe4 --- /dev/null +++ b/private_storage/permissions.py @@ -0,0 +1,17 @@ +""" +Possible functions for the ``PRIVATE_STORAGE_AUTH_FUNCTION`` setting. +""" + + +def allow_authenticated(private_file): + return private_file.request.user.is_authenticated() + + +def allow_staff(private_file): + request = private_file.request + return request.user.is_authenticated() and request.user.is_staff + + +def allow_superuser(private_file): + request = private_file.request + return request.user.is_authenticated() and request.user.is_superuser diff --git a/private_storage/servers.py b/private_storage/servers.py new file mode 100644 index 0000000..10a5a29 --- /dev/null +++ b/private_storage/servers.py @@ -0,0 +1,77 @@ +""" +Sending files efficiently for different kind of webservers. +""" +import os + +from django.conf import settings +from django.core.exceptions import ImproperlyConfigured +from django.http import HttpResponse +from django.utils.lru_cache import lru_cache +from django.views.static import serve + +from .utils import import_symbol + + +@lru_cache() +def get_server_class(path): + if '.' in path: + return import_symbol(path) + elif path == 'django': + return DjangoServer() + elif path == 'apache': + return ApacheXSendfileServer + elif path == 'nginx': + return NginxXAccelRedirectServer + else: + raise ImproperlyConfigured( + "PRIVATE_STORAGE_SERVER setting should be 'nginx', 'apache', 'django' or a python class path." + ) + + +class DjangoServer(object): + """ + Serve static files from the local filesystem through Django. + This is a bad idea for most situations other than testing. + The file data is copied multiple times; read by Django, written to WSGI, + read by webserver, outputted to client. + """ + + @staticmethod + def serve(private_file): + # This supports If-Modified-Since and sends the file in 8KB chunks + return serve(private_file.request, private_file.full_path, document_root='/', show_indexes=False) + + +class ApacheXSendfileServer(object): + """ + Serve files for Apache with ``X-Sendfile``. + """ + + @staticmethod + def serve(private_file): + response = HttpResponse() + response['X-Sendfile'] = private_file.full_path + response['Content-Type'] = private_file.content_type + return response + + +class NginxXAccelRedirectServer(object): + """ + Serve the files for Nginx with ``X-Accel-Redirect``. + Add the following configuration:: + + location /private-x-accel-redirect/ ( + internal; + alias /home/user/my/path/to/private/media/; + ) + + Or update the ``PRIVATE_STORAGE_INTERNAL_URL`` setting to use a different URL prefix. + """ + + @staticmethod + def serve(private_file): + internal_url = os.path.join(settings.PRIVATE_STORAGE_INTERNAL_URL, private_file.relative_name) + response = HttpResponse() + response['X-Accel-Redirect'] = internal_url + response['Content-Type'] = private_file.content_type + return response diff --git a/private_storage/storage.py b/private_storage/storage.py new file mode 100644 index 0000000..78deebe --- /dev/null +++ b/private_storage/storage.py @@ -0,0 +1,36 @@ +""" +Django Storage interface +""" +from django.core.files.storage import FileSystemStorage +from django.core.urlresolvers import reverse_lazy +from . import appconfig + +__all__ = ( + 'private_storage', + 'PrivateStorage', +) + + +class PrivateStorage(FileSystemStorage): + """ + Interface to the Django storage system, + storing the files in a private folder. + """ + def __init__(self, location=None, base_url=None, **kwargs): + if location is None: + location = appconfig.PRIVATE_STORAGE_ROOT + + super(PrivateStorage, self).__init__( + location=location, + base_url=base_url, + **kwargs + ) + if base_url is None: + # When base_url is not given, it's autodetected. + # However, as the super method checks for base_url.endswith('/'), + # the attribute is overwritten here to avoid breaking lazy evaluation. + self.base_url = reverse_lazy('serve_private_file', kwargs={'path': ''}) + + +# Singleton instance. +private_storage = PrivateStorage() diff --git a/private_storage/urls.py b/private_storage/urls.py new file mode 100644 index 0000000..4635cb8 --- /dev/null +++ b/private_storage/urls.py @@ -0,0 +1,6 @@ +from django.conf.urls import url +from .views import PrivateStorageView + +urlpatterns = [ + url(r'^(?P.*)$', PrivateStorageView.as_view(), name='serve_private_file'), +] diff --git a/private_storage/utils.py b/private_storage/utils.py new file mode 100644 index 0000000..a8550b6 --- /dev/null +++ b/private_storage/utils.py @@ -0,0 +1,27 @@ +from django.core.exceptions import ImproperlyConfigured + +try: + from importlib import import_module # Python 2.7+ +except ImportError: + from django.utils.importlib import import_module + + +def import_symbol(import_path): + """ + Import a class or attribute by name. + """ + try: + dot = import_path.rindex('.') + except ValueError: + raise ImproperlyConfigured("{0} isn't a Python path.".format(import_path)) + + module, classname = import_path[:dot], import_path[dot + 1:] + try: + mod = import_module(module) + except ImportError as e: + raise ImproperlyConfigured('Error importing module {0}: "{1}"'.format(module, e)) + + try: + return getattr(mod, classname) + except AttributeError: + raise ImproperlyConfigured('Module "{0}" does not define a "{1}" class.'