We Keep Coding

View files inside storage folder for authenticated User

I am using spatie library to upload some files which will be saved to the storage folder. What I want to accomplished at the moment, is to view those files or images when I am an authenticated user. I've tried creating a symlink using this command ,
php artisan storage:link
But this makes those file to be seen publicly. What I only want is to view those file, only when the user is an authenticated user. So far this is what I did but it seems like I miss something.
ROUTE :
Route::get('/storage/{filePath}', 'ComplaintsController#fileStorageServe')->where(['filePath' => '.*'])->name('complaints.viewfile');
CONTROLLER :
public function fileStorageServe($file) {
// know you can have a mapping so you dont keep the sme names as in local (you can not precsise the same structor as the storage, you can do anything)
// any permission handling or anything else
// we check for the existing of the file
if (!Storage::disk('local')->exists($filePath)){ // note that disk()->exists() expect a relative path, from your disk root path. so in our example we pass directly the path (/.../laravelProject/storage/app) is the default one (referenced with the helper storage_path('app')
abort('404'); // we redirect to 404 page if it doesn't exist
}
//file exist let serve it
// if there is parameters [you can change the files, depending on them. ex serving different content to different regions, or to mobile and desktop ...etc] // repetitive things can be handled through helpers [make helpers]
return response()->file(storage_path('app'.DIRECTORY_SEPARATOR.($filePath))); // the response()->file() will add the necessary headers in our place (no headers are needed to be provided for images (it's done automatically) expected hearder is of form => ['Content-Type' => 'image/png'];
// big note here don't use Storage::url() // it's not working correctly.
}
VIEW :
#foreach($complaint->attachments as $attachment)
{{ $attachment->file_name }}
#endforeach
When I click the link it will give me something like this.
http://127.0.0.1:8000/complaints.viewfile/http%3A%2F%2F127.0.0.1%3A8000%2Fstorage%2F3%2F60580fdeadc55_worship.jpg
Please help. Thank you...

You need to understand how files are served by a web server and how that interacts with a laravel application.
You likely have nginx or apache set up to serve files from the public folder of your laravel app. ie: /var/www/sites/laravel-site/public.
When an HTTP request is sent to your server, if your nginx or apache is configured to serve files like laravel-site.com/storage/documents/secrets.pdf statically, then your laravel application code will never even be run, and you cannot control access to these files at the application level.
If you want to setup access control to files, you will need to first ensure the requests are not going to be served statically, and second setup a route to serve the files after checking if the user/request has permission to access the file(s) you want to serve.
There are lots of other great answers and resources on how to do this.

Correct me if im wrong but isn't the easiest way to do that via system-settings ? Like you have different Users and you just put them in different groups that have different rights for folders/files.

Where should my users folder be in a Slim 3 project?

I'm currently building a simply file hosting script using Slim 3. Currently I have my users folder on the same level as my public directory. Now that I'm attempting to access the files inside the user folder I'm getting errors caused by my document root not being able to access my users folder. Would it be a better idea to put my users folder inside my public folder because technically that would be public info to the logged in user?

It depends on what these files are - If they are only for the specific user or if they are available to all users.
When the files has to be private you can not put them into public, simple because everyone could hack url and get access to them. So you should put them in any data directory and make them available using an endpoint like /file/{username}/{name}.
In such endpoint you can easily append Header about filetype or if it should download or try to show in the browser window.

Whatever you make publicly available to the web server will be handled by default as any other asset:
Its URL is based upon the actual file name
If you know the URL you can download it
If it's a .php file it will be executed
You can certainly address all this concerns (and some of them may not even be concerns for your use case) but I don't think this is the ideal layout for a typical user-managed directory tree. Your current approach makes more sense to me.
To access such files you need to create a proper download script that makes all the appropriate checks (e.g. access checks), matches file system stuff from URLs and serves the assets as static files. In Slim that means creating a route with parameters and writing a handler function that does all this stuff.

