I have a website where users need to see a link to download a file (approximately 100 MB size) only after authenticating (userid/password) themselves in the website. Users should not be able to copy the link and use it later without authentication.
Can a REST API with (Transfer-Encoding: chunked) return such a huge file size without being timed-out?
Note: We currently have java springboot based APIs for some basic functions returning JSON (text) response
How can I prevent the URL from being accessed later without authentication ?
Any approach to generate dynamic URLs which will be valid only for few mins ? Should this logic be in the app server or CMS like Drupal have this feature ?
I am open to store this file in DB or Drupal or a file server as per the recommended approach for securely download the file. This file is not text/image/pdf, it will be a binary file.
Note: My system does not use any Public Cloud like AWS/GCP/Azure
I have an AngularJS app that, upon requested to upload an image, creates a folder inside the file system (CentOS) and then puts that image there, telling the user everything went OK or not.
Is this possible? All I've found is ways to download the file.
Thanks.
It is better to delegate this task to a service on the server, since it is file that is uploading to a server. I put simple rest service to file upload this file to the server.
I have a REST API which use Symfony2. I need to upload a file on my REST API and send this file on an other service. How I can do that?
Thanks
You may want to you use OneupUploaderBundle. It is optimized for a few file upload javascript libraries and it supports Gaufrette, which will upload your file everywhere you want.
Also you can check FineUploader: it sends automatically your file to S3 or Azure.
I have the Google picker set up, as well as Blobstore. I'm able to upload files from my local machine to the Blobstore, but now I have the Picker set up, it works, but I don't know know how to use the info (url? fileid?) to then load that selected file into the Blobstore? Any tips on how to do this? I haven't been able to find much of anything on it on Googles resources
There isn't a direct link between the Google Picker and the App Engine Blobstore. They are kind of different tools for different jobs. The Google Picker is designed as an end user tool, to select data from a users Google account. It just so happens that the Picker also provides an upload interface (to Google Drive) as well. The Blobstore on the other hand, is designed as a blob storage mechanism for your App Engine application.
In theory, you could write a script to connect the two, but there are a few considerations:
Your app would need access to the users Google Drive account using OAuth2. This is necessary, as the Picker API is a client side API, whereas the Blobstore API is a server side API. You would need to send the selected document URL to the server, then download the document and finally save it to Blobstore.
Unless you then deleted the data from Drive (very risky due to point 3), your data would be persisted in 2 places
You cannot know for sure if the user selected an existing file, or uploaded a new one
Not a great user experience - the user things they are uploading to Drive
In essence, this sounds like a bad idea! What is your use case?
#Gwyn - I don't have enough reputation to add a comment to your solution, but I had an idea about problem #3: You cannot know for sure if the user selected an existing file, or uploaded a new one
Would it be possible to use Response.VIEW to see what view they were using when the file was selected? If you have one view constructor for Drive files and one for Upload files, something like
var driveView = new google.picker.View(google.picker.ViewId.DOCS);
var uploadView = new google.picker.DocsUploadView();
would that allow you to know whether the file was a new upload (safe to delete) or an existing file (leave it alone)?
Assuming that you want to pick a file from your own Google Drive and move it to the Blobstore.
1)First you have to perform Oauth for Google Drive API
2)Using the picker when you select a file from drive, you need to get it's id
3)Using the id obtained in step 2 you can programmatically download it using Drive API
4)After downloading the file you can use FileService(deprecated though) to upload the file to the
Blobstore.
Is it possible to send a http upload request a file to a Apache or IIS that will have a fileName with "../" or ".." that wouldn't be rejected and would be passed to php or ASP.Net engine?
Not really the way you are asking. By the time it gets to the server the browser has read the file and delivered it as a chunk of content with no information about where it came from other than the original file name which you can choose to use or discard.
Generally file uploads go into a temporary storage place (e.g. /tmp) and then need to be moved out of there to somewhere which you can control and name.
This storage is configured on the server, and so any attempt to put path info into the filename should also be blocked by the file upload implementation of the server which should sanitise the filenames again if the browser didn't already do so.
If there's a bug then all bets are off though.