Authenticating PDF streaming via Laravel API - laravel

I have a Laravel API that generates a pdf. I am using laravel passport for the pdf. I want to stream the pdf in the browser not download it. I currently generate a pdf but it is open to the world, anybody would be able to to access the pdf. I want to add authentication for it. A user should be able to see his/her pdfs generated by my app and not any other user's pdfs.
My idea so far is to generate a personal access token for the user and pass it via the url.
Is this a good idea? Any other ideas I should consider on how to accomplish this?

Use laravel authentication to stop unauthorized access to routes, here is the documentation how you can do that,
https://laravel.com/docs/5.6/authentication

Related

How to upload file to OneDrive using laravel

I am a beginner with Laravel. I'm tasked with uploading files to OneDrive, but I don't know of any way to upload files. Anyone has an idea.
I tried searching GG and got some ways but I still don't get it. Can anyone give me any other ideas?
You can use the Microsoft Graph API to upload files to OneDrive from a Laravel application. Here's a general outline of the steps:
Register your application with Microsoft Azure to obtain a client ID and client secret.
Install the 'microsoft/microsoft-graph' package using Composer.
Obtain an access token for the Microsoft Graph API using your client ID and client secret.
Use the 'Graph' class to create a new 'DriveItem' object representing the file you want to upload, and set its contents.
Use the 'DriveItem' object's 'createUploadSession()' method to obtain an upload session URL.
Use Laravel's 'Illuminate\Http\UploadedFile' class to read the file contents and send a 'PUT' request to the upload session URL, using the 'X-Upload-Content-Length' and 'Content-Range' headers to specify the size and location of the uploaded data.
FOR MORE DETAILS: How to upload file to OneDrive using Laravel ?

Get laravel current user on external php website

I have created an application with Laravel 7 that contains users that can log in.
In parallel, I create a showcase site for the application (another domain) and essentially html/css.
I would like on this showcase site to propose login and registration buttons if there is no user connected to the laravel.Otherwise I would just like to propose a "Dashboard" button if a user is connected to the Laravel application.
How to do that? I confess that I'm a bit lost. Thanks for your help.
You need to create an API on the laravel app which will be used by the "showcase site".
To login and authorize themselves you can use JWT
to keep user data and use it on the showcase site you can either save them in
localstorage (just be careful not to save any sensitive data there as people can take that information in case of XSS vulnerable)
indexdb
cookies
None of these methods are safe. They can be exploited using XSS so i advice on using JWT to secure sensitive data.

is it possible to display image files that require a session on the server in chromecast?

I have an app that has user generated images, but to access these images, you need to log into the server, otherwise, if you try to access an image URL, you're redirected to the login page.
Is it possible to show these images in chromecast? The documentation only show examples using public URLs.
One approach is to login the user on your sender app and have your server create a (short lived) token or so and pass that back to your sender. Then pass along that token to chromecast and have chromecast use the token. For example, send a URL like "https://some.url.com/my-image.png?token=1234assadasfcrafctvawr32w34v" to your server, from chromecast, and have your server interpret that appropriately.
I am sure you can think of more sophisticated approaches but that is the basic idea.

Parse.com: How to Generate Facebook User Access Token from Cloud Code

I'm a novice developer and use Parse.com to power the backend of my iPhone app.
I was wondering if it was possible to manage Facebook OAuth issues from Parse's cloud code (my backend) using http requests or the Facebook JS SDK.
For example: a user's long-term access token becomes invalidated due to expiration. I would like to be able to generate a new access token on the backend, given that I have access to: the old access token, my app_id, my app_secret, and the user's facebookID.
Q1: is it possible to generate a user access token using an http request? I know that I can generate an app access token, but this is not what I want (https://developers.facebook.com/docs/facebook-login/access-tokens). If it is possible, what is the correct structure for the http request (I've spent several hours trying to find an example and haven't been able to).
Q2: if #1 is not possible, is it possible to use the Facebook JS SDK in Parse Cloud code? Parse has previously stated this is not supported since the Facebook JS SDK assumes/necessitates being executed from a browser, but wouldn't it be possible to mimic a browser and still have this function correctly? If so, please provide example code.
Thanks!
Looks like this question has been answered already here: https://parse.com/questions/cloud-code-how-to-get-current-users-facebook-access-token
Parse.User.current().get('authData')['facebook']

Post Image through Graph API change Via Link

I am using a facebook php SDK to post image to users album using the user access token. First we will generate the token and then post the image. My issue is that posting image works fine but below each image on right side, facebook adds a link 'via MY APPLICATION NAME'.This link redirects user to my application page in facebook (http://www.facebook.com/apps/application.php?id=APPLICATION ID). I want to change this link to point to my personal website URL (www.abc.com).
Please let me know if this is possible.
I've seen other apps do it, and am looking for the same thing. I've glanced over all the app settings, and am currently reading the api trying to figure it out. It's probably going to be something stupid like deleting all the other urls to force it to default to your site url in the app settings...Let me know if you have any luck with this.

Resources