Issue downloading files

ustk

I have heard here someone might use BunnyCDN for product distribution (@d-healey maybe?)
I encounter a strange and annoying issue when trying to download the products from another computer.

First of all, everything works smoothly from my main development computer.
It works nicely too from a VM in this very same computer.

But when using another computer, (being an old mac or the same than my development mac but from a client), download the products leads to a download error this.data.success returns false

The way I handle things is via two plugins from my server.

• one from getting a token secure URL
• one for listing the product folders/assets

so the download from Hise (or from the exported binary) is straight forward.

• set the base URL with the token secure URL
• download the asset I need with the habitual download function.

Trying to download a file from a permanent link in my WP server works, so the issue is with CDN storage only
I have been looking everywhere in the BunnyCDN settings (CDN and Storage) with no clue whatsoever
I use the Token Authentication, but NOT the Token IP Validation, since I know it can lead to issues

So what could be wrong downloading from any other computer than the one used for development?

d.healey

I switched over last month and got my first bill a few days ago, it is sooo much cheaper than Amazon :)

For my products I don't interact directly with Bunny's API.

I use the WooCommerce plugin and my HISE project requests downloads from the WooCommerce API through a separate Wordpress plugin that I wrote.

In your case I don't know what the issue could be.

ustk

@d-healey Yeah I agree it seems very cheap!

Arff... Thanks, hopefully someone will chime in with experience on this particular issue

ustk

That gets stranger and stranger...

So I checked with the support and it is not a CDN issue.
This can easily be checked when opening this URL in a browser, the file downloads as it should on any computer:
(the expiration is set to approx 24h)
https://s427.b-cdn.net/bcdn_token=hva8kCEAjQ2HvytakhRVy4JPVG54j3iS5Rb7K7SYEZI&expires=1726145586/assets/Align-IT/Align-IT v1.0.0.pkg

However doing this within Hise (or exported binary) only works on my main computer, but not in any other one! So what could be the reason?

Here's a simple snippet using this same URL to demonstrate the issue (unless it works on your side, which would drive me crazy for good!)

HiseSnippet 1049.3ocsVstaaaCElxIpnxaEXEXO.B9GCJXIJ1o1IAMHcMwWZ7ZRpWTZvtfg.FIZKVSSJPR6Uih73s2m8FrcnjrsbqWZmAlLrE445GO7vO5dRQHQoDRjky0SSHHqu1NXJWG2LFS4ntsPVOwtk3O3LANpYqKQmNMAqTjHjk0FuxXhkylnzm+5GNEyv7PxBQHzMBZH4b5Hpdgzdu70TFqCNhbMcTAqq+xtgBdSASLFfyF1UQI3vg3AjKwFyJYirdT6HpVHCzXMQgr17TQzzfX.dY1eCUQuiQLSpgBf.kItifEYPrQJpYLkE0a1xVgfnzaQQXirhv2ZeAMhNW9hhw2jpvcgGEqGVkVFdarD7p8uAuU.IqBPZyLH8T6fPIMQuPiAOekcWtlH6igxdQnjYKpzetgcSAXAW6OBOjzQBSl6g29UqtsK7yVGUFrRIXD+PFAK8.Akg8Bk1cBV5d5IAsu8sWct6wtUh05D0y2cWU88Nv+tcBi39bhd26fA2pECI7iimfObXy1m7teZuylLUiGFe0MSq+i8t4UMp+tmQCZb0cG75CB9k1+Z2ui79DpjnNt1A6ses5MZb39UNpPh6z874I1rzzpcOgQGv2o60yG3NoleU3SxvAfukKS4LJm31eLOTSEb2n7l2NTFwaqxenrS.QNgH8gvcFrXNi.MhRuJUf0bAUmhUDHydyV6FskcXhPLyMLdLenB.0L74qRXTsWkcqTzLMVNfnM40XJ7JXpRSF4aDZ5HkdEDN6LlZKi9zNhTDmkqeK6kOivGnic2ws1uaxzrMsDIkCo+EtMkDrlxGjma29PHdtaE2uu.X70h.M3v.upakA24q6kpUyVba69g62tf+aOu1BkSGnd5P665oioJ+HrF62mxopXRDnLU6GgRszz4M27TH33X9tbXTiCM84ln33jJFx+rpDI55T73skuBNe4sHH4qDSaLuSNRlWayr69xN2CCtub4k6MNZdOifeoPSdCOqeArz8iU0u+J0YNqIELFr2tJ0F9N4C4nGe7n6Hxsgte1XxbCARfkYVdzWFyRX1Q+BFJ3c4T8aRH4yeXpQTN2AL5scaA6JFpobYfcIDolZfiUKxDfmOinxwtEQMTKR.l9OgEC3OEQiYX8xjplaRxU.0ikXxLrUbEUOs3MM+GXZq9fLseoP7o18n5v3UiwRq.iPk5+CLle+zSra2uOITu.faZ24mW2Ki9Lo+JwXCmxEXf038HK6KGOJ.thNj.YmyILH31VkLcKYyqZlap.ADdT5j+FdxUVyL2JWYsYJQivgRwsgYmBL2.93TI.l3oW96XegYtaMT5Iih04QvEx2FFtbn9DG2acc7Yqqi0WWGartNt+553AqqiG94cz7+kNYrVLJ6XCBcQu1oTIVVs4XnCLsaE8OP8YFDK

