On Wednesday, 11 January 2023 at 18:56:47 UTC, eXodiquas wrote:
Hello everyone,
I build a web tool that allows people to upload some files.
Those files should not be public, so I copy them into a folder
hidden away on the filesystem. But, I want an authenticated
user to be able to look at them. Those files are PDFs and
mp3/4s. So my idea was to use an `iframe` with a
`src="path/to/file"` but this is not working, because vibed
wants to map it to a route but there is and there should be
none. Is there a way to use iframes in this way, or do I need
to approach this problem differently?
Thanks in advance.
eXo
You will probably need to write a custom route handler that
handles some authentication and returns files in response to a
user.
Since vibe.d routes handled in order you will need to add such
route before generic '*' route.
Take a look at this example
https://vibed.org/docs#http-routing
You can probably just write a handler like addUser for
router.get('*', serveMyFiles) and write your own file handling
logic.
```d
// PSEUDOCODE
// use this handler in router.get('*', serveMyFiles)
void serveMyFiles(HTTPServerRequest req, HTTPServerResponse res)
{
enforceHTTP("file" in req.form, HTTPStatus.badRequest, "No file
specified.");
// don't just use raw input from the user, users can access
your whole filesystem with some hackery!!
res.writeBody(readfile("/users/"~req.form["file"]));
}
```
