Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Understanding file storage and protecting contents Laravel 5

I need help understanding Laravel's file storage system. I'm creating an app where I need to upload a users drivers license photo. This is obviously sensitive information. I would like to keep this image off of the internet unless an admin is viewing it. My understanding is that i have to save things to the public directory in the storage>app>public and create a symlink to the public>storage folder. I have this done and it's working fine. I save the path to the database and the program can display it, but I don't want things to be in the public folder if I can avoid it.

Is there any way to save an image/file to a private folder in the storage system then access it through the view? If I do this, does it keep that image "private" so that it's not stored in a cache somewhere beings that it's not in a "public" folder? Does the symlink protect files in the storage folder in the way I'm wanting or does it truly make all files available to the public?

Any help in understanding this would be appreciated.

like image 755
maximus1127 Avatar asked Jan 01 '23 17:01

maximus1127


1 Answers

What you've said is correct the files in storage/app/public is public. This is why you have to create a private directory, lets say storage/app/private, then upload your sensitive files here.

You may want to add a disks in your config/filesystems.php:

'private' => [
    'driver' => 'local',
    'root' => storage_path('app/private'),
],

If you want to access your private files. Create a route for this:

Route::get('/private-files/{file?}','FileController@get')->where('file', '(.*)');

Then in the FileController.php, you will have something like this (this is just an example, edit the code here to check if the user is admin):

<?php
namespace App\Http\Controllers;

use Auth;
use Storage;
use App\Http\Controllers\Controller;

class FileController extends Controller {

    public function __construct()
    {
        $this->middleware('auth');
    }

    public function get($file)
    {
        return Storage::disk('private')->get($file);
    }

 }
like image 79
aceraven777 Avatar answered Jan 05 '23 09:01

aceraven777