I am interested in using Django for a side project, and was wondering how well it would align with the following goals. Any helpful resources and tips would be much appreciated Smile

* Authentication of users
* Drag and drop of files into "quarantine" server filesystem where they can be scanned for malware
* Download of said files once virus check has completed

Thanks in advance Smile

This post seems useful to me: https://iq.opengenus.org/file-hosting-service-in-django/
django.contrib.auth will cover most of your authentication needs, though if you want to do some kind of SSO based on another system it will be a little more involved.

To handle quarantining files, I'd probably go for a task queue (like Celery) where you have a Django model with a FileField for each file and an additional "safe" field that starts out set to "unsafe." On upload you can queue a task to scan a file which sets the flag to "safe" on success.

To limit access to scanned files, then you'd want a view that only permits access to a file (by primary key to the database row corresponding to the file in a filesystem) if it's marked as safe. Something like django-downloadview would be useful for doing so efficiently, or if you were using some kind of object storage system (S3 or similar) you could take advantage of signed URLs or other ACLs to only provide access to the resources only once they've been marked as safe.
Thanks Tari, I was able to successfully do all of that. I ended up using django-tables2 for limiting access as it was really easy to tie the model into the table view.

The next problem I am having is this: I am using an apache2 server for production, and am wondering how to properly manage uploading/downloading of non-static files. Just wondering if anyone had any experience with this Smile
As described in the Managing Files section of the Django documentation, uploads are handled by a Storage implementation where the default one uses the local filesystem. It stores files in the path specified by your MEDIA_ROOT setting and generates URLs referring to them at MEDIA_URL.

It's up to you to ensure the things stored in your Storage are available at MEDIA_URL, which usually works in the same sort of way as static files (that are part of your application). That usually means setting up a subdomain or path on the same domain in your frontend server that serves files from your MEDIA_ROOT- security best practices would usually say that should be on another domain that doesn't share cookies with your main one (so malicious uploads can't steal secrets from your clients) but that may or may not be very important for your application.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement