use external URL as path for downloadable product

  • Posts: 14
  • Thank you received: 0
7 years 9 months ago #242909

-- HikaShop version -- : 2.6.3
-- Joomla version -- : 3.5.1
-- PHP version -- : 5.6.22
-- Browser(s) name and version -- : Chrome 51.0

It is a good feature of Hikashop to allow selling downloadable products, such as e-book, or zip files.

However, when adding a downloadable product, Hikashop ONLY allows files uploaded via hikashop, there is no way to add files that on external servers, such as "cloud storage". I think this is not good.

My suggestions to improve this feature:

Allow to directly input an external URL as the path for the downloadable product.

Than means, hikashop should allows both LOCAL and REMOTE files for downloadable products. On the "adding files" dialog, you can show two Tabs, one for local files which will be select and upload, or drag and drop to upload; one for remote files, which will be directly input the exact full URL.

Why we need such a feature? Because if you sell a lot of files, especially very big files, you will want to store them on remote cloud storage, which will save both disk space and band width for you. And since many cloud storage has "whitelist to prevent leaking/hotlinking", such an URL will not do any harm to your profit.

Thank you.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13036
  • MODERATOR
7 years 9 months ago #242922

Hi,

Having the possibility to just enter an external URL would allow any buyer to get the link of the download file.
The cloud storage systems to prevent that do exist, but then you need to integrate with the APi of the cloud storage system and it's a lot more than just adding an input field in the interface of HikaShop. Especially since each cloud storage system has a different API for secure downloads.
That's why for now we only allow the files to be locally stored as it's the simplest and most secure way of selling downloads.

Please Log in or Create an account to join the conversation.

  • Posts: 14
  • Thank you received: 0
7 years 9 months ago #243001

It seems that you did not know how the "whitelist" of cloud storage works.

The user does NOT need any special API or special scripts to do so. He just input his own website "domain name" into the "whitelist" input box of the cloud storage, then save, and now everything is OK. The cloud server will handle the download request. If that request is not from the specified domain name, the downloading request will be rejected.

That is to say, even if I tell you the directly link to that file, you can not download it with "just input the URL into browser and hit enter". You can only get the file after you click on the "download" button on my own website, but that button will only be visible after you purchase this product on Hikashop component.

Maybe "some other " cloud storage work in the way you mentioned, but my cloud storage, the "Aliyun.com" cloud storage in China, works in the way I described above. I can ensure this because I AM using this service NOW.

I just need an option in Hikashop to link the download link/button to my remote file.

Thank you.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13036
  • MODERATOR
7 years 9 months ago #243006

I don't see how they could guarantee that.
If you display a link on your website and someone clicks on that link, or if you put the link on this forum and someone clicks on that link, the only different thing is the referer sent to the cloud server by the browser.
But the referer can easily be forced.
For example, with that Chrome extension : chrome.google.com/webstore/detail/refere...ojoidoihckciin?hl=en
So I just have to change the referer for that link to your domain name, and your cloud server won't be able to see any difference between the link on your website and the link on this forum.
Furthermore, doing it like this creates another problem: the link that is sent to the customer by email won't have your website as referer when the customer clicks on it from the email notification, and thus your cloud server will refuse it (and you can ask normal customers to add an extension to their brower to force the referer so that the download link can work).

So I don't see how that would be a solution even for you. It would actually make it worst as the download link in the emails wouldn't work anymore.

Please Log in or Create an account to join the conversation.

  • Posts: 14
  • Thank you received: 0
7 years 9 months ago #243102

Ok, let us take one step back: what if I want to offer several FREE files among many other non-free files, and I want to store those free files on a cloud storage? Why you can not provide an "option" for such a situation?

Let us suppose that just as you said, the "whitelist" method is NOT secure, then, I think a positive solution is not "just reject remote files", instead, you can consider to develop some "ingration plugins" to let Hikashop work with remote files ( and these plugins uses API to avoid referrer bypass/cheating).

I hope you will understand that: users , at least some users, they DO have such a feature request, they want to sell files that had been uploaded and stored on a remote cloud storage.

Thank you.

Please Log in or Create an account to join the conversation.

  • Posts: 14
  • Thank you received: 0
7 years 9 months ago #243103

PS: what is the point of sending the download link inside email? Why not just let the buyer download files directly from the page where they clicked "buy now" button, which will be turned into "download now" button after they finish the payment?

