downloads

This is a simple and fairly thin extension that makes it easy to protect file downloads using nginx’s internal redirects. It works something like this:

• You upload a file using the admin interface and grant access to a couple of reader groups. The file is stored outside the /public folder and can’t be reached with a web browser
• A thin public-facing controller takes download requests and checks them against group membership
• If you’re not allowed, it redirects you to reader login or just tells you off
• If you are allowed, it returns an attachment-download response pointing to a fictional address in /secure_download but with the `X-Accel-Redirect` header set to the real address of your file
• Your nginx configuration intercepts the `X-Accel-Redirect` header, ignores the request address and returns the file
• Your web browser reads the request address and gets the right file name
• Your nginx configuration also makes sure that typing in the /secure_download address doesn’t g