download is now by video id and not full path

right check is done before serve content
currently, only public video is downloadable