All geek questions in one place

How to handle private images in laravel 5?

I am new to Laravel and try to store personal images so that they can only be accessed through authenticated users. First, I saved the images in the Public / UserImages folder. But here all the pictures are available to unauthorized users by going to the Inspect Element of chrome and then changing the user IDs. Please help me...

+6
source share
3 answers

It really is up to you. It should be outside the public directory - I would personally choose resources/uploads or storage/uploads or completely save them outside the server using cloud file system support .

No matter what you choose, you need a route that retrieves the file and passes it to the user, after the first check that they have access.

+5
source

This is how I solved the problem of storing images in Laravel 5, so that only the viewed users can view the images. Non-authenticated people will be redirected to the login page. My server is a Ubuntu / Apache2 server.

  • Create the directory / var / www / YOURWEBSITE / app / Assets / Images

  • Add a route to the application /Http/routes.php.

    Route::get('/images/{file}',' ImageController@getImage ');

  • Create a controller application /Http/Controllers/ImageController.php

     <?php namespace App\Http\Controllers; use App\Http\Requests; use App\Http\Controllers\Controller; use Illuminate\Http\Request; use Auth; class ImageController extends Controller { public function __construct() { $this->middleware('auth'); } public function getImage($filename) { $path = '/var/www/YOURWEBSITE/app/Assets/Images/'.$filename; $type = "image/jpeg"; header('Content-Type:'.$type); header('Content-Length: ' . filesize($path)); readfile($path); } }

  • There are img tags in your view that have:

     src="{{ url('/images/test.jpg') }}"

This, of course, assumes that test.jpg is a file in / var / www / YOURWEBSITE / app / Assets / Images /

Of course, you can add more logic, for example, do not hardcode the path to images, etc. This is just a simple example for authentication. Note the use of middleware ("auth") in the controller constructor.

+5
source

I got the same question a few days ago and came up with this solution:

  • The first thing you need to do is upload the file to a private directory. My application stores scanned invoices, so I'm going to place them inside storage/app/invoices . The code for downloading the file and creating the URL will look like this:

     // This goes inside your controller method handling the POST request. $path = $request->file('invoice')->store('invoices'); $url = env('APP_URL') . Illuminate\Support\Facades\Storage::url($path);

    The returned URL should result in something like http://yourdomain.com/storage/invoices/uniquefilename.jpg

  • Now you need to create a controller that uses auth middleware to guarantee user authentication. Then define a method that captures the file from the private directory and returns it as the response of the file. It will be:

     <?php namespace App\Http\Controllers; use Illuminate\Support\Facades\Storage; class FileController extends Controller { public function __construct() { $this->middleware('auth'); } public function __invoke($file_path) { if (!Storage::disk('local')->exists($file_path)) { abort(404); } $local_path = config('filesystems.disks.local.root') . DIRECTORY_SEPARATOR . $file_path; return response()->file($local_path); } }

  • The last thing to register a route inside your routes/web.php :

     Route::get('/storage/{file_name}', 'FileController')->where(['file_name' => '.*'])

So, you have this, pretty reusable snippet for all your projects related to private files :)

+4
source

Source: https://habr.com/ru/post/982600/

More articles:


All Articles