I would like to know if there is any way of showing private uploaded files inside filamentPHP admin panel.
Only the authenticated user should be able to see it, since it is not in the public storage folder of Laravel. Their documentation does not seem to include it.
Related
I have a folder inside the public folder in Laravel app, this folder is called 'docs' and I want to protect it from unauthorised access. So basically when a user tries to access this folder they should get redirected to the login page. I tried doing this:
Route::get('\docs','DocsController#protected')->middleware('auth');
But Laravel doesn't even get triggered and the user goes directly to the folder.
You can use .htaccess file to protect this folder. But IMHO the better way is to move this folder from public, and access the docs using php code (using something like thephpleague/flysystem).
I want to separate Codeigniter4 MVC for admin and public. In codeigniter3 this is very easy. But I am unable to do that in Codeigniter v4. I want to use system directory for both MVC. Can anyone help me?
Example for public
http:://abc.com
Example for admin
http:://abc.com/admin
Create an admin folder inside the public folder. Copy All files and folders from public folder to the admin folder
Edit the admin/index.php file. Add extra [../] in $pathsPath value
Create a new admin folder in App folder. Copy all files and folders from App folder to admin folder
Edit adnin/Config/Paths.php. Add extra [../] in every variables except $viewDirectory veriable.
This changes will make separate the admin and public MVC from each other. But the System folder will be the same.
I have a website, let's call it "public" with an admin site, let's call it "admin."
Both websites are hosted on the same Debian server and each site is owned by a different user: public_user and admin_user
public site is in var/www/public
admin is in var/www/admin
Now; using php mkdir() and copy() from the admin site I would like:
1) Create a folder inside the public site.
2) move/copy files within public from the admin site.
From admin I would like to do the following inside public:
Create a folder in www/public/assets/images
Move images from www/public/assets/temp to my newly created folder
At the moment I have "permission denied"; I could chmod 777 but surely there must be a safer and better way?
What would the pros do?
If you have the ability to setup user groups on the server,
Setup a new user group
Assign both public_user and admin_user to the group
Then assign the desired folder(s) [www/public/assets/images] to the group with read/write (and if necessary, execute) permissions.
After that, you should be able to copy files/move files to said folder as either user.
For more info, refer to the Debian administration documentation for adding groups and adding users to those groups.
I'm currently building a simply file hosting script using Slim 3. Currently I have my users folder on the same level as my public directory. Now that I'm attempting to access the files inside the user folder I'm getting errors caused by my document root not being able to access my users folder. Would it be a better idea to put my users folder inside my public folder because technically that would be public info to the logged in user?
It depends on what these files are - If they are only for the specific user or if they are available to all users.
When the files has to be private you can not put them into public, simple because everyone could hack url and get access to them. So you should put them in any data directory and make them available using an endpoint like /file/{username}/{name}.
In such endpoint you can easily append Header about filetype or if it should download or try to show in the browser window.
Whatever you make publicly available to the web server will be handled by default as any other asset:
Its URL is based upon the actual file name
If you know the URL you can download it
If it's a .php file it will be executed
You can certainly address all this concerns (and some of them may not even be concerns for your use case) but I don't think this is the ideal layout for a typical user-managed directory tree. Your current approach makes more sense to me.
To access such files you need to create a proper download script that makes all the appropriate checks (e.g. access checks), matches file system stuff from URLs and serves the assets as static files. In Slim that means creating a route with parameters and writing a handler function that does all this stuff.
How do you think I should organize images storage in my Laravel app? For example, I have a self-build admin panel and Articles module. Every article can have image that I should upload from Article's edit page in admin panel. So this image should be accessible through, for example, /images/somehash.jpg. But I can't give app privileges to write in public folder for security reasons. What variants of resolving this problem I have?
Create private folder e.g. {app_root}/storage/images, create route that handles URL /images/*, read image from storage and return it;
Maybe some workarounds with .htaccess;
You variant(s)?
Thanks!
If you don't want to store the images in public directory, then create storage/app/images directory and store the images in it.
Depending on your application's requirements, you may or may not need to create routes to read these images.
Whether you save your images in your public folder or a private folder, depends on your logic. When you upload your files in a public folder then those files can be downloaded directly from the web server without starting the
Laravel application. But if you choose to store your files in a private folder then those files are private and the requester has to get those files from your Laravel application. So if your files are open to everybody(like CSS or JS files) then that means you can put them in a public folder. But if for any reason your files have any kind of restriction or any validation that needs to be checked before letting the users to access that file, then you can upload those files in a private folder.