if (range) // Example: "bytes=0-1023" const [startStr, endStr] = range.replace(/bytes=/, '').split('-'); const start = parseInt(startStr, 10); const end = endStr ? parseInt(endStr, 10) : total - 1; const chunkSize = end - start + 1;
const stream = fs.createReadStream(filePath, start, end ); stream.pipe(res); else // Full download res.writeHead(200, 'Content-Length': total, 'Content-Type': 'application/octet-stream', 'Content-Disposition': `attachment; filename="$path.basename(filePath)"`, 'Accept-Ranges': 'bytes', 'Cache-Control': 'no-store' );
// Simple in‑memory store for demo – replace with DB/Redis in prod const FILES = // fileId: absolutePath 'tarzan-v1.0.0': path.resolve(__dirname, '../files/Tarzan_v1.0.0.zip') ; Tarzan -enlace de descarga normal-
const PORT = process.env.PORT || 3000; app.listen(PORT, () => console.log(`🚀 Server listening on $PORT`));
const expected = crypto .createHmac('sha256', process.env.DOWNLOAD_SECRET) .update(`$fileId:$expires`) .digest('hex'); endStr] = range.replace(/bytes=/
// ---- Helper: validate token ---- function validateToken(token) try const decoded = Buffer.from(token, 'base64url').toString('utf8'); const [fileId, expires, signature] = decoded.split(':'); if (Date.now() / 1000 > Number(expires)) return null; // expired
// server.js require('dotenv').config(); // make sure DOWNLOAD_SECRET is set const express = require('express'); const router: downloadRouter = require('./download'); const start = parseInt(startStr
// ---- Route: GET /download/:fileId ---- router.get('/download/:fileId', downloadLimiter, async (req, res) => const fileId = req.params; const token = req.query.token;
// 1️⃣ Verify token (if you require signed URLs) if (process.env.REQUIRE_SIGNED_URLS === 'true')