2021-11-06 03:02:31 +00:00
|
|
|
defmodule LiveBeatsWeb.FileController do
|
2021-11-15 18:06:04 +00:00
|
|
|
@moduledoc """
|
|
|
|
|
Serves files based on short-term token grants.
|
|
|
|
|
"""
|
2021-11-06 03:02:31 +00:00
|
|
|
use LiveBeatsWeb, :controller
|
|
|
|
|
|
|
|
|
|
alias LiveBeats.MediaLibrary
|
|
|
|
|
|
|
|
|
|
def show(conn, %{"id" => filename_uuid, "token" => token}) do
|
2021-11-16 20:54:40 +00:00
|
|
|
case Phoenix.Token.verify(conn, "file", token, max_age: :timer.minutes(1)) do
|
2021-11-12 03:42:10 +00:00
|
|
|
{:ok, ^filename_uuid} -> do_send_file(conn, MediaLibrary.local_filepath(filename_uuid))
|
2021-11-06 03:02:31 +00:00
|
|
|
{:ok, _} -> send_resp(conn, :unauthorized, "")
|
|
|
|
|
{:error, _} -> send_resp(conn, :unauthorized, "")
|
2021-11-12 03:42:10 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
defp do_send_file(conn, path) do
|
|
|
|
|
# accept-ranges headers required for chrome to seek via currentTime
|
|
|
|
|
conn
|
2021-11-15 18:06:04 +00:00
|
|
|
|> put_resp_header("content-type", MIME.from_path(path))
|
2021-11-12 03:42:10 +00:00
|
|
|
|> put_resp_header("accept-ranges", "bytes")
|
|
|
|
|
|> send_file(200, path)
|
2021-11-06 03:02:31 +00:00
|
|
|
end
|
|
|
|
|
end
|
