How to reject file uploads before data transfer has completed?

I'm building a Rails application with file upload functionality and only authenticated users are allowed to upload files. The file uploa开发者_JS百科d form is in the members only area but since it is easy enough to grab the upload URL and attempt to post data from a script I am concerned about unauthenticated file upload submissions. Sure the upload would get rejected but only after the data transfer has completed and valuable bandwidth got wasted. How can I reject unauthenticated file uploads before the entire form has been submitted to my server? Since I can't control users using scripts or CURL this would require some sort of server side solution. I appreciate any feedback. Thanks.

This is a simple pseudo-code on what you could do.. The before_filter is executed before the action is executed (upload_form_action being the upload form page, and upload_action being the page that recieves the file

allowed_to_upload should be helper/function/etc that returns true/false, if it's false, it will render 403 unauthorized, otherwise it will just skimp on.

before_filter :check_upload, :only => [:upload_form_action, :upload_action]

protected
  def check_upload
    render :nothing, :status => 403 and return unless allowed_to_upload
  end