I'll provide a new link when needed when this one expires

I also tried to place the parameters in, well, the parameters of the download function, but that doesn't work and might not be clever anyway...

d.healey

@ustk Oh I didn't realise you were using the CDN for this. That's doesn't seem like a good idea, you should use the object storage.

ustk

@d-healey Thanks, but what do you mean by this? Could you please extend a wee bit?

ustk

@d-healey I think I use it the way they want you to do.
They say it is forbidden to deliver files directly from the storage, as it is a violation.
The storage has to be linked to a Pull Zone, so the request is made to that PullZone

d.healey

@ustk said in BunnyCDN issue when downloading files:

The storage has to be link to a Pull Zone

Yes correct, it works just like S3 storage but is much simpler to set up.

ustk

So now I am sure... This is driving me nuts for good...

I put together a new snippet that requests the secure URL and tries to download the file on success

HiseSnippet 1328.3ocsVstaaaCElJIpXxacXEXO.bd+QAMQNoqqcnEYyw2ZMZhsQjS69WFiDcLWjIMHoRpQQd21izdC1NjRxRt1caHX0IHwj7bN7iemqijhHpRIjHGuwKlSQNeka3BtdZ6oDFG0uCx4gtcD2xSDj31cFfZsXNQonwHGmsekQDGucP1O+4uzhjP3QzxsPn2JXQzSXyX5xcG07MrjjdjX5X1rJR+zl8iD71hDQJ.mscO.MmDcM4J5.hQrsbQNOnaLSKjgZhlpPN6zRDuHbJ.uL4eKSwtLgZVbHJDLT118DIwFDa1E0dJKIdTwyVg.qLpjD1NiD9V2SYwrk6WRFei8.boFU4CmsVEdauB7NrJ7NnB71.jbp.ocxfzibCijr45xSL34Kc6y0T4DBP6UgRlrns99G31V.Rv0AyHWS6IgEK0v+YGbvdX3O69xZfTJQBMHJgRj9vF0pANCkFeCQhacbX2KN+rSvdddGgqOUqmqdQiF2d6sAJcZLS7zm7bh4+AQhY0eYEMCGO7rieU2KJsPE8UfZAWteTLOfS0M1nh85eRohGmvthue+wMJ9B9lCCN.9Y90WU2.4FMvup6XbX21meVW73guo6.LnbMFOgwo3Io7HMSvwBdbdLcKM2PPRQhOf84BNPU6AHHIktasOTyiMA6muxCV5ERk2PkAJptEQQAa6W7z.NyyC9sfImKYbse8eF+Nhlw3WgmHjXEMJURMXJHHndgJ4FMhjj7Nld5nggi8q23146+6JA2RS6Wf2F2bXiqn58yLz9oxj56g+vc6s7s4qfnuT0dXIUAOGkA3VjaeJYGhO5Hb9cFZ2X3aLRkI15Ofvkf9E353GuzxAvsaeB1GQ1ET8L72cDNkGSm.ber8B77JdG8XIT+0Mzcvety706pcG3PKhcgWb6Buie8J9t56ZbE4dv1.+cITxveStWaHsMBoyv2M3jgG2A267AsG2e3f0BOVAjYL8Xw0TtMhnLB30Pb7qoPcLoecqub8fiON92HUMuDA3pwFF5HbEyGHoySL4kqoEP5ebBg0Pq4p5kljT5nVK66w3blt.CZhD3Vy6Dfh4egKTZ5LCgaqZJ8qrYQe.0tVGhopkkgpuozwraAn6BxbI8rB6B3IK9sDIUhkyS5LAV5oLUPLQSBfvIlZZVDkMhcUVPKMT3Rw2MKvpHAnzLpzHSgzr3R61v8W7Dowis3wGhufB39kFoHWEpSx6kijkDSlbPPrIF9tZq7oRwmABMcn40AvGDC+wGMYxFOKORNA7Ja5XS2T4+jh97zYWRkUKuYDDZwrZeK2OceqpsUixRNqHnf2myzCmS4eplsn7LZ3am2uC3FLM6x2CjaNUpYFH3zgdCL4PVqOO2NT00Zwbqr4kAPN0z1S+57FisR0ZAGwhMirTI+G89kiXz72ZtnbdCVyaYw5oK23ORZNkxtZZkQU5zjoNULCtNhDzzYKJm.LgYFfSf9jbSqVM88Fv3VTVAoH2P6yGAE2nZi.n0alCiQHhSSH5UmsvLPU9AfiakF5ll1bESun5.W+uMvw+UH9H2QLczzMiws1.FA26mCLlOl1Cc6NYBMRWBvcb68qedlICclHUCswOknkLHjxcP5rPXR0HJb6bNMwj33rkIDOa8Al0FFHjxisK9K3S9gGZV6je3gEGhlQhjhKhxRWMCB9E1c.Lwsy.64dpYM9PjMEtJOOChIuHJZUSslhO49p3ObeU7o2WE+w6qhO69p3yuuJ9S+6JZJYbbpVLKKsAgNcTWa8OGmt1ZJ1nUzeCj7miqN

