I have MySQL database - 3 tables
- session table containing: id seq, email, UUID, lastUpdate (timestamp for refreshing session)
- users-data table containing: id seq, email, encrypted pass, firstname, lastname, age, favorite drink
- user_images table containing: id seq, email, image_path
Users are able to signup, login (with a HttpOnly session cookie), and upload images (1 at a time for now)
All user images are stored in dir: user_images on server File System while the file paths are stored in DB. When an user signs up, a new dir is created using their user_data table id e.g. user_id_6 inside user_images dir and subsequent image uploads are placed inside this dir.
When an user successfully logs in, they are directed to the info page and I wish to display all of their images in succession. I get the paths from the DB, and then put it in string slice, pass it to an html page
In the html template, I range over this slice and set for a list of images
Now there are 2 problems that I would appreciate any advice/help:
-
the src attribute string has “” escaped and becomes something like src=“user_images%5cuser_id_6%5cdog.jpg”
Is there any way to prevent the escaping of the forward slashes? How to go about dynamically setting the src attribute of the image tag in Go? -
The files themselves are inaccessible via paths unless they are hosted on a http.FileServer
Is there a way to either:
a. only server can access the served files and no one outside connected can access them so that I can serve the entire user_images dir and pick the right images to serve or
b. add authentication to the file server so the user with valid session can only access the images in the corresponding dir (to their user_id) but no one else’s
Thanks