发表新帖
发表新帖

Laravel Access Images outside public folder

后端 未结
关注
3 1345
借酒劲吻你
借酒劲吻你 2021-01-23 02:05

I need to store images in a backend for logged in users. The stored images need to be protected and not visible from the outside (public). I choosed a \"storage\" folder for thi

3条回答
  • 谎友^
    谎友^ (楼主)
    2021-01-23 02:46

    While dealing with user file uploads in web applications, the major aspect is about user's content's security. One should use secure way to upload private files of a user in web applications.

    As in your case, you want to access user's image outside public folder. This can be done in a most secure way as given below.

    First of all create a directory right in the root directory of Laravel (where the public folder is located), let the directory's name be uploads. Use this directory to upload private user files.

    In the case of images create an another directory inside uploads as uploads/images/ inside uploads directory so that you can have a different storage locations for different type of files.

    Remember to upload the image in images directory with a different name and without their extensions so that it looks like a extension-less file. Keep the file name and its extension in the database which can be used later to retain image's location.

    Now you need to create a separate route to show user's image.

    Route::get('users/{id}/profile_photo', 'PhotosController@showProfilePhoto')->name('users.showProfilePhoto');

    PhotosController.php

    class PhotosController extends Controller {

    private $image_cache_expires = "Sat, 01 Jan 2050 00:00:00 GMT";
    public function showProfilePhoto($id) {
      $user = User::find($id);
      $path = base_path() . '/uploads/images/';

      if($user && $user->photo) // Column where user's photo name is stored in DB
      {
        $photo_path = $path . $user->photo; // eg: "file_name"
        $photo_mime_type = $user->photo_mime_type; // eg: "image/jpeg"
        $response = response()->make(File::get($photo_path));
        $response->header("Content-Type", $photo_mime_type);
        $response->header("Expires", $this->image_cache_expires);
        return $response;
      }
      abort("404");
    }

}

    The method above inside PhotosController - showProfilePhoto($user_id) will run as soon as you access the route named - users.showProfilePhoto.

    Your HTML code will look like this.

    Alter Text Here

    The above code will work like a charm and the image will be shown to the user without declaring/publishing the proper image path to public. According to me this is the secure way to deal with file uploads in web applications.

    0 讨论(0)
 看不清?
提交回复
热议问题