How to serve files for download and restricting access to them


Which is the way to go If I want to serve files for download with meteor but I want to restrict the access to the files. The service I want to create may resemble owncloud or google drive or dropbox …

Carrying out my research I didn’t find a proper answer. However here are my findings.
(Unfortunately there are hundreds of posts for uploading but not for serving (downloading))

Public folder
Not possible to restrict access to these files.

Base64 string:
Over DDP I can serve files as base64 strings and I can restrict the access very easily. However the drawbacks are that DDP isn’t designed for serving big files and the files cannot be cached by the server.
Explained here: Send PDP from server to client
So this is only for a quick and dirty solution but not satisfying.

CDN like S3:
I can use a CDN like S3 where I can set an expiration policy for S3 ressources but after the expiration I will receive a new url which means that the file cannot be cached by the browser either. Further more I think expiration isn’t an appropriate solution as i want to check the permissions on every request.
Example here: make url link to other url

HTTP Response with picker:
IMHO files are served ideally over http(s). Is meteorhacks/picker the only good solution to serve files over http?

Am I missing out on something?
Or are my findings wrong?
Is there another way to use S3 for servig and restricting file access?
Are there any other solutions (packages) for serving files over http?
Could Meteor-Files be a solution?

Would be curious about any feedback or shared experience :slight_smile:


With Meteor, I would go with S3 & Slingshot. Just use a private bucket policy. Then, you can generate signed download URL’s for specific users on request.


I went with base64 over DDP to a local collection. I had also used HTTP responses before and it performed pretty well. I just wrote it using the built in “WebApp” package from Meteor.


I think this is what I was looking for.
Didn’t know about this built in package but so I won’t need any third party package for handling http requests.