.format(module, classname)) diff --git a/private_storage/views.py b/private_storage/views.py new file mode 100644 index 0000000..6ff4d6b --- /dev/null +++ b/private_storage/views.py @@ -0,0 +1,52 @@ +""" +Views to send private files. +""" +from django.http import HttpResponseForbidden, Http404 +from django.views.generic import View + +from . import appconfig +from .servers import get_server_class, PrivateFile +from .storage import private_storage +from .utils import import_symbol + + +class PrivateStorageView(View): + """ + Return the uploaded files + """ + + #: The storage class to retrieve files from + storage = private_storage + + #: The authorisation rule for accessing + can_access_file = import_symbol(appconfig.PRIVATE_STORAGE_AUTH_FUNCTION) + + #: Import the server class once + server_class = get_server_class(appconfig.PRIVATE_STORAGE_SERVER) + + def get(self, request, *args, **kwargs): + """ + Handle incoming GET requests + """ + # Wrap all relevant data in a single object, + # so this is easy to extend and server implementations can pick what they need. + private_file = PrivateFile( + request=self.request, + storage=self.storage, + relative_name=self.kwargs['path'] + ) + + if not self.can_access_file(private_file): + return HttpResponseForbidden('Private storage access denied') + + if not private_file.exists(): + raise Http404("File not found") + + return self.serve_file(private_file) + + def serve_file(self, private_file): + """ + Serve the file that was retrieved from the storage. + The relative path can be found in ``self.kwargs['path']``. + """ + return self.server_class().serve(private_file) diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..412d336 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,3 @@ +[wheel] +# create "py2.py3-none-any.whl" package +universal = 1 diff --git a/setup.py b/setup.py new file mode 100755 index 0000000..ed48557 --- /dev/null +++ b/setup.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python +from setuptools import setup, find_packages +from os import path +import codecs +import os +import re +import sys + + +# When creating the sdist, make sure the django.mo file also exists: +if 'sdist' in sys.argv or 'develop' in sys.argv: + os.chdir('private_storage') + try: + from django.core import management + management.call_command('compilemessages', stdout=sys.stderr, verbosity=1) + except ImportError: + if 'sdist' in sys.argv: + raise + finally: + os.chdir('..') + + +def read(*parts): + file_path = path.join(path.dirname(__file__), *parts) + return codecs.open(file_path, encoding='utf-8').read() + + +def find_version(*parts): + version_file = read(*parts) + version_match = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]", version_file, re.M) + if version_match: + return str(version_match.group(1)) + raise RuntimeError("Unable to find version string.") + + +setup( + name='django-private-storage', + version=find_version('private_storage', '__init__.py'), + license='Apache 2.0', + + install_requires=[], + requires=[ + 'Django (>=1.6)', + ], + + description='Private media file storage for Django projects', + long_description=read('README.rst'), + + author='Diederik van der Boor', + author_email='opensource@edoburu.nl', + + url='https://github.com/edoburu/django-private-storage', + download_url='https://github.com/edoburu/django-private-storage/zipball/master', + + packages=find_packages(exclude=('example*',)), + include_package_data=True, + + #test_suite = 'runtests', + zip_safe=False, + classifiers=[ + 'Development Status :: 4 - Beta', + 'Environment :: Web Environment', + 'Framework :: Django', + 'Intended Audience :: Developers', + 'License :: OSI Approved :: Apache Software License', + 'Operating System :: OS Independent', + 'Programming Language :: Python', + 'Programming Language :: Python :: 2.7', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.3', + 'Programming Language :: Python :: 3.4', + 'Framework :: Django', + 'Framework :: Django :: 1.6', + 'Framework :: Django :: 1.7', + 'Framework :: Django :: 1.8', + 'Topic :: Internet :: WWW/HTTP', + 'Topic :: Internet :: WWW/HTTP :: Dynamic Content', + 'Topic :: Software Development :: Libraries :: Application Frameworks', + 'Topic :: Software Development :: Libraries :: Python Modules', + ] +)