如何随机生成文件链接? [英] How do I randomly generate a link to a file?

问题描述

我有一个PDF文件，我不想从我网站上的URL公开访问.作为(轻微)安全层，我想通过电子邮件向用户发送一个唯一的，随机生成的URL，他们可以从中下载PDF，并将其存储在AWS或类似的设备上.

I have a PDF file that I don't want to make publicly accessible from a URL on my site. As a (slight) layer of security, I'd like to email users a unique, randomly generated URL from which they can download the PDF, which I'll be storing on AWS or something similar.

我感觉自己陷入了route.rb监狱，我不知道如何动态生成URL，也不知道如何正确创建随机URL，跟踪它们或将它们链接到本地​​或本地存储的文件中. AWS.

I feel like I'm trapped in routes.rb prison, and I have no idea how to dynamically generate URLs, nor how to properly create random URLs, keep track of them, or link them up to files stored locally or on AWS.

有人对解决此问题有任何建议吗?

Does anyone have any suggestions for approaching this problem?

推荐答案

嗯，是的，我之前已经做过.我假设您将使用诸如 Paperclip 之类的文件上传工具，并创建了一个模型，例如Pdf喜欢:

Ahh yes I've done this before. I'm assuming you'll be using a file upload gem such as Paperclip and created some a model such as Pdf like:

class Pdf < ActiveRecord::Base
  has_attached_file :pdf, storage: :s3
end

这将设置模型，以便您可以将文件上传到该模型，并将其存储在AWS S3中.您目前可能没有这种方式，但是想法是拥有一个数据库记录，您可以在其中引用Pdf的URL以及用户将在不知道真实URL的情况下用于检索它的唯一令牌. strong>

This sets up the model so you can upload a file to it and it will store it in AWS S3. You may not have it this way currently but the idea is to have a database record where you can have a reference to the Pdf's URL and also a unique token your users will use to retrieve it without knowing the real URL.

在Pdf模型中，您应该有一个token:string字段，并在模型中的before_save过滤器中生成唯一的令牌:

In the Pdf model you should have a token:string field and in a before_save filter in the model generate the unique token:

class Pdf < ActiveRecord::Base
  require 'securerandom'
  has_attached_file :pdf, storage: :s3
  before_save :generate_unique_token

  private

  def generate_unique_token
    self.token ||= SecureRandom.hex
  end
end

现在您可以设置一个命名路由:

And now you can set up a named route:

get '/hidden_pdf/:token', to: 'pdfs#get_hidden'

将get_hidden操作添加到Pdfs控制器:

Add the get_hidden action to the Pdfs controller:

class PdfsController < ApplicationController
  def get_hidden
    pdf = Pdf.where(token: params[:token]).first

    if pdf
      # from the pdf model you have access to its real URL and you can send it directly
      data = open pdf.url
      send_data data.read, filename: pdf.pdf_file_name, type: "application/pdf", disposition: 'inline', stream: 'true', buffer_size: '4096'
    else
      # Not found logic here
    end
  end
end

现在，您只需向用户发送URL，例如 myapp.com/pdfs/random-string-here ，当他们访问该用户时，您的应用将通过该令牌在数据库中找到记录，在AWS上提取PDF的真实URL，从中读取数据并强制下载到浏览器，而无需向最终用户显示真实URL.

Now you can just send your users a URL such as myapp.com/pdfs/random-string-here and when they go to it your app will find the record in the database by that token, pull the real URL of the PDF on AWS, read the data from it and force a download to the browser all without ever showing the real URL to the end user.

这篇关于如何随机生成文件链接?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！