Getting document path from database and obfuscating access URL
Requirements for this exercise are:
- Access PDF documents using GUID identifiers.
- GUIDs are stored in MuSQL database and point to PDF files on accessible via server file system.
- Users should not be able to get direct URL to PDF file.
The approach used to address the requirements:
- We extend PDF Highlighter functionality with a custom script.
- Document highlighting URLs composed by search application will send GUID as "uri" parameter.
- When handling the highlighting request, PDF Highlighter server invokes our script function "uriToFile" that queries the database, stores file path to short term cache and returns the file to Highlighter.
- We override result document serving path so that HTML5 PDF viewer gets file from PDF Highlighter's "/cached-document" endpoint, passing request "uri" (which is our GUID).
- When handling the "/cached-document" request, PDF Highlighter invokes our "cachedFile" function.
- cachedFile will lookup for file path in cache and return if available. Access to file after the expiration time results with 404 error.