authenticated flash upload using merb-auth and dm-paperclip

May 7th, 2009Uncategorized

In order to get multiple file upload working, we decided to use flash. The problem with the flash upload library we used (uploadify — another alternative is swfupload), is that they both don’t send the session cookie to the server.

Since we have to authenticate our image uploads, we needed to get around this by following 2 steps:

  1. install the rack middleware from below (original code by Angel Pizarro, found via thewebfellas)
  2. send the raw cookie data as query parameter keyed by your apps session_id_key
# Merb.root/lib/rack/flash_upload.rb
module Merb
  module Rack
    class SetSessionCookieFromFlash < Merb::Rack::Middleware
      # :api: private
      def initialize(app, session_key = '_session_id')
        super(app)
        @session_key = session_key
      end
      # :api: plugin
      def call(env)
        if env["HTTP_USER_AGENT"] =~ /^(Adobe|Shockwave) Flash/
          params = Merb::Parse.query(env['QUERY_STRING'])
          if params[@session_key]
            env['HTTP_COOKIE'] = [@session_key, params[@session_key]].join('=').freeze
          end
        end
        @app.call(env)
      end
    end
  end
end

# Merb.root/config/rack.rb
require 'rack/flash_upload'
use Merb::Rack::SetSessionCookieFromFlash, Merb::Config[:session_id_key]

Tags: ,

Trackback URI.



Leave a Reply

Formatting: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>