Static files based on authorisation

[James O' Driscoll]

I am using webpack to create bundles for my app, controller/function renders a view that’s has a script tag with a src to a bundle in static folder.

However I would like only logged in users to be able to access the bundle.

I have tried to include the ja file, this works but it slows performance.

Any ideas.

[Dave S]

Normally, static files are just served.  This is done based on your routes.py and its definition of a static path, and hand;ed in gluon/rewrite.py (where the default definition of a static path is defined).  You can adjust routes.py so that paths for your bundle don't match, or you can put your bundle elsewhere.  Then you need to consider how to serve the bundles, which might be through a controller (which can use @auth()) to imitate the static path.  Check out the download() function, too.

If you're using Rocket for your front-end, that's about all that's easy to do.   If you have another front end, like nginx, then you can intercept the paths there and handle the authentication in the front end.  (For SSL auth, the usual technique is, AIUI, to have the front end to the real authentication and then pass a token or a basic auth (via rewrite) to web2py.  I still have to learn this trick, though, so my understanding is limited.)

Good luck!

/dps

[James O' Driscoll]

Would you have any sample code for your potential solutions?

I was thinking about using another controller for the bundle. But how would you do this in practice ie sample code.

Additionally I will be implementing code splitting very soon where my bundle will be split into 3-4 smaller bundles.

How would you achieve this? Surely you wouldn’t use a controller per bundle.

Thanks