Access files in storage folder only through Auth Middleware and Token based authentication

Question

I have following folder in my Laravel website.

/storage/Asset/Media

This folder can have info like below

/storage/Asset/Media/1/abc.png

/storage/Asset/Media/2/abc.png

Here 1 or 2 is the folder names.

I have following code to secure the folder so that nobody can access the folder without authentication

Route::group(['middleware' => ['web', 'auth']], function () {
    Route::get('/storage/Asset/Media/{ID}/{eded}', array(
        'as' => 'Files',
        'uses' => 'User\Account\Media\MediaController@DownloadMedia',
    ));
});

so in this way nobody can access the files until user's session is not expired in a browser.

Issue is in Android, so now nobody can access the files due to Auth Middleware.

Can somebody suggest the approach such that, files can be accessible to download via Token Based Authentication(through Android) and also using Auth Controller(through Website)?

Answer 1

You don't need to use any other config in routes.php, everything will work just fine if You follow this guide:

The easiest solution would be to create column named api_token is users table. Then when trying to access resource from android device, just add ?api_token=<token> to Your URL, where <token> is a api_token column in Your users table.

For example: domain.com/storage/Asset/Media/1/2?api_token=123hello4secret

System will try to search for user record with api_token == 123hello4secret, so just put that 123hello4secret into Your user api_token field.

---

If You wonder why You should api_token as column name, the answer is here: https://github.com/laravel/framework/blob/2a38acf7ee2882d831a3b9a1361a710e70ffa31e/src/Illuminate/Auth/TokenGuard.php#L45 Laravel will try to authorize You using api_token if it is found in request fields.

---

Also You can use HTTP headers to authorize with token:
Header example:

Authorization: Bearer 123hello4secret