mod_auth_token

This week we have implemented mod_auth_token for a special cms installation.

This is how we have done it.

First, we need to create a symbolic link from our original member’s folder – members/galleries/ – to our fake¬†folder – downloads -, inside the domains folder¬†root.

ln -s members/galleries/ downloads

On the video player file this is the PHP code used

// Settings to generate the URI
$secret = "our_secret_key"; // Same as AuthTokenSecret
$protectedPath = "/downloads/"; // Same as AuthTokenPrefix
$ipLimitation = false; // Same as AuthTokenLimitByIp
$hexTime = dechex(time()); // Time in Hexadecimal
//$hexTime = dechex(time()+120); // Link available after 2 minutes
$fileName = '/'.$folder.'/videos/video.mp4'; // The file to access
// Let's generate the token depending if we set AuthTokenLimitByIp
if ($ipLimitation) {
$token = md5($secret . $fileName . $hexTime . $_SERVER['REMOTE_ADDR']);
}
else {
$token = md5($secret . $fileName. $hexTime);
}

// We build the url
$url = $protectedPath . $token. "/" . $hexTime . $fileName;
//echo $url;

And this is the example of the HTML5 video player code

 <?php
video width="800" height="600" controls>
 <source src="http://www.ourdomain.com'.$url.'" type="video/mp4">
 <!-- <source src="'.$url.'video.ogv" type="video/ogv"> --!>
 Your browser does not support the video tag.
 </video>
?>

The code for domain .conf file, for Apache, in this case, a CPanel environment, its located at /usr/local/apache/conf/userdata/std/2_2/ftpuser/www.domain.com/custom.conf

2_2 depends on your Apache version
ftpuser depends on the user that the domain is set up.

<Location /downloads/>
 AuthTokenSecret "our_secret_key"
 AuthTokenPrefix /downloads/
 AuthTokenTimeout 6000
 AuthTokenLimitByIp on
</Location>

On CPanel you might need to rebuild configurations

/scripts/ensure_vhost_includes --all-users

 

Then restart Apache with

service apache restart

or

service httpd restart
Check Apache modules
apache2ctl -M | sort

We need to see ‘auth_token_module (shared)‘.

Some considerations

How to remove a symbolic link?

unlink *fake folder*

Symbolic link must be under ftp user.
How to change?

chown -h owner:owner download