Cryptostream is a project mainly written in Python, it's free.
Simple protection for media using WSGI and Nginx.
Cryptostream is a WSGI app serving as a very light security layer to protect files. For example, if a user purchases some software, the store app would use this WSGI app to generate a download URL that is only valid for a certain amount of time.
A typical download works like this:
X-Accel-Redirect
header to pass the file directly
to nginx, instead of serving it from within the WSGI app. Source: https://github.com/duointeractive/cryptostream
Launch the main:app using gunicorn::
gunicorn main:app
Application does two things:
To encrypt a url for cryptostream to decode, do something like this within your app::
>> from cryptostream.main import encrypt_url
>> encrypt_url("/foo/bar/")
'path=SQkADU4QBx0%3D&ts=V11XVVFAVFlaVE9AUg%3D%3D'
Then use these as GET keywords to the url cryptostream is running on.
There are two variables in main.py
that control behavior::
# A Plain text encryption key
KEY = 'foobar'
# Maximum time the link will be alive.
LINK_EXPIRE_TDELTA = datetime.timedelta(hours=4)
Sample Nginx Server Config::
server {
listen 80 default;
server_name localhost;
access_log /var/log/nginx/localhost.access.log;
# Serves up jpegs in my picture directory at root
location ~ .(jpg|JPG)$ {
root /home/dylan/Pictures;
}
# Gunicorn running the Cryptostream app
location / {
proxy_pass http://127.0.0.1:8000/;
}
}