让 Django 提供可下载文件
我希望网站上的用户能够下载路径被遮挡的文件,因此无法直接下载它们。
例如,我希望 URL 是这样的:http://example.com/download/?f=somefile.txt
在服务器上,我知道所有可下载的文件都驻留在服务器上在文件夹 /home/user/files/
中。
有没有办法让 Django 提供该文件以供下载,而不是尝试查找 URL 和视图来显示它?
I want users on the site to be able to download files whose paths are obscured so they cannot be directly downloaded.
For instance, I'd like the URL to be something like this: http://example.com/download/?f=somefile.txt
And on the server, I know that all downloadable files reside in the folder /home/user/files/
.
Is there a way to make Django serve that file for download as opposed to trying to find a URL and View to display it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(15)
我做了一个关于这个的项目。 你可以查看我的 github 仓库:
https://github.com/ nishant-boro/django-rest-framework-download-expert
该模块提供了一种使用 Apache 模块 Xsendfile 在 django Rest 框架中提供文件下载服务的简单方法。 它还具有仅向属于特定组的用户提供下载服务的附加功能
I did a project on this. You can look at my github repo:
https://github.com/nishant-boro/django-rest-framework-download-expert
This module provides a simple way to serve files for download in django rest framework using Apache module Xsendfile. It also has an additional feature of serving downloads only to users belonging to a particular group
上面提到 mod_xsendfile 方法不允许文件名中包含非 ASCII 字符。
出于这个原因,我有一个适用于 mod_xsendfile 的补丁,只要名称经过 url 编码,并且附加标头:
也可以发送
,该补丁将允许发送任何文件。 http://ben.timby.com/?p=149
It was mentioned above that the mod_xsendfile method does not allow for non-ASCII characters in filenames.
For this reason, I have a patch available for mod_xsendfile that will allow any file to be sent, as long as the name is url encoded, and the additional header:
Is sent as well.
http://ben.timby.com/?p=149
尝试: https://pypi.python.org/pypi/django-sendfile/
“一旦 Django 检查了权限等,就将文件上传抽象到网络服务器(例如 Apache 和 mod_xsendfile)。”
Try: https://pypi.python.org/pypi/django-sendfile/
"Abstraction to offload file uploads to web-server (e.g. Apache with mod_xsendfile) once Django has checked permissions etc."
您应该在生产中使用 apache 或 nginx 等流行服务器提供的 sendfile api。 多年来我一直使用这些服务器的 sendfile api 来保护文件。 然后为此目的创建了一个简单的基于中间件的 django 应用程序,适合开发和使用。 生产目的。 您可以在此处访问源代码。
更新:在新版本中,
python
提供程序使用 djangoFileResponse
(如果可用),并且还添加了对从 lighthttp、caddy 到 hiawatha 的许多服务器实现的支持用法
fileprovider
应用添加到INSTALLED_APPS
设置,fileprovider.middleware.FileProviderMiddleware
添加到MIDDLEWARE_CLASSES
设置FILEPROVIDER_NAME
在生产环境中设置为nginx
或apache
,默认为python
用于开发目的。在基于类的视图或函数视图中,将响应标头 X-File 值设置为文件的绝对路径。 例如:
django-fileprovider
的实现方式使您的代码只需要最少的修改。Nginx 配置
要保护文件不被直接访问,您可以将配置设置为
此处
nginx
设置位置 url/files/
仅在内部访问,如果您使用上述配置,您可以将X-File
设置为:通过使用 nginx 配置执行此操作,该文件将受到保护并保存在 X-File 中。 您还可以从 django
views
控制文件You should use sendfile apis given by popular servers like
apache
ornginx
in production. For many years I was using the sendfile api of these servers for protecting files. Then created a simple middleware based django app for this purpose suitable for both development & production purposes. You can access the source code here.UPDATE: in new version
python
provider uses djangoFileResponse
if available and also adds support for many server implementations from lighthttp, caddy to hiawathaUsage
fileprovider
app toINSTALLED_APPS
settings,fileprovider.middleware.FileProviderMiddleware
toMIDDLEWARE_CLASSES
settingsFILEPROVIDER_NAME
settings tonginx
orapache
in production, by default it ispython
for development purpose.in your class-based or function views, set the response header
X-File
value to the absolute path of the file. For example:django-fileprovider
implemented in a way that your code will need only minimum modification.Nginx configuration
To protect file from direct access you can set the configuration as
Here
nginx
sets a location url/files/
only access internaly, if you are using above configuration you can setX-File
as:By doing this with nginx configuration, the file will be protected & also you can control the file from django
views
另一个值得一看的项目: http://readthedocs.org /docs/django-private-files/en/latest/usage.html
看起来很有希望,但我自己还没有测试过。
基本上,该项目抽象了 mod_xsendfile 配置并允许您执行以下操作:
Another project to have a look at: http://readthedocs.org/docs/django-private-files/en/latest/usage.html
Looks promissing, haven't tested it myself yet tho.
Basically the project abstracts the mod_xsendfile configuration and allows you to do things like:
Django 建议您使用另一台服务器来提供静态媒体(在同一台计算机上运行另一台服务器就可以了。)他们建议使用诸如 lighttp。
设置起来非常简单。 然而。 如果“somefile.txt”是根据请求生成的(内容是动态的),那么您可能希望 django 为其提供服务。
Django 文档 - 静态文件
Django recommend that you use another server to serve static media (another server running on the same machine is fine.) They recommend the use of such servers as lighttp.
This is very simple to set up. However. if 'somefile.txt' is generated on request (content is dynamic) then you may want django to serve it.
