What are the ways to hide static files in Laravel, preferably within local storage without 3rd party APIs?

E

EVOSandru62020-06-18 22:28:29

Information Security

EVOSandru6, 2020-06-18 22:28:29

Hey guys.

What are some ways to hide static files (like images accessed at /images/secret/1.jpg ) from unauthorized users?

So that only authorized people can watch, preferably with the admin role.

There were thoughts that it is probably possible in a certain way to close the common path to the pictures and in some way push these pictures at the level of the routes. MB still add some esh to the address to this story.
But I don’t finish pedaling to the end - how to do it with minimization of crutches.

It is important that the paths to these files are closed from external resources and for unauthorized people. filesystems.php

config :

return [
    'default' => 'local',

    // Не использую
    'cloud' =>  's3',

    'disks' => [
        'local' => [
            'driver' => 'local',
            'root' => public_path(),
        ],
        'public' => [
            'driver' => 'local',
            'root' => storage_path('app/public'),
            'url' => env('APP_URL') . '/storage',
            'visibility' => 'public',
        ],

        // Не использую
        's3' => [
            'driver' => 's3',
            'key' => env('AWS_ACCESS_KEY_ID'),
            'secret' => env('AWS_SECRET_ACCESS_KEY'),
            'region' => env('AWS_DEFAULT_REGION'),
            'bucket' => env('AWS_BUCKET'),
        ],
    ],
];

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Daria Motorina, 2020-06-18
@glaphire

Without being tied to the framework - just store files in a directory that is not directly accessible at the server level (that is, in fact, any other than public), create an endpoint (controller action) that will take a file from this folder and return, well, add a check for file access rights inside the endpoint, i.e. no third party api needed