On Wednesday, 11 January 2023 at 18:56:47 UTC, eXodiquas wrote:
> Hello everyone,
I build a web tool that allows people to upload some files. Those files should not be public, so I copy them into a folder hidden away on the filesystem. But, I want an authenticated user to be able to look at them. Those files are PDFs and mp3/4s. So my idea was to use an iframe
with a src="path/to/file"
but this is not working, because vibed wants to map it to a route but there is and there should be none. Is there a way to use iframes in this way, or do I need to approach this problem differently?
Thanks in advance.
eXo
You will probably need to write a custom route handler that handles some authentication and returns files in response to a user.
Since vibe.d routes handled in order you will need to add such route before generic '*' route.
Take a look at this example
https://vibed.org/docs#http-routing
You can probably just write a handler like addUser for router.get('*', serveMyFiles) and write your own file handling logic.
// PSEUDOCODE
// use this handler in router.get('*', serveMyFiles)
void serveMyFiles(HTTPServerRequest req, HTTPServerResponse res)
{
enforceHTTP("file" in req.form, HTTPStatus.badRequest, "No file specified.");
// don't just use raw input from the user, users can access your whole filesystem with some hackery!!
res.writeBody(readfile("/users/"~req.form["file"]));
}