Reputation: 49
How to prevent the file access from public in Laravel?
I still a newbie in Laravel. Please help me to solve my issue. I stuck on to prevent the file from the public. I trying to make the file access from public to private in Laravel 7.
I put all of the links in the auth it made all of the links required access before using it. I was tried to access some links to create a record. I can't do it and the system required the auth but when I use the URL http://127.0.0.1:8000/storage/actions/filename.something without log-in to access the image file. I still can see the file.
This is my route
Route::group(['prefix' => 'admin', 'middleware'=> ['auth', 'administrator']], function () {
//Action
Route::get('/addAction', 'admin\ActionController@create');
Route::get('/deleteAction/{id}', 'admin\ActionController@delete');
Route::get('editAction/{id}', 'admin\ActionController@edit');
Route::post('/addAction', 'admin\ActionController@store');
Route::post('/updateAction/{id}', 'admin\ActionController@update');
Route::get('/allAction', 'admin\ActionController@index');
Route::get('/delete/actionImage/{id}', 'admin\ActionController@deleteimages');
});
This is the controller that I use to store the data to the database and the image to the file path.
public function index(){
return view('admin.allAction')
->with('actions',Action::all())
->with('challenges',Challenge::all())
->with('users',User::all())
->with('status',Status::all())
->with('images',Images::all());
}
public function create(){
$users = DB::table('users')
->where('role','2')
->get();
return view('admin.addAction')
->with('users', $users)
->with('status',Status::all());
public function store(Request $request){
$request->validate([
'name' => 'required|string|max:188',
'objective' => 'string|max:888',
'images' => 'required',
'images.*' => 'file|image|mimes:jpeg,png,jpg|max:8000',
]);
// Insert Data to Table
$action=new Action();
$action->name=$request->name;
$action->objective=$request->objective;
$action->status_id=$request->status_id;
$action->owner_id=$request->owner_id;
$action->challenge_id=$request->challenge_id;
/*dd($action);*/
$action->save();
if ($request->hasfile('images')) {
$images = $request->file('images');
foreach($images as $image) {
$name = time().'-'.$image->getClientOriginalName();
$name = str_replace(' ','-',$name);
/*$path =*/ $image->storeAs('actions', $name, 'public');
Images::insert([ /*OrUpdate*/
'name' => $name,
'action_id' => $action->id,
]);
}
}
Session()->flash("success", "Success!");
return redirect('/admin/addAction');
My filesystem.php
'disks' => [
'local' => [
'driver' => 'local',
'root' => storage_path('app'),
'permissions' => [
'file' => [
'public' => 0664,
'private' => 0600,
],
'dir' => [
'public' => 0775,
'private' => 0700,
],
],
],
'public' => [
'driver' => 'local',
'root' => storage_path('app/public'),
'url' => env('APP_URL').'/storage',
'visibility' => 'public',
],
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION'),
'bucket' => env('AWS_BUCKET'),
'url' => env('AWS_URL'),
],
],
I never do private file before I don't know how to do it. I tried to search how to on the internet but I still can't make it possible.
Thank you for all of the comments in advance and sorry for my English.
Upvotes: 0
Views: 1242
Answers (0)
Related Questions
- Laravel, protecting a folder in public folder
- Laravel filesystem, How to set public file only can view by after login
- PHP Laravel : How to restrict direct access to files in laravel ( http://localhost/projectname/public/uploads/sample.pdf)
- Laravel: Prevent direct access of files from public folder
- How can I protect path of my public folder in Laravel
- prevent the access of folders that are not under public in laravel 4.2
- restrict access on public folder in laravel 4.2
- Laravel - how to protect /public/files/uploads/ from web acces by customers
- Laravel 4: how to protect assets folder?
- Laravel 4: prevent access to any file or folder except public