API for serving files from filestore

A question for plugins developers. I am working on an API that will allow us to serve any asset from filestore (inline or as attachment). It is currently a plugin, but once I have received enough feedback, I will be making a PR to core. https://github.com/hypeJunction/Elgg-proxy

The new API will have a single handler, so plugins will no longer need to implement handlers a-la icondirect.php. The URL of the handler will include the path to the file relative to dataroot, so this will ultimately expose the directory structure on filestore. Does anyone use sensitive user/identifying information as directory names on filestore? Any opposition to using such approach?

The URL will be something like:

https://hj.dev/mod/proxy/e0/l1447268209/di/kc/KMlO-oRuC9q-9Bepu6zYRKYAPJLEp2e2-SaFXQm1oL4/1/43/ads/1447268210giphy.gif

e = expiration time (0 for no expiration)

l = last modified time

d = disposition (inline or attachment)

HMAC signature of the request

path to file on filestore

 

Feedback and Planning

Feedback and Planning

Discussions about the past, present, and future of Elgg and this community site.