feat(media): Add media proxy view for serving files securely
This commit is contained in:
warrenchen
parent
1566ba1082
commit
42bfb8a806
@ -263,9 +263,11 @@ STORAGES = {
|
||||
"secret_key": os.environ.get("AWS_SECRET_ACCESS_KEY"),
|
||||
"bucket_name": os.environ.get("AWS_STORAGE_BUCKET_NAME"),
|
||||
"region_name": os.environ.get("AWS_S3_REGION_NAME", default="us-east-1"),
|
||||
"endpoint_url": env_optional("AWS_S3_ENDPOINT_URL"),
|
||||
"default_acl": env_optional("AWS_S3_DEFAULT_ACL"),
|
||||
"querystring_auth": env_bool("AWS_S3_QUERYSTRING_AUTH", default=True),
|
||||
"custom_domain": env_optional("AWS_S3_CUSTOM_DOMAIN"),
|
||||
"url_protocol": os.environ.get("AWS_S3_URL_PROTOCOL", "https:"),
|
||||
},
|
||||
},
|
||||
"staticfiles": {
|
||||
|
||||
@ -9,11 +9,13 @@ from wagtail.documents import urls as wagtaildocs_urls
|
||||
from search import views as search_views
|
||||
from home import views as home_views
|
||||
from base import views as base_views
|
||||
from mysite import views as mysite_views
|
||||
|
||||
urlpatterns = [
|
||||
path("django-admin/", admin.site.urls),
|
||||
path("admin/", include(wagtailadmin_urls)),
|
||||
path("documents/", include(wagtaildocs_urls)),
|
||||
path("media/<path:path>", mysite_views.media_proxy, name="media_proxy"),
|
||||
path("health", base_views.health_check, name="health_check"),
|
||||
# use <str:slug> so Unicode tag slugs (e.g. 台北美食) still resolve
|
||||
path("tags/<str:slug>/", home_views.hashtag_search, name="hashtag_search"),
|
||||
|
||||
25
innovedus_cms/mysite/views.py
Normal file
25
innovedus_cms/mysite/views.py
Normal file
@ -0,0 +1,25 @@
|
||||
import mimetypes
|
||||
import posixpath
|
||||
|
||||
from django.core.exceptions import SuspiciousFileOperation
|
||||
from django.core.files.storage import default_storage
|
||||
from django.http import FileResponse, Http404
|
||||
|
||||
|
||||
def media_proxy(request, path):
|
||||
normalized_path = posixpath.normpath(path).lstrip("/")
|
||||
if (
|
||||
not normalized_path
|
||||
or normalized_path == "."
|
||||
or normalized_path.startswith("../")
|
||||
or path.startswith("/")
|
||||
):
|
||||
raise SuspiciousFileOperation("Invalid media path")
|
||||
|
||||
try:
|
||||
file_obj = default_storage.open(normalized_path, "rb")
|
||||
except FileNotFoundError as exc:
|
||||
raise Http404("Media file not found") from exc
|
||||
|
||||
content_type, _ = mimetypes.guess_type(normalized_path)
|
||||
return FileResponse(file_obj, content_type=content_type)
|
||||
Loading…
x
Reference in New Issue
Block a user