Thanks Lennon, I just found this page on the lighttpd wiki that suggests that there is a feature available that would be just perfect for my needs.
http://trac.lighttpd.net/trac/wiki/HowToFightDeepLinking from php, they say, you just call: <?php header("X-LIGHTTPD-send-file: /path/to/protected/file"); ?> This sends the file out over the wire, and ignores anything else generated by the php script. So I'm sure something similar can be done in Ruby. Of course, that is a pretty powerful feature, so fastcgi has to be configured to allow it: fastcgi.server = ( ".php" => (( ..., "allow-x-send-file" => "enable" )) ) Now I just have to figure out how to translate the above into Ruby and Rails. This shouldn't be hard, but more importantly, now that I know how it can work, I can build my code around it, and wait to do the implementing once I have time to figure out the lighttpd part. If I have to continue to use Apache, then I'll give the mod_ruby docs a good look. Chris On 12/18/05, Lennon Day-Reynolds <[EMAIL PROTECTED]> wrote: > On 12/18/05, Chris Anderson <[EMAIL PROTECTED]> wrote: > > I'm trying to build an asset server that allows or denies access to > > certain files on a per-user basis. Rails is going to be the expert on > > these users and what they are allowed, but the idea of having the ruby > > process actually serve the files seems like a big drain on resources. > > Is there a way I can have lighthttpd ask Ruby to authenticate > > particular requests (hopefully based on the session cookie), and based > > on the results of the authentication, serve a particular file? Ie, > > instead of responding with a 403, have it serve a file explaining why > > access was denied. > > I'm not sure if this will really work -- lighttpd is reputed to > support FastCGI authentication servers, so you could have a Ruby > process do the auth check, but you're probably going to be stuck with > a 403 message if it fails. > > > I guess I'm wanting the best of both worlds - a file-serving process > > (lighthttpd) to handle moving lots of bits fast, without troubling the > > processor too much, coupled with smart access control and logging from > > Ruby. Maybe there's a best way to do this? I'm thinking about looking > > over the ActionCache source for ideas... hmm... it seems to use > > IO.read, which is not the "bypass Ruby to output the file" method I > > was hoping for. > > Honestly, this kind of close coupling between your static content > server and application is exactly the reason that mod_ruby (and > mod_perl, mod_python, etc.) exist -- with the Apache extension API, > you can plug into any stage of the HTTP transaction. > > If you're not averse to learning a bit about the Apache module > internals, you could probably hack up a mod_ruby based extension that > would do this cleanly. > > Good luck, > > Lennon > _______________________________________________ > PDXRuby mailing list > [email protected] > IRC: #pdx.rb on irc.freenode.net > http://lists.pdxruby.org/mailman/listinfo/pdxruby > -- Chris Anderson http://musicfordozens.com/jchris _______________________________________________ PDXRuby mailing list [email protected] IRC: #pdx.rb on irc.freenode.net http://lists.pdxruby.org/mailman/listinfo/pdxruby
