I have a folder inside the public folder in Laravel app, this folder is called 'docs' and I want to protect it from unauthorised access. So basically when a user tries to access this folder they should get redirected to the login page. I tried doing this:
Route::get('\docs','DocsController#protected')->middleware('auth');
But Laravel doesn't even get triggered and the user goes directly to the folder.
You can use .htaccess file to protect this folder. But IMHO the better way is to move this folder from public, and access the docs using php code (using something like thephpleague/flysystem).
Related
I created Laravel project and able to make it work to get json output as well. However image link in json is not working.
https://android.factory2homes.com/
json: https://android.factory2homes.com/index.php/api/products
image link:https://android.factory2homes.com/index.php/public/12142.jpg
i tried creating symlink and copied same image in storage folder as well, but not able to make it work.
The public folder in a Laravel project is basically the root folder that shows up on the website URL.
For security issues, you really don't want the users to have the ability to write anything directly on the public folder, because if you are not careful they could overwrite your php scripts and have them do whatever they want.
So generaly speaking you create a simlink inside the public folder to the storage folder that is outside the public directory. Laravel has even a built in artisan command to do that exactly which is:
php artisan storage:link
The URL to any image stored in that folder would be in your example:
https://android.factory2homes.com/storage/12142.jpg
You do not have to put any .php file, or public or anything else.
if the image is inside public then I don't think you need to give the url like index.php/public/someimage.jpg you can just do www.yousiteurl.com/someinage.jpg
I resolved issue by savings images to Public_html folder instead of public folder in Laravel app root folder. Public_html is the path that is visible to public, hence other solutions weren't working.
I'm currently building a simply file hosting script using Slim 3. Currently I have my users folder on the same level as my public directory. Now that I'm attempting to access the files inside the user folder I'm getting errors caused by my document root not being able to access my users folder. Would it be a better idea to put my users folder inside my public folder because technically that would be public info to the logged in user?
It depends on what these files are - If they are only for the specific user or if they are available to all users.
When the files has to be private you can not put them into public, simple because everyone could hack url and get access to them. So you should put them in any data directory and make them available using an endpoint like /file/{username}/{name}.
In such endpoint you can easily append Header about filetype or if it should download or try to show in the browser window.
Whatever you make publicly available to the web server will be handled by default as any other asset:
Its URL is based upon the actual file name
If you know the URL you can download it
If it's a .php file it will be executed
You can certainly address all this concerns (and some of them may not even be concerns for your use case) but I don't think this is the ideal layout for a typical user-managed directory tree. Your current approach makes more sense to me.
To access such files you need to create a proper download script that makes all the appropriate checks (e.g. access checks), matches file system stuff from URLs and serves the assets as static files. In Slim that means creating a route with parameters and writing a handler function that does all this stuff.
How do you think I should organize images storage in my Laravel app? For example, I have a self-build admin panel and Articles module. Every article can have image that I should upload from Article's edit page in admin panel. So this image should be accessible through, for example, /images/somehash.jpg. But I can't give app privileges to write in public folder for security reasons. What variants of resolving this problem I have?
Create private folder e.g. {app_root}/storage/images, create route that handles URL /images/*, read image from storage and return it;
Maybe some workarounds with .htaccess;
You variant(s)?
Thanks!
If you don't want to store the images in public directory, then create storage/app/images directory and store the images in it.
Depending on your application's requirements, you may or may not need to create routes to read these images.
Whether you save your images in your public folder or a private folder, depends on your logic. When you upload your files in a public folder then those files can be downloaded directly from the web server without starting the
Laravel application. But if you choose to store your files in a private folder then those files are private and the requester has to get those files from your Laravel application. So if your files are open to everybody(like CSS or JS files) then that means you can put them in a public folder. But if for any reason your files have any kind of restriction or any validation that needs to be checked before letting the users to access that file, then you can upload those files in a private folder.
I am developing a project in laravel 4.2. In this project, inside public folder there are folders like css, js, img and images. I want to protect direct access of files inside js, css,img folder via url like by typing in browser like "www.example.com/css/style.css". How will I do that? Can anyone help? I saw some methods by using .htaccess file. But if I deny access via .htaccess file, I cannot access these file code too. Is there any method, that can be implemented by programming? Thanks
Fuelphp redirect to file.
In fuelphp in the public folder i have a folder named files(public/files).
There i have some pdf and jpeg files i want to create a hyperlink to these files, so when i access the hiperlink it will take me to that file and view it in browser, like when you access a direct file on server in apache.
I created the hiperlink like this: myhost/index.php/files/myfile.pdf but i don't know how to access it. Do i have to setup something in routes? Or there is another way?
Thank you.
Create the hyperlink to myhost/files/myfile.pdf if your server can understand public/.htaccess (mod_rewrite).