到可供下载的文件控制访问 [英] Control access to files available for download

问题描述

我有一个包含上载的文件，我的ZF应用程序可以吐出来登录的用户的文件夹。我希望他们能够使用像 HTTP链接：//server/documents/filename.pdf 和下载文件，但我希望有一个控制器 DocumentsController ，使现有用户的cookie，以确认他们登录并有权下载的文件。我不希望有使用类似网址的http：//服务器/文件/索引/ ID / 1 如果我没有，但它不是一个可怕选项​​。

I have a folder that contains uploaded documents that my ZF application can spit out to logged in users. I want them to be able to use a link like http://server/documents/filename.pdf and download the file, but I want to have a controller DocumentsController that enables the existing user cookies to verify that they are logged in and have permission to download the file. I don't want to have to use URLs like http://server/documents/index/id/1 if I don't have to, though its not a terrible option.

推荐答案

您可以使用的X SENDFILE，以获得最佳的性能。它是由阿帕奇（mod_xsendfile），Lighttpd的和Nginx的支持。该请求是通过它把一个特殊的头（X-SENDFILE或X-加速重定向为Nginx的），当脚本结束时，Web服务器接管并发送文件就像一个静态文件的PHP程序优先处理。这是速度更快，使用较少的内存。

You can use X-SendFile to obtain the best performance. It is supported by Apache (mod_xsendfile), Lighttpd and Nginx. The request is first handled by a php process which put a special header (X-Sendfile or X-Accel-Redirect for Nginx) and when the script end, the web server take over and send the file like a static file. It is faster and use less memory.

要重定向所有的请求到控制器，你需要写一个自定义路线的引导：

To redirect all the request to your controller, you need to write a custom route in your bootstrap :

protected function _initRouter()
{
    $router = Zend_Controller_Front::getInstance()->getRouter();

    $documentRoute = new Zend_Controller_Router_Route(
        'document/:filename',
        array(
            'action'     => 'xsendfile',
            'controller' => 'documents'
        ),
        array(
            'filename' => '\..+$'
        )
    );
    $router->addRoute('document', $documentRoute );

    return $router;
}

您可以使用此动作助手处理的X-发送文件头：的http：// www.zfsnippets.com/snippets/view/id/27 你需要有code检查，如果用户进行身份验证。

You can use this action helper to handle the x-sendfile header : http://www.zfsnippets.com/snippets/view/id/27 and you need to had code to check if the user is authenticated.

这篇关于到可供下载的文件控制访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！