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13036
  • MODERATOR
7 years 9 months ago #243109

Hi,

If you want to provide free files, you can directly put the links in the product description or in a custom product field that would display on the product page. You don't need to use the files system of HikaShop.

Let us suppose that just as you said, the "whitelist" method is NOT secure, then, I think a positive solution is not "just reject remote files", instead, you can consider to develop some "ingration plugins" to let Hikashop work with remote files ( and these plugins uses API to avoid referrer bypass/cheating).

I totally agree with you. We could indeed develop plugins to integrate with the different cloud APIs for that.
It's actually in the todo list. I was just explaining you why that wasn't the case (each API is different, can be a lot of work, other priorities so far, etc).

PS: what is the point of sending the download link inside email? Why not just let the buyer download files directly from the page where they clicked "buy now" button, which will be turned into "download now" button after they finish the payment?

I personnally don't care. Both methods are fine with me and we propose both: download link in the email, and download link on the order details page of the frontend, and even in the downloads area of the HikaShop user control panel). Some merchants and customers do want the download link in the emails, which is why we added it. If you don't want it, you can always edit the emails and remove the links there.

Please Log in or Create an account to join the conversation.

  • Posts: 14
  • Thank you received: 0
7 years 9 months ago #243134

You did not get my point.

I mean: there are always some users want this option to "use remote file path" as the file product. Even I know there is something people can use to bypass the "whitelist protection", I DO need such a feature.

Even when you ONLY allows local files, you can not prevent people "share" the e-book they had bought to some else who never paid to you. So, rejecting remote file can not increase your profit. Instead, you just increased the difficulty of managing big amount of files.

When I say "buy now button turned into download button", I mean : On the "product detail" page, not on the "user control panel" or "download area". Unfortunately, I did not find this feature on HikaShop v2.6.3. It always show "add to cart" button, even when the current user had already bought that product. I hope Hikashop will show "download now" to the user who had already bought it , on the product detail page.

Let me emphasize again: ON THE PRODUCT DETAIL PAGE. Hope you can understand what I mean this time. Sorry for my bad English if you still can not read me.

I am glad to know you are planning to develop some plugins to integrate with cloud storage. I want to add some suggestions to this feature: one plugin for one cloud storage, so they can be choose by users to enable or not, based on the cloud storage they acturally use.

Do you have an option such as "show download link in notification email or not" ? If not, please add such an option. I would like to not include the download link in the email. I prefer to ask the buyer come to my website and click the Download Now button on the PRODUCT DETAIL page.

Thank you.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13036
  • MODERATOR
7 years 9 months ago #243371

Hi,

So, rejecting remote file can not increase your profit. Instead, you just increased the difficulty of managing big amount of files.

It's not that we're rejecting them. It's just that it's not supported for now as we didn't see any reason to add it. Thank you for your feedback on that. We'll see if we can add it in a future version.

When I say "buy now button turned into download button", I mean : On the "product detail" page, not on the "user control panel" or "download area".

There is no such system for now. I see why you mean. It could indeed be interesting to add that in the future.

I want to add some suggestions to this feature: one plugin for one cloud storage, so they can be

That's what we were thinking about actually.

Do you have an option such as "show download link in notification email or not" ? If not, please add such an option. I would like to not include the download link in the email.

There is no option. But as I said, you can customize the emails and removing the download links from them is really easy. It's just a matter of removing the tag {LINEVAR:PRODUCT_DOWNLOAD} from the email HTML version when you edit the emails via the menu System>Emails.

Please Log in or Create an account to join the conversation.

  • Posts: 12
  • Thank you received: 1
7 years 5 months ago #251401

ahhhh -

so this is why I cannot put my S3 bucket url in the "Upload secure folder" in config.

I would encourage hikashop to add a S3 "plugin/option" like your competitors (joobi, woocomerace) offer. It is even worth paying for.

As I have 100gb of downloadable files (on S3) I really do not want to pay (more) to host them on my site instance.

So I guess it is back to trying to create the "expiring link" plugin.

I like hikashop but the lack of S3 integration may cause me to switch solutions.

still, think hika is a great product. Thanks.

pitney

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13036
  • MODERATOR
7 years 5 months ago #251421

Hi,

Thank you for your feedback.

Please Log in or Create an account to join the conversation.

  • Posts: 14
  • Thank you received: 0
7 years 5 months ago #251716

hi, nicolas,

There is many more remote storage like Amazon S3. For example, the one I used in China, is a cloud storage like S3 but not the same name.

