Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Secure Asset/Media Folder through Auth Controller ? Laravel 5.2

I have public/Asset/Media/folder

I can access this file publicly like below.

http://localhost/myapp/public/Asset/Media/1/phpunit.xml

Similarly there are other folders in the Asset/Media folder which are being created on the fly.

There are many files also present in those sub folder and are also present in Asset/Media folder

Is there any way, such that if I try to access any file in Asset/Media folder or any file present in the sub folder of Asset/Media folder, I should be redirected to login page because authentication is not done?

I meant, can i use Auth Middleware to secure this folder? if so, Is it a valid approach if we have to access the files from a Android App?

like image 781
Pankaj Avatar asked May 16 '16 09:05

Pankaj


4 Answers

If you want to secure files, they need to go through Laravel. Accessing the file as you do (using the full path) does not go through Laravel. You can achieve this by creating a route:

Route::group(['middleware' => ['auth']], function () {
    Route::get('/secure/file/{file_name}', 'FileController@file');
}

Then, create a Controller to access the file so that you can use Auth to check for permission to access. It also means that you should put the file in an inaccessible location and use the Laravel Filesystem to access the file using PHP:

class FileController extends Controller {
    public function file()
    {
        return Storage::get('path/to/phpunit.xml');
    }
}
like image 154
Niraj Shah Avatar answered Nov 10 '22 19:11

Niraj Shah


Laravel 5.2 has introduced HTTP Middleware, i would advise you to do it.

https://laravel.com/docs/5.2/middleware#middleware-groups

this thread might help you to get it to work...

Laravel 5.2 Auth not Working

like image 27
Prakash Avatar answered Nov 10 '22 21:11

Prakash


Use the route below for it:

Route::get('/myapp/public/Asset/Media/{id}', function ($id) {
    if (Auth::guest()){
        return Redirect::guest('login');
    }else{
         $img="/myapp/public/Asset/Media/".$id;
            if(File::exists($img)) {
         return Response::make($img, 200, array('content-type' => 'image/jpg'));
            }else{
                return false;
            }
})->where('id', '.+');
like image 1
Javid Aliyev Avatar answered Nov 10 '22 21:11

Javid Aliyev


My sample url is here:

http://domainname.com/storage/Asset/Media/1/filename.txt

My route

Route::get('/storage/Asset/Media/{ID}/{file}', array(
    'as' => 'Files',
    'uses' => 'User\Account\Media\MediaController@DownloadMedia',
));

Controller Action Method

public function DownloadMedia($ID) {
    $headers = array(
        'Content-Type'        => 'application/octet-stream',
        'Content-Disposition' => 'attachment; filename=somefile.txt"'
    );

    return response()->download(base_path("storage/Asset/Media/1/somefile.txt"));
}

Here important thing is I can use application/octet-stream to download any file type.

like image 1
Pankaj Avatar answered Nov 10 '22 19:11

Pankaj