Implement authentication for private images
Description
Adds role-based authentication to verify image access. It first tries to find the image locally (after authentication), then
redirects to the equivalent cdli.ucla.edu
URL. This is for testing, and should not even matter the moment it goes live.
Type of PR
This PR is a feature.
Technicalities
nginx
- adds an
auth_request
to all routes starting with/dl
, which sets off an request to an internal location - this location extracts the artifact ID from the image filename and sends a request to CakePHP at route
/artifacts/auth-image/:id
- if the authentication request is successful, it checks for the file locally and if unavailable redirects to the live CDLI site
CakePHP
- adds a route and action for authenticating images (
/artifacts/auth-image/:id
) - if the artifact does not exist in the database, it returns immediately; because nginx does not handle 404 responses it returns 200 and lets nginx/cdli.ucla.edu handle the 404
- if the artifact exists and images are public, it returns 200 immediately
- if the artifact exists and images are not public, but the current user has role 1 (admin), 2 (editor) or 7 (can view private images), it returns 200 immediately
- else, it returns 403 (forbidden) if the user has logged in 401 (unauthorized) if the user is not logged in
Tests
- Log out:
- Go to http://localhost:2354/dl/tn_photo/P273210.jpg (returns image)
- Go to http://localhost:2354/dl/lineart/P200721_l.jpg (returns 401)
- Log in (and give yourself an admin role):
- Go to http://localhost:2354/dl/lineart/P200721_l.jpg (redirects to
cdli.ucla.edu
)
- Go to http://localhost:2354/dl/lineart/P200721_l.jpg (redirects to
Checklist:
-
My pull request has a descriptive title (not a vague title like "Update index.md
"). -
My pull request targets the phoenix/develop
branch of the repository. -
My commit messages follow best practices. -
My code follows the established code style of the repository. -
I tried running the project locally and verified that there are no visible errors.