0

In my app, the user can select a Youtube video that will be downloaded to MEDIA_ROOT folder and then also made available for the user to download.

Whenever the user chooses another video to download, the previous one is deleted from MEDIA_ROOT. So at any given moment there is only one video sitting in the MEDIA_ROOT folder for a particular user.

Is there any way - apart from implementing user authentication and associating the downloaded files with a user through foreign key, which I feel is an overkill for only this task - of telling the users apart whenever such download request is being made, so that one user's request does not cause the deletion of the file downloaded by some other user (as all the files sit in the same MEDIA_ROOT folder)?

barciewicz
  • 3,511
  • 6
  • 32
  • 72

2 Answers2

1

Assuming you have some sort of web server, you can create custom links that redirect through your web server and pass IP information, etc, so you can distinguish a user before one downloads a video. That is certainly one way of doing it without authentication and since the app/platform that tracks user data is in-house you don't have to worry about foreign keys, etc.

enjoyingthis
  • 11
  • 1
0

You can use cookies to uniquely identify users. Web browsers will keep sending that cookie value to your web server for as long as the web browser's cookie store is not cleared. Make sure to generate an hard to guess value for the web browser to store and you to identify with so that one cannot bruteforce that value and get access to data meant for other users. The common way is to generate say a 32 characters string from a CSPRNG.

You can have a go at this question to find out how to set cookies in Python Django: Django Cookies, how can I set them?

I would personally use built in Django Cookie Sessions: https://docs.djangoproject.com/en/2.2/topics/http/sessions/#using-cookie-based-sessions

lle-bout
  • 20
  • 3