So I think, it is time to consider add the feature I had suggested above:

Allow the user manually input the (external) URL of a file for download

This is better than developing a specific plugin for S3, because any kind of cloud storage can use this feature.

Thank you.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13036
  • MODERATOR
7 years 5 months ago #251758

Hi,

It's already possible to enter a link for an external file in the settings of a product.
See:
I add a link to the product as a file:
take.ms/Rpq0R
I do a purchase of that product and display the details of that order:
take.ms/cjvdb
I click on the download link of the file and get redirected to the download link I put for that file:
take.ms/fQQaV

But as I said, if you do that, any buyer can easily share the real link of your files by looking at the real link their browser receives when they click on the download link, like I did in my third capture. That's why I also said that it would be better to have a specific for each cloud storage system to be able to security store and retrieve downloads.

Please Log in or Create an account to join the conversation.

  • Posts: 12
  • Thank you received: 1
7 years 4 months ago #254474

For those who are here because you are using AWS...

I am successfully using this workaround:

I have attached a 100gb EBS volume to my EC2 instance as /data,
(note: it is outside of my doc/root but appears "local" to hikashop)
changed my hikashop secure folder to this location,
stuffed /data full of my downloadable files,
adjusted file names via import,
and files download via hikashop!

all for $0.77/month!

pitney
(who can skin dogs many ways...)

Please Log in or Create an account to join the conversation.

  • Posts: 43
  • Thank you received: 3
7 years 3 weeks ago #263914

Hello there. I am trying to add an external URL of a pdf file (wich contains only a manual of the product and its free).

As soon as I try to save, I get the "cannot find file" error.

It is strange as I was able to do so in te past!

please advise what to do because downloading all manuals and uploading them to our web server is out of the question.

Please Log in or Create an account to join the conversation.

  • Posts: 81361
  • Thank you received: 13036
  • MODERATOR
7 years 3 weeks ago #263931

Hi,

I've tried that with HikaShop 3 and it worked just fine, without any error.
I've also searched for that error message but I couldn't find it in HikaShop nor in Joomla.
Is that really the exact and complete error message you have ? Because if that's the case I don't see where that is coming from but it's not from us.

Please Log in or Create an account to join the conversation.

  • Posts: 224
  • Thank you received: 8
6 years 3 weeks ago #288987

For those who are here because you are using AWS...

I am successfully using this workaround:

I have attached a 100gb EBS volume to my EC2 instance as /data,
(note: it is outside of my doc/root but appears "local" to hikashop)
changed my hikashop secure folder to this location,
stuffed /data full of my downloadable files,
adjusted file names via import,
and files download via hikashop!

all for $0.77/month!

pitney
(who can skin dogs many ways...)


Hi, could you elaborate a little more on how to do this?
I already use Amazon S3 but I don't understand whne you say
I have attached a 100gb EBS volume to my EC2 instance as /data,
(note: it is outside of my doc/root but appears "local" to hikashop)


Thank you!

Please Log in or Create an account to join the conversation.

  • Posts: 12
  • Thank you received: 1
6 years 2 weeks ago #289576

Hello -

Sorry for the delay but I was traveling back from China.

Hikashop cannot use an "external" drive to access files that you want to sell.
S3 is considered an external drive to Hikashop.
(think of S3 as in another part of Amazon)
(the S3 API would have to be written to by Hikashop to allow this)

What I do is add an EBS volume (such as /data) to my EC2 instance which runs Joomla and Hikashop.
I then copy my product files from S3 to the EBS volume.
Hikashop will then "see" the EBS volume as being "local" and will download files from it either after a sale or as a "free" product.

I then tell Hikashop to use the EBS volume for finding product files using the "import" function (csv).
(adding directly from the product page can give inconsistent results (and I have 1,000s of entries)
Likely you will have to experiment to get it to work.

This EBS workaround costs more than S3 but is not that expensive.

Hopefully this points you in the right direction.
I will again be traveling without good net connections.
Let me know if you need more assistance.

pitney

Please Log in or Create an account to join the conversation.

  • Posts: 224
  • Thank you received: 8
6 years 2 weeks ago #289609

Thanks Pitney for all this info!
if I understand correctly for this to work my site should be hosted on Amazon then... I'll look into it

Please Log in or Create an account to join the conversation.

Time to create page: 0.105 seconds
Powered by Kunena Forum