I've been using a method for serving downloads but since it was not secure i decided to change that . ( the method was a link to the original file in storage , but the risk was that everyone with the link could have downloaded the file ! ) so i now serve the file via my views , that way only users with permission can download the file , but i'm noticing a high load on server while there is many simultaneous download requests for the files. here's part of my code that handles downloads for users ( Consider the file is an image )
image = Image.open ("the path to file") response = HttpResponse(mimetype = 'image/png' ) response['Content-Disposition'] = 'attachment: filename=%s.png' % filename image.save(response , "png") return response
is there any better ways for serving files while keeping the security and lowering server side load ? thanks in advance :)
Your opening of the image loads it in memory and this is what causes the increase in load under heavy use. As posted by Martin the real solution is to serve the file directly.
Here is another approach, which will stream your file in chunks without loading it in memory.
import os import mimetypes from django.http import StreamingHttpResponse from django.core.servers.basehttp import FileWrapper def download_file(request): the_file = '/some/file/name.png' filename = os.path.basename(the_file) chunk_size = 8192 response = StreamingHttpResponse(FileWrapper(open(the_file, 'rb'), chunk_size), content_type=mimetypes.guess_type(the_file)) response['Content-Length'] = os.path.getsize(the_file) response['Content-Disposition'] = "attachment; filename=%s" % filename return response
You can use the 'sendfile' method as described in this answer.
Practically you need this (c&p):
response = HttpResponse(mimetype='application/force-download') response['Content-Disposition'] = 'attachment; filename=%s' % smart_str(file_name) response['X-Sendfile'] = smart_str(path_to_file) # It's usually a good idea to set the 'Content-Length' header too. # You can also set any other required headers: Cache-Control, etc. return response