I have created .bin file download functionality. All my .bin files are stored in the 'storage/app/files' folder. User from view template press on the download button, which appeals to the controller who handles all download functionality (checking if the user is logged in, are file is existing on 'storage/app/files' folder). My question is, does it's safe to store all my important files to this folder? Do I need to write a .htaccess file?
Only your public folder (with index.php) should be accessible, this is the root directory (sometimes the directory is named public_html).
Any directories outside that (like storage/app/vendor etc.) should be unreachable by URL.
"Everything" must go through index.php first if you want to keep control of your files.
So in order to serve assets like storage/app/files/xxx.png you should be using a controller. That code could look something like this:
// SomeController.php
public function showAvatar(Request $request)
{
// Select the `local` disk as defined in `config/filesystems.php`.
$disk = Storage::disk('local');
return response()->file($disk->path('files/xxx.png'));
}
You can then use middleware or other code to provide restrictions to these files.
Related
I want to provide a link to a file in my project, but I want this link to be human readable and perma-ish.
Doing this:
Link to file for reference :download:`myfile.json <../myproject/myfile.json>`.
Generates a link that looks like this:
...../myproject/docs/_build/html/_downloads/b4c73f3851c188db23a20daeed2c/myfile.json
Do I have control over this? I want the link to just be this:
...../myproject/docs/_build/html/_downloads/myfile.json
I would actually prefer the link be in the root so it's just:
...../myproject/myfile.json
The download role does what it says in the documentation, i.e., it creates links with a unique hash. I don't see a way around it unless the implementation is changed.
But
I would actually prefer the link be in the root
In this particular case we can (ab)use html_extra_path, adding this in conf.py
html_extra_path = ['../myproject/myfile.json']
and refer to the file with a regular hyperlink:
Link to file for reference `myfile.json <myfile.json>`_.
The file is then necessarily in the root folder (of the built HTML documentation), as that's what html_extra_path does. It cannot be put in a subfolder such as _downloads.
I am using the Storage::url() function for generating download links for files inside the storage directory, i also linked the storage directory to the public directory and everything is working fine.
However now any person can download the files without needing any authentication. What is the proper way to secure all routes starting with /storage/..... without having to re-write the download logic inside my controller?
you must add the download URL as a route on your routes.php file :
Route::get('downloads/{file}','MyController#download')->where('file', '^[^/]+$')->middleware('auth');
of course, don't forget to check if the file exists, after that you can use
$reponse()->download()
to return a download response. the method takes 3 parameters : file path, file name and HTTP response headers.
for more details, check this :
https://laravel.com/docs/5.7/responses#file-downloads
hi guys im pretty new in laravel 4.2 i have a project that stores file in the server and what i did based from the opinion of other people, when the user saves a file it goes to app/storage/uploads my problem is when i know the url to the file, it still have access to the file. for example it is a pdf file, it opens in the browser or if it is doc, xls, xlsx etc it triggers a download what i'm tying to do is when the user tries to access that url, it would go to a certain view informing them that the folder is restricted so far i have this on my routes
Route::get(storage_path().'uploads/{all?}' , 'sample#restrict');
then in my controller
public function restrict()
{
dd("WHOOOPS!"); //for trial purposes
}
any ideas what im doing wrong? thanks in advance
With normal configuration web server has access only to a public directory.
If you set public directory as root for a virtual host, noone will be able to access app or storage directories which are outside public.
When using Dojo file caching with Worklight receiving a 404 Error when running in Simulator. It appears the file being loaded is not being copied from the common area to the device. Is there something else I need to define in my project to make that happen? There must be a convention and I wanted to follow it going forward as I expect to have more template files in the project.
My define statement in a .js file:
define(["dojo/_base/lang", "dijit/layout/ContentPane", "dojo/dom", "dojo/text!./templates/Order.html"], function(lang, ContentPane, dom, template){
...
var cp1 = new ContentPane({
title:"Order",
content: lang.replace(template, someJson)
}).placeAt("temp");
My folder structure:
In the common/js directory I have the above code in a .js file and I have a templates folder to keep the Order.html and I would expect to have other template files stored there in the future.
Error on the console:
GET http://localhost:10080/DojoProject/apps/services/preview/DojoApp/windowsphone8/1.0/default/layers/templates/Order.html 404 (Not Found)
It seems that the way you are specifying the path, browser tries to find the file in the "layers" folder which is sibling to "templates".
Have you tried to modify the "dojo/text!./templates/Order.html" to something like: "dojo/text!./../templates/Order.html" to navigate one level up, then go into the templates folder?
I'm not sure this will work, but I think it worths a try.
I have public folder in root of my project. Placed a couple of images, when I try to access them, it says "Sinatra doesn't know this ditty..."
Isn't default public folder supposed to be called "public"? Or do I have to explicitly set that?
Need to not include /public in path.
The folder name should be "public" and then access it with /image.png when your folder structure is public/image.png