[Mongrel] secure downloads

Kevin Williams kevwil at gmail.com
Wed Jun 21 12:14:31 EDT 2006


module ApplicationHelper

  def lighttpd_download_url( file )
    secret = 'foobar'
    uri_prefix = '/dl/'
    t = Time.now.to_i.to_s( base=16 )
    hash = Digest::MD5.new( "#{secret}/#{file}#{t}" )
    "#{uri_prefix}#{hash}/#{t}/#{file}"
  end

  def mongrel_download_url( file )
    require 'digest/sha1'
    secret = 'foobar'
    uri_prefix = '/dl'
    timestamp = 1.minute.from_now.to_i.to_s( base=16 ) # throws "can't
convert Bignum into String" without the 'to_s'
    token = Digest::SHA1.hexdigest( secret + file + timestamp )
    uri = "#{uri_prefix}/?token=#{token}&relative-path=#{file}&timestamp=#{timestamp}"
  end

end

On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
> That time stamp doesn't look quite right. Can you paste the code used to
> generate the URL?
>
> Josh
>
> Kevin Williams wrote:
> > OK, on WinXP / Ruby 1.8.4 I get an HTTP connection reset error. The
> > download link looks like this:
> >
> > http://localhost:3000/dl/?token=4c927cdb55be0efd4480298659a5e48306aca2c8&relative-path=foo.zip&timestamp=4498c369
> >
> > I get the same error on the Mac.
> >
> >
> > On 6/20/06, Kevin Williams <kevwil at gmail.com> wrote:
> >
> >> I've got Win32, Linux, & Mac - I don't remember which OS to be honest.
> >> I'll go back and test again and try to give you some useful info.
> >>
> >> On 6/20/06, Josh Ferguson <josh at besquared.net> wrote:
> >>
> >>> What OS? The gem is super early beta so it could use a lot of work. I've
> >>> only tested it on win32 which means there could be a whole host of
> >>> errors and bad coding practices for other systems..:)
> >>>
> >>> Josh Ferguson
> >>>
> >>> Kevin Williams wrote:
> >>>
> >>>> Has anyone had any success with the mongrel_secure_download gem? I
> >>>> keep getting "connection reset" errors.
> >>>>
> >>>>
> >>>>
> >>> _______________________________________________
> >>> Mongrel-users mailing list
> >>> Mongrel-users at rubyforge.org
> >>> http://rubyforge.org/mailman/listinfo/mongrel-users
> >>>
> >>>
> >> --
> >> Cheers,
> >>
> >> Kevin
> >>
> >>
> >
> >
> >
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
>


-- 
Cheers,

Kevin


More information about the Mongrel-users mailing list