Backend Development
Python Tutorial
Python's Flask framework and Nginx implement static file access restriction functions
Python's Flask framework and Nginx implement static file access restriction functions
Nginx configuration
Ngnix, a high-performance web server, is undoubtedly the darling of the moment. Excellent performance, flexible and scalable, conquering cities and conquering the world in the server field.
Static files are an integral part of most websites. Using Nginx to process static files is also a common way. However, some static files we do not expose to any user under any circumstances. For example, some files provided for users to download, some pictures uploaded by users that involve user privacy, etc. We want users to be able to access it when they are logged in, but not visible to users who are not logged in.
For rough processing, the back-end program can perform filtering. When rendering the page, the user login is verified in the view logic, and then the corresponding page is returned. For example, the following flask code (pseudocode)
@app.router('/user/idcard'):
def user_idcard_page():
if user is login:
return '<img src="http://files.jb51.net/upload/user/xxx.png'>"
else:
reutrn '<p>Pemission Denied<p>', 403
But there is another problem with this kind of processing. Static files are processed by nginx. If the hacker finds the absolute address of the file, directly visit http://www.example.com/upload/user/xxx.png It's also possible. It just so happens that these files involve user privacy, such as ID photos uploaded by users. Then the coders don't want the media to report the next day that the well-known website XXX has a vulnerability and that Hacker obtained the user's ID card and other information.
In order to achieve such restrictions, you can use a small function of Nginx----XSendfile. The principle is also relatively simple, probably using request redirection.
We know that if you use Nginx as a reverse proxy for the server front-end, when a request comes in, nginx will catch it first, and then forward it to the back-end program for processing according to the rules, or directly process and return. The former handles some dynamic logic, while the latter mostly handles static files. Therefore, in the above example, if the absolute address of the static file is directly accessed, Nginx will return it directly without calling the user_idcard_page of the backend for logical restrictions.
In order to solve this problem, the XSendfile function provided by nginx simply uses the internal directive. This instruction indicates that only internal requests, that is, requests forwarded by the backend, will be accepted. In the back-end view logic, the X-Accel-Redirect header information needs to be explicitly written.
The pseudo code is as follows:
location /upload/(.*) {
alias /vagrant/;
internal;
}
@app.router('upload/<filename>')
@login_required
def upload_file(filename):
response = make_response()
response['Content-Type'] = 'application/png'
response['X-Accel-Redirect'] = '/vagrant/upload/%s' % filename
return response
After such processing, static resources can be redirected. This kind of usage is relatively common, and many download servers can use this method to handle downloads based on user permissions.
Flask
Flask is my favorite web framework. Flask even implements a sendfile method, which is simpler than the above method. I used Vagrant to make a virtual machine and used Flask to achieve the above requirements. The specific code is as follows:
Project Structure
project struct project app.py templates static 0.jpeg upload 0.jpeg
nginx configuration nginx conf
web.conf
server {
listen 80 default_server;
# server_name localhost;
server_name 192.168.33.10;
location / {
proxy_pass http://127.0.0.1:8888;
proxy_redirect off;
proxy_set_header Host $host:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 正常的静态文件
location /static/(.*) {
root /vagrant/;
}
# 用户上传的文件,需要做权限限制
location /upload/(.*) {
alias /vagrant/;
internal; # 只接受内部请求的指令
}
}
Flask code
app.py
from functools import wraps
from flask import Flask, render_template, redirect, url_for, session, send_file
app = Flask(__name__)
app.config['SECRET_KEY'] = 'you never guess'
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if not session.get('login'):
return redirect(url_for('login', next=request.url))
return f(*args, **kwargs)
return decorated_function
@app.route('/')
def index():
return 'index'
@app.route('/user')
@login_required
def user():
return render_template('upload.html')
# 用户上传的文件视图处理,在此处返回请求给nginx
@app.route('/upload/<filename>')
@login_required
def upload(filename):
return send_file('upload/{}'.format(filename))
@app.route('/login')
def login():
session['login'] = True
return 'log in'
@app.route('/logout')
def logout():
session['login'] = False
return 'log out'
if __name__ == '__main__':
app.run(debug=True)
Simple deployment
gunicorn -w4 -b0.0.0.0:8888 app:app --access-logfile access.log --error-logfile error.log
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Is the conversion speed fast when converting XML to PDF on mobile phone?
Apr 02, 2025 pm 10:09 PM
The speed of mobile XML to PDF depends on the following factors: the complexity of XML structure. Mobile hardware configuration conversion method (library, algorithm) code quality optimization methods (select efficient libraries, optimize algorithms, cache data, and utilize multi-threading). Overall, there is no absolute answer and it needs to be optimized according to the specific situation.
Is there any mobile app that can convert XML into PDF?
Apr 02, 2025 pm 08:54 PM
An application that converts XML directly to PDF cannot be found because they are two fundamentally different formats. XML is used to store data, while PDF is used to display documents. To complete the transformation, you can use programming languages and libraries such as Python and ReportLab to parse XML data and generate PDF documents.
How to control the size of XML converted to images?
Apr 02, 2025 pm 07:24 PM
To generate images through XML, you need to use graph libraries (such as Pillow and JFreeChart) as bridges to generate images based on metadata (size, color) in XML. The key to controlling the size of the image is to adjust the values of the <width> and <height> tags in XML. However, in practical applications, the complexity of XML structure, the fineness of graph drawing, the speed of image generation and memory consumption, and the selection of image formats all have an impact on the generated image size. Therefore, it is necessary to have a deep understanding of XML structure, proficient in the graphics library, and consider factors such as optimization algorithms and image format selection.
How to convert XML files to PDF on your phone?
Apr 02, 2025 pm 10:12 PM
It is impossible to complete XML to PDF conversion directly on your phone with a single application. It is necessary to use cloud services, which can be achieved through two steps: 1. Convert XML to PDF in the cloud, 2. Access or download the converted PDF file on the mobile phone.
What is the function of C language sum?
Apr 03, 2025 pm 02:21 PM
There is no built-in sum function in C language, so it needs to be written by yourself. Sum can be achieved by traversing the array and accumulating elements: Loop version: Sum is calculated using for loop and array length. Pointer version: Use pointers to point to array elements, and efficient summing is achieved through self-increment pointers. Dynamically allocate array version: Dynamically allocate arrays and manage memory yourself, ensuring that allocated memory is freed to prevent memory leaks.
How to open xml format
Apr 02, 2025 pm 09:00 PM
Use most text editors to open XML files; if you need a more intuitive tree display, you can use an XML editor, such as Oxygen XML Editor or XMLSpy; if you process XML data in a program, you need to use a programming language (such as Python) and XML libraries (such as xml.etree.ElementTree) to parse.
What is the process of converting XML into images?
Apr 02, 2025 pm 08:24 PM
To convert XML images, you need to determine the XML data structure first, then select a suitable graphical library (such as Python's matplotlib) and method, select a visualization strategy based on the data structure, consider the data volume and image format, perform batch processing or use efficient libraries, and finally save it as PNG, JPEG, or SVG according to the needs.
Recommended XML formatting tool
Apr 02, 2025 pm 09:03 PM
XML formatting tools can type code according to rules to improve readability and understanding. When selecting a tool, pay attention to customization capabilities, handling of special circumstances, performance and ease of use. Commonly used tool types include online tools, IDE plug-ins, and command-line tools.