apache/php multiple users mapped to multiple versions of app

(updated file structure)
I've got this situation:
a general database with several users (unique_name, database_name, user, password, version)
a release folder with different versions of the app. (releases/version/...)
each user has his own database, from which the info is found in the general database.
if a user navigates to "http://www.app.com/unique_name/", I want the server to:
load the correct user info from the general database
load the correct version of the app (and the correct assets)
use the correct user database in the app.
The users can only see "http://www.app.com/unique_name/" in it's browser, and there will be API calls to "http://www.app.com/unique_name/api/...".
file structure:
/
data/
unique_name/ (files for unique_name)
unique_name2/ (files for unique_name2)
...
releases/
v1.5/
index.php
api/
v2.0/
index.php
api/
What would be a correct way to approach this using apache and php?

Your question need more details from your side but what i could understand, In this case you have to be very decisive on project structure,
Make url looks like -> www.app.com/index.php?/unique_name
Create a bootstrap file which handle all request(landing) and pass unique_name as a parameter, you can use .htaccess file for this
Parse the url and get the first segment, Gets the Database and version details from general database based on argument and cache or store it in session(user data + version folder mapping) it.
Loads the correct version of file-system using php(may be need to write a router class)
www.app.com/api/index.php?/unique_name
src\
api\
index.php
releases\
xxx.xxx\
xxx.xxx\
index.php
As far as api code, i would advise to place all api related code at top level.
You need to write some router(mapper) which will make the absolute path of assets or files, can be used for loading.

persistence in certain directory

I am making a web app in which there are four directories user, admin, superadmin. I am login user and directing each of them to these directories using sessions depending who the user is and it's working out well.
How can I ensure that the user session persists in the directory they are in until they log out. For instance, if I log in as admin, I would like all my sessions only to persist in the admin directory without going to another directory. I do not have and idea please help
This is path to the root folder: F:\wamp\www\authentication\public\
admin : F:\wamp\www\authentication\public\admin\
user : F:\wamp\www\authentication\public\user
I do not want to return to the root directory which contains this directories.. Kindly assist me and give me sample codes.

$conflen=strlen('SCRIPT');
$B=substr(__FILE__,0,strrpos(__FILE__,'/'));
$A=substr($_SERVER['DOCUMENT_ROOT'], strrpos($_SERVER['DOCUMENT_ROOT'],$_SERVER['PHP_SELF']));
$C=substr($B,strlen($A));
$posconf=strlen($C)-$conflen-1;
$D=substr($C,1,$posconf);
$host='http://'.$_SERVER['SERVER_NAME'].$D;
$path=$host.dirname($_SERVER['PHP_SELF']);
define('FRAMEWORK_PATH', $path.'/');
This is working but give more answers. i found it in php manual

Need advice/help with website structure with caching, don't want to set 777 to doc root

I have a web application, based on CodeIgniter framework, which simply fetches data from stock exchange feeds and displays it. To enable caching the plan is to create a static HTML file once the stock exchange is closed coz there will not be any change in the stocks. Here is the structure for doc root of website
/index.php the CI controller
/application
/system
The URLs are
mysite.com/marketwatch.html - served by index method of marketwatch controller
mysite.com/marketwatch/marketindex/some-index-name.html - served by marketindex method of marketwatch controller and takes some-index-name as argument
mysite.com/marketwatch/scripdetails/some-scrip-name.html - served by scripdetails method of marketwatch controller and takes some-scrip-name as argument
Now what I can do is to create a path like DOCROOT/marketwatch/marketindex and DOCROOT/marketwatch/scripdetails/ and set 777 perms on these two so that at right time of the day the files are created in these two folders and .htaccess will direct Apache to serve these files instead of invoking whole CI framework and save sever of some botheration. The problem is
setting 777 for a folder that is served by webserver sounds wrong
I can't set 777 perms for doc root to create marketwatch.html
Can some one guide me how to solve this issue?

If you create the "cached" files in advance (even if they are empty) and give them 0666 permissions, PHP will be allowed to modify these files to update them (but don't never delete them, or they'll lose those permissions and they won't be the same the next time you create them).

You can try to set 0777 permissions with chmod function from php.