Quick Start
===========

1. Django settings set up **settings.py**:

.. code-block:: python

    INSTALLED_APPS = (
        ...
        'nginx_secure_links',
        ...
    )
    MEDIA_ROOT = '/var/www/media/'
    MEDIA_URL = '/media/'
    DEFAULT_FILE_STORAGE = 'nginx_secure_links.storages.FileStorage'
    SECURE_LINK_SECRET_KEY = 'KfM6aA6M7H'

2. Create a private file inside your ``settings.MEDIA_ROOT``:

.. code-block:: bash

    echo "I'm private text file" > /var/www/media/sample.txt

3. Let's start ``runserver`` and access the file outside of Django file storage.
It works and the file is available.
There is no access denied, because of ``runserver`` mode:

.. code-block:: bash

    curl http://127.0.0.1:8000/media/sample.txt

4. Set up Nginx virtual host file **site.conf**:

.. code-block:: nginx

    server 127.0.0.1;
    listen 80;

    ...

    location /media/ {
        secure_link $arg_token,$arg_expires;
        secure_link_md5 "$secure_link_expires$uri KfM6aA6M7H";

        if ($secure_link = "") {
            return 403;
        }

        if ($secure_link = "0") {
            return 410;
        }

        alias /var/www/media/;
    }

    ...

5. Let's access the file through Nginx host/port.

.. code-block:: bash

    curl http://127.0.0.1/media/sample.txt

Because of Nginx secure link module protection, the file won't be served
without ``?token=...&expires=...`` parameters. Only django users will be able
to access files which urls generated by django storage.

Usage
=====

**models.py**

.. code-block:: python

    class Report(models.Model):
        pdf_file = models.FileField(upload_to='reports')

**views.py**

.. code-block:: python

    def report_details(request, report_id)
        instance = Report.objects.get(id=report_id)
        return JsonResponse({'url': instance.pdf_file.url})

**json response**

.. code-block:: json

    {
      "url": "/media/reports/29974.pdf?expires=1599214310&token=ErLcMm96-4h2qsuj2Avo-w"
    }


That's it, all uploaded media files through Django will be pre-signed.
If you work locally and do not want to install Nginx, let's skip it for
local development- django will generate pre-signed urls, but all files will be
available because of ``runserver`` command serves files and does not provide
3rd-party ``nginx-secure-link`` module functionality.