Home >Backend Development >PHP Tutorial >How to implement authorized access to files in laravel?

How to implement authorized access to files in laravel?

WBOY
WBOYOriginal
2016-07-06 13:51:141286browse

There is a res directory in the public directory of laravel. I want to verify whether the user has permission when accessing the pictures in it.
But the user will directly access the file when entering the address, without going through the auth middleware. Identification,
For example: put an image in the res directory under public, as shown in the figure
How to implement authorized access to files in laravel?

Routing:

<code>Route::get('/res/{res}', ['middleware' => 'auth', 'uses' => 'TestController@res']);</code>

You can see the pictures directly when you visit. How to ensure that only logged-in users can see the pictures?
How to implement authorized access to files in laravel?

I looked at the link to the picture in my Baidu disk,
it was similar to this

<code>http://thumbnail0.baidupcs.com/thumbnail/e9be0226a22b8a1ad721032ac0338bb3?fid=4079835327-250528-565979844600151&amp;time=1467727200&amp;rt=yt&amp;sign=FDTAER-DCb740ccc5511e5e8fedcff06b081203-4mQdS41CM3TuSq6hpE8LIAn%2FiL0%3D&amp;expires=2h&amp;chkv=0&amp;chkbd=0&amp;chkpc=&amp;dp-logid=4335431112578733428&amp;dp-callid=0&amp;size=c256_u256&amp;quality=100</code>

It seems to generate a hash value for each image, then verify it based on the routing and parameters in the routing, and return the file based on the hash after passing it.
Can anyone tell me the specific implementation principle?

Reply content:

There is a res directory in the public directory of laravel. I want to verify whether the user has permission when accessing the pictures in it.
But the user will directly access the file when entering the address, without going through the auth middleware. Identification,
For example: put an image in the res directory under public, as shown in the figure
How to implement authorized access to files in laravel?

Routing:

<code>Route::get('/res/{res}', ['middleware' => 'auth', 'uses' => 'TestController@res']);</code>

You can see the pictures directly when you visit. How to ensure that only logged-in users can see the pictures?
How to implement authorized access to files in laravel?

I looked at the link to the picture in my Baidu disk,
it was similar to this

<code>http://thumbnail0.baidupcs.com/thumbnail/e9be0226a22b8a1ad721032ac0338bb3?fid=4079835327-250528-565979844600151&amp;time=1467727200&amp;rt=yt&amp;sign=FDTAER-DCb740ccc5511e5e8fedcff06b081203-4mQdS41CM3TuSq6hpE8LIAn%2FiL0%3D&amp;expires=2h&amp;chkv=0&amp;chkbd=0&amp;chkpc=&amp;dp-logid=4335431112578733428&amp;dp-callid=0&amp;size=c256_u256&amp;quality=100</code>

It seems to generate a hash value for each image, then verify it based on the routing and parameters in the routing, and return the file based on the hash after passing it.
Can anyone tell me the specific implementation principle?

Laravel itself only handles the entrance of /public/index.php. The image file you mentioned is not in index.php, Laravel does not care;

Unless you put the image access in a controller, such as /Img/locaiton?user=xxx&name=iiii, access ImgController.php like this, you can just read the image and display it yourself, and you can add auth yourself. (Be careful not to put the picture under /public, put it in the same directory as public)

Except for index.php, the other files in public/ are purely static files and are not included in Laravel routing at all

As for the hash parameters of Baidu Netdisk, they are the address and expiration time of the read file. You can implement it in your own way. Add whatever you want

Use WebServer to do rewrite, pass through a controller php, and Auth:check in this controller.

Files that require controlled access should not be placed in the public directory, but in the storage directory, so that it is impossible to access them directly from the outside.

You can implement a controller to authenticate the visitor's permissions. If it is consistent, you can output the image binary data through the HTTP transport stream in the form you want.

Laravel (Symfony to be precise) already provides this type of Response. You can read the documentation to find the corresponding API.

Most of the image permission verification and hotlink prevention methods you know are like this.

Above.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn