I want to build an app and let user to see some videos just if they have permissions or they paid for that video. I am using Django and I want to add ngnix and gunicorn to serve media files. I am not sure if once the user has the url of the video, how can I block him to not see the video if his payment expired or he doesn't have the permissions. For now I let django to serve the videos and I overwrite the server method and if he doesn't have access to video I return 404.

score:7

Accepted answer

You need to implement the so-called 'X-Sendfile feature'. Let's say your paid-for files will be served from location /protected/ - you need to add to nginx's config:

location /protected/ {
    internal;
    root   /some/path;
}

then when you want to serve your user a file named mycoolflix.mp4 your app needs to add header X-Accel-Redirect: /protected/mycoolflix.mp4 and the file /some/path/protected/mycoolflix.mp4 will be served to the user. More information in the nginx documentation here and here. Serving files from your views is not a good idea - it makes one of your Django processes busy until the download is complete, preventing it from serving other requests.


Related Query