In my project, I have implemented auth and ACL for my controllers and routes. I have a file upload system accessible only if the user is logged. It's work fine.
My problem is on the uploaded files. The user can access any file if have a file URL. How I can implement auth on uploaded files?
I tried with routes, but when accessing my file through the browser the file is shown as if not have a route intercepting this URL.
I have used this code:
Route::get('/storage/document/3/4a15c1ab060be8f35.png', function () {
return 'ok';
});
How can I implement auth on specific folders on storage? Thanks!
Laravel's filesystem configuration file is located at config/filesystems. php . Within this file, you may configure all of your filesystem "disks". Each disk represents a particular storage driver and storage location.
One way to delete a file from the public directory in Laravel is to use the Storage facade. To delete a file, you will need to follow the following steps: Step 1: Check to ensure that the folder and file exist. Step 2: Delete the required file.
You can link the storage folder in laravel using php artisan command and you can also run a PHP script to create a symbolic link between two folders.
To delete a directory in the Laravel application you can make use of the "deleteDirectory()" method available from the Storage facade. <? php Storage::deleteDirectory($directory); This method will delete the directory with all of its files so you must carefully ensure that you are deleting the right directory.
For example, you can use the local storage system where all the files will be stored within the project itself. You can also use the SFTP to transfer files to other servers or you can utilize the Cloud Storage for storing all your files. Laravel provides the Amazon S3 or Google Cloud storage out of the box.
Laravel's filesystem configuration file is located at config/filesystems.php. Within this file, you may configure all of your filesystem "disks". Each disk represents a particular storage driver and storage location.
To prevent the Laravel for hacking, you have to un follow the direct access of the files from the webserver and hide .env file or code from the server. Why do we protect the .env file?
You can also use the SFTP to transfer files to other servers or you can utilize the Cloud Storage for storing all your files. Laravel provides the Amazon S3 or Google Cloud storage out of the box. In Laravel, we call all these storage types as disks, think of file storage and label it as a disk in Laravel.
If you want to restrict access to files per user based on some sort of permission, you'll need to build that permission logic yourself (StackOverflow isn't going to do your job for you), but for the sake of answering this question, let's assume you already have that permission system in place and in order to check whether the user has access, our function is hasAccessToFile
which basically just does a look up based on whatever your business logic requires.
Instead of serving all files publicly, you can serve individual files, here's a very brief example:
Route::get('files/{pathToFile}', function($pathToFile) {
if (auth()->user()->hasAccessToFile($pathToFile)) {
return response()->file($pathToFile);
} else {
return 'Nope, sorry bro, access denied!';
}
});
See the File Responses documentation.
If you need to provide downloads of the files rather than serving of them, similarly:
Route::get('files/{pathToFile}', function($pathToFile) {
if (auth()->user()->hasAccessToFile($pathToFile)) {
return response()->download($pathToFile);
} else {
return 'Nope, sorry bro, access denied!';
}
});
See the File Downloads documentation.
You can refer to my answer here. The process includes creating a new Storage Disk that saves files on /storage/app/
(not in public folder) and validating the request before serving the file to the user.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With