Django Docs - Static Files
我不止一次遇到同样的问题,因此使用 xsendfile 模块和 auth 视图装饰器实现 django-filelibrary。 请随意使用它作为您自己的解决方案的灵感。
https://github.com/danielsokolowski/django-filelibrary
I have faced the same problem more then once and so implemented using xsendfile module and auth view decorators the django-filelibrary. Feel free to use it as inspiration for your own solution.
https://github.com/danielsokolowski/django-filelibrary
使用 https://github.com/johnsensible/django-sendfile 提供对静态 html 文件夹的受保护访问:https://gist.github.com/iutinvg/9907731
Providing protected access to static html folder using https://github.com/johnsensible/django-sendfile: https://gist.github.com/iutinvg/9907731
对于非常简单但效率不高或可扩展的解决方案,您可以仅使用内置的 django
serve
视图。 这对于快速原型或一次性工作非常有用,但正如本问题中所提到的,您应该在生产中使用 apache 或 nginx 之类的东西。For a very simple but not efficient or scalable solution, you can just use the built in django
serve
view. This is excellent for quick prototypes or one-off work, but as has been mentioned throughout this question, you should use something like apache or nginx in production.“下载”只是 HTTP 标头的更改。
请参阅 http://docs.djangoproject.com/en/dev/ref/request-response/#telling-the-browser-to-treat-the-response-as-a-file-attachment 了解如何响应下载。
您只需要为
"/download"
定义一个 URL。请求的
GET
或POST
字典将包含"f=somefile.txt"
信息。您的视图函数将简单地将基本路径与“
f
”值合并,打开文件,创建并返回响应对象。 它应该少于 12 行代码。A "download" is simply an HTTP header change.
See http://docs.djangoproject.com/en/dev/ref/request-response/#telling-the-browser-to-treat-the-response-as-a-file-attachment for how to respond with a download.
You only need one URL definition for
"/download"
.The request's
GET
orPOST
dictionary will have the"f=somefile.txt"
information.Your view function will simply merge the base path with the "
f
" value, open the file, create and return a response object. It should be less than 12 lines of code.S.Lott 拥有“好”/简单的解决方案,elo80ka 拥有“最佳”/高效的解决方案。 这是一个“更好”/中间的解决方案 - 无需服务器设置,但对于大文件比天真的修复更有效:
http://djangosnippets.org/snippets/365/
基本上,Django 仍然处理文件服务,但不会立即将整个文件加载到内存中。 这允许您的服务器(缓慢地)提供大文件,而不会增加内存使用量。
同样,S.Lott 的 X-SendFile 对于较大的文件来说仍然更好。 但是,如果您不能或不想为此烦恼,那么这种中间解决方案将为您带来更高的效率,而无需麻烦。
S.Lott has the "good"/simple solution, and elo80ka has the "best"/efficient solution. Here is a "better"/middle solution - no server setup, but more efficient for large files than the naive fix:
http://djangosnippets.org/snippets/365/
Basically, Django still handles serving the file but does not load the whole thing into memory at once. This allows your server to (slowly) serve a big file without ramping up the memory usage.
Again, S.Lott's X-SendFile is still better for larger files. But if you can't or don't want to bother with that, then this middle solution will gain you better efficiency without the hassle.
只需提及 Django 1.10 中可用的 FileResponse 对象
编辑:在寻找通过 Django 流式传输文件的简单方法时刚刚遇到了我自己的答案,所以这里是一个更完整的示例(给未来的我)。 假设 FileField 名称为
imported_file
views.py
urls.py
Just mentioning the FileResponse object available in Django 1.10
Edit: Just ran into my own answer while searching for an easy way to stream files via Django, so here is a more complete example (to future me). It assumes that the FileField name is
imported_file
views.py
urls.py
尝试过 @Rocketmonkeys 解决方案,但下载的文件被存储为 *.bin 并给出随机名称。 这当然不好。 添加来自 @elo80ka 的另一行解决了问题。
这是我现在使用的代码:
您现在可以将文件存储在私有目录中(不在 /media 或 /public_html 内),并通过 django 将它们公开给某些用户或在某些情况下。
希望能帮助到你。
感谢@elo80ka、@S.Lott 和 @Rocketmonkeys 的解答,得到了结合所有这些的完美解决方案 =)
Tried @Rocketmonkeys solution but downloaded files were being stored as *.bin and given random names. That's not fine of course. Adding another line from @elo80ka solved the problem.
Here is the code I'm using now:
You can now store files in a private directory (not inside /media nor /public_html) and expose them via django to certain users or under certain circumstances.
Hope it helps.
Thanks to @elo80ka, @S.Lott and @Rocketmonkeys for the answers, got the perfect solution combining all of them =)
为了实现“两全其美”,您可以将 S.Lott 的解决方案与 xsendfile 模块:django 生成文件的路径(或文件本身) ,但实际的文件服务是由 Apache/Lighttpd 处理的。 设置 mod_xsendfile 后,与视图集成需要几行代码:
当然,只有当您可以控制服务器,或者您的托管公司已经设置了 mod_xsendfile 时,这才有效。
编辑:
编辑:
对于
nginx
检查这个,它使用 X-Accel-Redirect 而不是 apache X-Sendfile 标头。For the "best of both worlds" you could combine S.Lott's solution with the xsendfile module: django generates the path to the file (or the file itself), but the actual file serving is handled by Apache/Lighttpd. Once you've set up mod_xsendfile, integrating with your view takes a few lines of code:
Of course, this will only work if you have control over your server, or your hosting company has mod_xsendfile already set up.
EDIT:
EDIT:
For
nginx
check this, it usesX-Accel-Redirect
instead ofapache
X-Sendfile header.