Allow users to play mp3 files but don't expose them directly on the web

I want to store some mp3s in a folder which is not public, can't be directly accessed through the web and allow users to hear/download the songs with a brows开发者_C百科er only if they are logged in.

How can I do that?

I do my web development with Django, but if I know how it works is enough.

You first need to setup authentication. The django tutorials thoroughly explore this.

You don't' link the mp3's directly, You link to a django script that checks the auth, then reads the mp3 and serves it to the client with a mp3 content type header.

http://yourserver.com/listen?file=Fat+Boys+Greatest+Hits

I assume you use django. Then you can try something like this:

from django.conf import settings
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse


@login_required
def listen(request, file_name):
    # note that MP3_STORAGE should not be in MEDIA_ROOT
    file = open("%smp3/%s" % (settings.MP3_STORAGE, file_name))
    response = HttpResponse(file.read(), mimetype="audio/mpeg")
    return response

Note that you will get dramatic speed decrease. Using generator to read file in blocks may help to save memory.

Lazy Method for Reading Big File in Python?

• File outside of public access (not in MEDIA_URL folders)
• Check if user logged in
• Serve files only via a view, with unique links for every user

Pseudocode:

class Mp3(models.Model):
    file = models.FileField(upload_to=path_outside_of_public_access)
    hash = models.CharField(unique=True)


def generate_link_hash(request, file):
    return hashlib.md5("%s_%i_%s_%s" % (request.session.session_key, file.id, str(file.date_added), file.hash)) # or however u like


def files_list(request)
    """ view to show files list """
    for file in files:
        file.link_hash = generate_link_hash(request, file)


@login_required
def download_file(request, file_hash, link_hash):
    """ view to download file """
    file = Mp3.objects.get(hash=file_hash)
    if link_hash == generate_link_hash(request, file):
        file = open(file.file)
        return HttpResponse(file.read(), mimetype="audio/mpeg")
    else:
        raise Http404

Should do the job enough, but remember - what is once accessed, you have no control where it goes from now on. And that every file download needs reading the file through the app (it's not given statically), which will affect the performance of your app.