i'm new to CouchDB and recently i create download portal using Express. I want to make sure that only authorize users will able to download so i create checking procedure in app.js (using express) like this :
app.get("/download/:id/:file", function (req, res) {
var filename = req.params.file;
var docI= req.params.id;
if(userHasPrivileges()){
db.getAttachment(publicationID, filename, function(err, reply){
// WHAT SHOULD I DO HERE ?
})
}
}
the problem is i can't make cradle.io (https://github.com/cloudhead/cradle#creatingupdating-documents) to send the file directly to user. I don't want to use direct link from database, since it'll make unauthorized user be able to download file. The problem is: i don't really know how to send file that I just get from getAttachment() method to user's browser.
Thx for help
In couchdb, db.getAttachment return a Stream, so you can pipe that stream to http response object:
getAttachment().pipe(httpResponseObject)
Full code:
app.get("/download/:id/:file", function (req, res) {
var filename = req.params.file;
var docI= req.params.id;
if(userHasPrivileges()){
res.attachment(filename);
db.getAttachment(publicationID, filename, function(err){ }).pipe(res);
}
}
If your attachments are big data such as big images, mp3s or videos, you should support range download. Range in headers may allow browsers download/re-download the part they need.