directory for public and private file in laravel - laravel

I want to create a website for selling quality photos using Laravel framework.
I want to show everyone the photo mockup on the home screen.
But the original file(zip) can be downloaded after purchase.
Is it best to place the mockup file in the Storage/app/public path and the zip file in the Storage/app/files path?
If I do, I can access the mockup file using php artisan storage:linkand display it on the home screen. But I have no idea how to download the zip file.
If this method of storing files and mockups is correct, secure and standard, please tell me how to access the zip file.
But if this is the wrong way, tell me the right place to put the files and mockups

If it's public to everyone then there is no problem to make it public, so If you were to use your local driver and would want to make files accessible in your storage folder then you would run an artisan command like below
php artisan storage:link
This will ensure that files are accessible publicly as example.com/public/storage/whateverfile.
However, for the people who have purchased the image, you need to use authentication or authorization to handle it, eg. if you want the files to be only accessible to authenticated user then maybe you can put the files in storage/myViewFile which will make sure that files in the folder aren't publicly accessible. Then using a controller with an auth middleware or route with middleware you can make files accessible.
Route::get('/storage/files/{file}', 'FilesController#show')->middleware('auth');
and for downloading files you can do it in the show method using laravel download response
return response()->download($pathToFile);
//or
return response()->download($pathToFile, $name, $headers);
//or
return response()->download($pathToFile)->deleteFileAfterSend();

Related

Laravel storage accessibility confusion

I'm having trouble figuring out how Laravel's storage works since there are two public folders and I am confused which people talk about when I read posts about it.
Just to put a context, I have an app where I want to store images just for logged in users. I get the fact that public folder allows everybody too see images, I don't want that. There are two folders named public though which are :
I'm quite sure public is just for css/js/index.php etc. and storage/app/public is the folder where stored files are publicly accessible. I am, however, not a 100% sure.
If I want to have private images for logged in users, is it correct having created the clients folder in the storage/app/ folder?
Thanks for your help.
Long story short, Laravel aims for both of them to be the same. And it is explained at great extend in the doc: https://laravel.com/docs/7.x/filesystem#the-public-disk
Even is the storage folder is indeed protected, when you run the command php artisan storage:link you will create a symbolic link between public/storage and storage/app/public.
All the items available in storage/app/public will then be available in public/storage and accessible from the outside.
If you want to prevent public access, then you need to use the local driver (https://laravel.com/docs/7.x/filesystem#the-local-driver) and it will be stored securely within your application. For example:
Storage::disk('local')->put('FOLDERNAME/file.txt', 'Contents');
won't be accessible from the outside.

What should be the better way to store images or files to folder in laravel application

I am doing a project using Laravel. Now, I have to store customers, users etc images both in the database and application folder. There are two ways to store images or files in laravel application.
Inside public folder I can store.
Another one is, inside storage/app/public
From these two ways, what should be better to do this. Would someone suggest me please?
Thanks in advance.
There's not an enormous difference, but in general, it's better to put things in storage/app/public.
This allows you to give Laravel write permissions to the storage folder, while leaving its permissions on public as read-only. This is a bit more secure.
Generally, if your files need to be publicly available you it is recommended you use the laravel "Public Disk" which exposes yoursite.com/storage/ as a symbolic link to your_app/storage/app/public.
You can activate the public disk by running
php artisan storage:link
If files uploaded do not need to be directly accessed via the web, it is recommended that you use the "Local Driver" - these files are kept securely inside your_app/storage/app - one level up from the public folder and are not directly accessible by a web browser.
You are of course free to create any file structure in these directories as you need for your customers etc.
The Storage class helper is extremely useful.

Storage laravel. Is this secure to keep private image?

Hi i'm working on sell picture project. I want to secure image in public folder . I follow this way How to protect image from public view in Laravel 5?
Everything work fine. I just want to make sure in storage Path thier is no way to access with URL right? I put my image into storage/images not storage/app/public
If i storage link it will be effect to my private image or not thanks
In Laravel the root of the webserver is the public directory and the entrypoint is public/index.php.
This means that you can access via web server everything under public directory (like javascript/css files and image assets).
The storage directory is one level up and there is no way to access it.
In the discussion you mention the url http://www.somedomainname.net/images/users/userImage.jpg refers to the file userImage.jpg under /your/document/root/laravel/app/public/images/users by default, so the storage directory is not even read.
Laravel, though, will let you link the storage/app/public directory inside the public/storage directory, using the command php artisan storage:link, but that's it.

Storing images in storage folder of laravel, and fetching it by a http request is not working

I have deployed laravel application in heroku. I am storing images in storage folder of laravel and trying to fetch it by defining a route. It was working well on local, but when i trying to do the same on server, then its not showing the images. I thought that storage folder is inside the laravel, so it should work fine, but its not working.
Can i store images in public folder by creating a named folder "gallery" inside that and put that gallery folder in gitignore. so will the gitignore folder be vanished when i will push the laravel project again?
Other options are using another file system. Most of them are paid, so i was thinking to save the images in database, is that the good idea or i should move to files only.
First of all, the storage directory should have right permission.
You should create a symbolic link from public/storage to storage/app/public.
Create the symbolic link:
php artisan storage:link
You cannot save images in database, only their names or links etc. I implemented the same thing you did by naming the files to their path and storing that to the database and then using it to fetch the data from folder on sever

Secure upload files in Laravel

I have a Laravel 5 project in which I am uploading files in database in Medium Blob format.
But uploading files in database takes some extra time to execute.
Uploading files in database is a secured way to keep files safe from crawlers or some bots.
I have tried to Upload files to the Public folder. But the crawlers can open these files.
Is there any possible way to upload files in the file system?
So that the Crawlers cannot open these files.
I want these files to be Secured
you can upload them outside of the public scope. For example, storage/ folder is a good place. Also, you can grab them using the file system manager. Take a look:
$image = \Storage::get('file.jpg');
Edit
A correct laravel installation just allow the content of public/ to be accesible via web browser. If other directories as storage/ or resources/ are public too, then you installation is really incorrect.
Said that, once you upload the files in storage/ folder nobody can access them except by you using the \Storage facade. When you call for example \Storage::get('file.jpg'); it returns an stream of bits that you can allocate them in a temporary folder and then display it in the webside. Once the request has finished, the image will disappear again from public domain.
No need to change the directory this can be achieved by two ways
LazyOne Answer using .htaccess
AND
Using robots.txt
I will suggest to implement both .htaccess and robots.txt as some cheap crawlers ignore robots.txt but they can't ignore .htaccess
You can follow this method
image-accessibility-for-authenticated-users-only
As this only allows authorized uses to view image

Resources