Wallace Maxters

Posted on Feb 14, 2021 • Edited on Feb 17, 2021 • Originally published at wallacemaxters.com.br

Protect user uploads with Laravel

#laravel #php

In the Laravel, you can protect your uploaded files access, restricting by authenticated user, with a simple code.

Move the uploaded file to local disk:

$path = $request->file('file')->store('photos', ['disk' => 'local']);
return Photo::create(['path' => $path]);

Route::get('photo/{id}', function (Photo $photo) {

    $disk = Storage::disk('local');

    return response($disk->get($photo->path), 200, [
        'content-type' => $disk->mimeType($photo->path)
    ]);

})->middleware('auth');

Top comments (1)

Guilherme Nascimento • Feb 14 '21

Does this isolate files between different users? Maybe using something with Illuminate\Auth\Access\HandlesAuthorization or controlling it by the Model itself is better or even using the user ID as a subfolder could solve.

How to run PHP on AWS ServerLess architecture ? Part 2 - introducing Bref runtime

Paul SANTUS - Oct 7

PHP, O elefante que não cai!

Dário Prazeres - Oct 7

How to run PHP on AWS ServerLess architecture ? Part 1 - What's serverless?

Paul SANTUS - Oct 7

PHP 8.4 First Release Candidate Released! New PHP Release Cycle Strategy Adopted

ServBay - Oct 7

DEV Community