Here's the problematic response I instantly get from other computers than mine, what about yours?

Interface: {
  "numTotal": 0,
  "numDownloaded": 0,
  "finished": true,
  "success": false,
  "aborted": false
}

As I said, the response is instantaneous, no waiting time that could tell that it is a server issue (at least to me...)

• Could someone tell if it works or not from his computer?
• Could it be a Hise setting, compile flag, or whatever I do on my side?

I would have preferred it not to work at all, as it would have been simpler to track down, so why it's working on my computer only?

The PHP part on my server that outputs the secure token URL:

function rest_route_secure_token_callback(WP_REST_Request $request)
{
    $base_url = "https://s427.b-cdn.net";                       // The CDN Pull Zone (bunnyCDN)
    $folder = '/assets/';                                       // Folder we want access to
    $url = $base_url . $folder;
    $securityKey = 'my-real-security-key-I-dont-wanna-show-publicly';      // Url Token Authentication Key
    $expiration_time = 3600;                                    // Expiration (1h)
    $user_ip = NULL;                                            // IP Validation is not reliable enough (disabled in the Bunny CDN dashboard)
    $is_directory_token = true;                                 // Grant access to the directory instead of unique files
    
    $securedURL = sign_bcdn_url($url, $securityKey, $expiration_time, $user_ip, $is_directory_token);          //function sign_bcdn_url($url, $securityKey, $expiration_time = 3600, $user_ip = NULL, $is_directory_token = false, $path_allowed = NULL, $countries_allowed = NULL, $countries_blocked = NULL, $referers_allowed = NULL)
    
	header('Content-Type: application/json');
	header('Content-Transfer-Encoding: UTF-8');
	header('Expires: 0');
	
    $response = array(
        'result' => 'success',
        'code' => "200",
        'message' => 'URL generated',
        'url' => $securedURL
    );
    
	$json = json_encode($response);
	echo $json;
   }

ustk

Ok so after further testing, I've been able to find the culprit do be the spaces in the URL!

So doing a basic sanitisation like

url = url.replace(" ", "%20");

seems to do the trick

Now, even if taking care of spaces in a URL might seem a normal thing to do, why it was working on only 1 over 4 tested computers makes no sense to me...

d.healey

@ustk Were all computers using the same OS and HISE version?

ustk

@d-healey same OS on two of them, one M3 Pro (mine which works) and the other M1 (which didn't work)
Other macs are old one, like 2011 and 2013 intel

Tried with both Hise (on the two M1+ macs) and exported binary (on all of them)
Hise were the same on 2 macs (direct Hise binary copy, not build)

Maybe the sanitisation could be directly handled by the download API...

d.healey

@ustk are the spaces in your file names? I always replace mine with underscores to avoid these kind of issues.

ustk

@d-healey Exact, in the filenames.
I do replace them with underscore to as for the JSON files, but binaries I like them with spaces... That been said, I could replace the underscores with spaces when writing the files...