DEV Community

Cover image for Protect user uploads with Laravel
Wallace Maxters
Wallace Maxters

Posted on • Updated on • Originally published at wallacemaxters.com.br

Protect user uploads with Laravel

#laravel #php

In the Laravel, you can protect your uploaded files access, restricting by authenticated user, with a simple code.

Move the uploaded file to local disk:

$path = $request->file('file')->store('photos', ['disk' => 'local']);
return Photo::create(['path' => $path]);
Enter fullscreen mode Exit fullscreen mode 
Route::get('photo/{id}', function (Photo $photo) {

    $disk = Storage::disk('local');

    return response($disk->get($photo->path), 200, [
        'content-type' => $disk->mimeType($photo->path)
    ]);

})->middleware('auth');
Enter fullscreen mode Exit fullscreen mode

Top comments (1)

Collapse
 
brcontainer profile image
Guilherme Nascimento

Does this isolate files between different users? Maybe using something with Illuminate\Auth\Access\HandlesAuthorization or controlling it by the Model itself is better or even using the user ID as a subfolder could solve.

Read next

mrdanishsaleem profile image

WordPress Conflict: What’s Happening Between WordPress.org and WP Engine?

Danish Saleem -

tramposo profile image

Unlocking PHP's Hidden Gems: 7 SPL Data Structures You Need to Know

Tramposo -

kachkolasa profile image

Creating Temporary URLs for Local Files in Laravel

Kachkol Asa -

carloseduardoalvesviana profile image

Inheritance vs. Composition in PHP πŸš—

Carlos Viana -