I have following folder in my Laravel website.
/storage/Asset/Media
This folder can have info like below
/storage/Asset/Media/1/abc.png
/storage/Asset/Media/2/abc.png
Here 1 or 2 is the folder names.
I have following code to secure the folder so that nobody can access the folder without authentication
Route::group(['middleware' => ['web', 'auth']], function () {
Route::get('/storage/Asset/Media/{ID}/{eded}', array(
'as' => 'Files',
'uses' => 'User\Account\Media\MediaController@DownloadMedia',
));
});
so in this way nobody can access the files until user's session is not expired in a browser.
Issue is in Android, so now nobody can access the files due to Auth Middleware.
Can somebody suggest the approach such that, files can be accessible to download via Token Based Authentication(through Android) and also using Auth Controller(through Website)?
Using the Auth Middleware Middlewares provide a convenient mechanism for filtering HTTP requests entering your application. For example, Laravel includes a middleware that verifies the user of your application is authenticated. If the user is not authenticated, the middleware will redirect the user to the login screen.
Please run php artisan make:middleware UserAccessible on your terminal. After run above artisan command, you will see generated a file named UserAccessible. php in the App/Http/Middleware folder. Route::group(['middleware' => ['auth:api', 'user_accessible']], function () { // your protected routes. });
Introduction. Laravel Sanctum provides a featherweight authentication system for SPAs (single page applications), mobile applications, and simple, token based APIs. Sanctum allows each user of your application to generate multiple API tokens for their account.
You don't need to use any other config in routes.php
, everything will work just fine if You follow this guide:
The easiest solution would be to create column named api_token
is users
table. Then when trying to access resource from android device, just add ?api_token=<token>
to Your URL, where <token>
is a api_token
column in Your users
table.
For example:
domain.com/storage/Asset/Media/1/2?api_token=123hello4secret
System will try to search for user record with api_token == 123hello4secret
, so just put that 123hello4secret
into Your user api_token
field.
If You wonder why You should api_token
as column name, the answer is here: https://github.com/laravel/framework/blob/2a38acf7ee2882d831a3b9a1361a710e70ffa31e/src/Illuminate/Auth/TokenGuard.php#L45 Laravel will try to authorize You using api_token
if it is found in request fields.
Also You can use HTTP headers to authorize with token:
Header example:
Authorization: Bearer 123hello4secret
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With