mod_access_url

Give access to urls by signing the url with user credentials.

Categories:

SCM system : Git (git)

Author: Marc Worrell

Project source url: https://github.com/mworrell/mod_access_url.git

This module needs Zotonic 0.11 or newer

URLs are signed using a user specific secret. This secret is stored in the identity table. Accessing a signed url gives access to that single request using all the access permissions of the signing user. Only that single url will be accessible, any other url or request will use the credentials of the requesting user.

URLs signed by this module look like this:

http://example.com/en/page/20652?z_access_url=true&z_access_url_token=jRM4PvTUU65aE
xNCisCG&z_access_url_nonce=MHbsQAUPdTS1U3oTgO8B&z_access_url_sig=IQ00Vrmn1D0JGjKeg
KeP%2FfCoS%2F40XI%2BC2xrqO4xPP%2FA%3D

In the template it can be created by adding the z_access_url argument:

{% url page id=20652 z_access_url %} 

The z_access_url argument is picked up by mod_access_url which then signs the generated url with the z_access_url_noncez_access_url_token and z_access_url_sig arguments. Note that there must be an authenticated user to be able to sign an url.

Installation

Zotonic >= 0.10:
zotonic modules install mod_access_url
Zotonic <= 0.9:
zotonic installmodule mod_access_url
Zotonic <= 0.6:
git clone https://github.com/mworrell/mod_access_url.git mod_access_url

Leave a comment