feat: implement protected media serving and permission checks for adventure images

2025-01-18 17:03:03 -05:00
parent f10e171a8e
commit 433599dc20
7 changed files with 130 additions and 55 deletions
--- a/backend/nginx.conf
+++ b/backend/nginx.conf
@@ -19,7 +19,7 @@ http {
    }

    server {
-        listen 80;  # NGINX listens on port 80 inside the container
+        listen 80;
        server_name localhost;

        location / {
@@ -34,8 +34,12 @@ http {
            alias /code/staticfiles/;  # Serve static files directly
        }

-        location /media/ {
-            alias /code/media/;  # Serve media files directly
+        # Serve protected media files with X-Accel-Redirect
+        location /protectedMedia/ {
+            internal; # Only internal requests are allowed
+            alias /code/media/;  # This should match Django MEDIA_ROOT
+            try_files $uri =404; # Return a 404 if the file doesn't exist
        }
+
    }
-}
+}