Files served through /user require a session

[dpatti]

This was one of my goals in the filesystem redesign that I completely missed. I think that the ability to use wget or curl instead of relying on the browser to download would be extremely useful for testing. Unfortunately, I have it set up so that if you do not have a login session (as you wouldn't in wget/curl), a 404 error is returned.

I think that serving the input files directly through nginx is the only real solution. We can either make the URI something like /input/dpatti_foobaz.in or if you believe that isn't secure enough, we can do /input/<user hash>_foobaz.in.

[vamega]

<user_hash> may not be such a great idea. Instead perhaps we can generate one time links to download each file. Just generate a random string of numbers and give it to them to download the file. Then it's simply a matter of looking up the key from the database. So a single query with a single where clause. Then forward that back to nginx using x-accel-redirect,

[dpatti]

I think it would be best to avoid database lookups, but we can still keep the folders isolated through the use of HttpRewriteModule in nginx. I originally wanted the URI to be the same each time; this way it would be very simple to run the same wget to just fetch the new inputs to the same location so you don't have to mess around with multiple file names. These were just my opinions as a participant last month.

[vamega]

I'm not sure how this ties into issue #16

[dpatti]

Some ideas for storage schemes

Per User

Each user has his own folder in media, which contains files uploaded by or relevant to him.

media
 |- dpatti
 |   |- resume.pdf
 |   |- input
 |   |   |- lasers.in
 |   |   |- battleships.in
 |   |
 |   |- attempts
 |       |- input_1
 |       |- source_1
 |       |- diff_1
 |
 |- jrock

In this, the input folder would be publicly facing (rewrite as /input/(\w+)/ by nginx). The diffs and resume would be accessible via X-Accel-Redirect through Django and nginx. The attempts folder would contain all inputs, sources, and diffs, and the latter would be accessed through the /user/diff// as it is now to maintain security and remove the need of a database lookup.

Per Type

Each type has its own folder in media, and the user files are thrown together.

media
 |- resumes
 |   |- dpatti_DougPatti.pdf
 |- input
 |   |- dpatti_lasers.in
 |   |- dpatti_battleships.in
 |- output
 |   |- lasers
 |       |- dpatti_1
 |       |- dpatti_2
 |- sourcecode
 |   |- lasers
 |       |- dpatti_1.rb
 |       |- dpatti_2.rb
 |- diffs
     |- dpatti_1
     |- dpatti_2

Here, the media/input/ folder is publicly facing (no rewrite rule necessary, though still possible). The output and sourcecode folders would simply be off limits. The diffs folder would, likewise, be accessed via /user/diff/, which translates into /diffs/_ and keeps isolation.

Changing Input Names

Using the latter of the above, but structure input as such:

media
 |- input
     |- dpatti_96ffcd7.in
     |- dpatti_c579a14.in

In which case, the names of the files change every time and aren't very descriptive. I don't really see any upside to this, aside from the fact that automatic browser downloading won't affix a (1) to the filename. On the downside, you would have to change your input source each time or rename the file after it is downloaded. I guess it comes down to how important keeping input files separated is.

Of course, maybe you guys think I'm completely crazy and this is entirely a non-issue, but I'll leave my comments here regardless.