Home >Backend Development >PHP Tutorial >How to implement authorized access to files in laravel?
There is a res directory in the public directory of laravel. I want to verify whether the user has permission when accessing the pictures in it.
But the user will directly access the file when entering the address, without going through the auth middleware. Identification,
For example: put an image in the res directory under public, as shown in the figure
Routing:
<code>Route::get('/res/{res}', ['middleware' => 'auth', 'uses' => 'TestController@res']);</code>
You can see the pictures directly when you visit. How to ensure that only logged-in users can see the pictures?
I looked at the link to the picture in my Baidu disk,
it was similar to this
<code>http://thumbnail0.baidupcs.com/thumbnail/e9be0226a22b8a1ad721032ac0338bb3?fid=4079835327-250528-565979844600151&time=1467727200&rt=yt&sign=FDTAER-DCb740ccc5511e5e8fedcff06b081203-4mQdS41CM3TuSq6hpE8LIAn%2FiL0%3D&expires=2h&chkv=0&chkbd=0&chkpc=&dp-logid=4335431112578733428&dp-callid=0&size=c256_u256&quality=100</code>
It seems to generate a hash value for each image, then verify it based on the routing and parameters in the routing, and return the file based on the hash after passing it.
Can anyone tell me the specific implementation principle?
There is a res directory in the public directory of laravel. I want to verify whether the user has permission when accessing the pictures in it.
But the user will directly access the file when entering the address, without going through the auth middleware. Identification,
For example: put an image in the res directory under public, as shown in the figure
Routing:
<code>Route::get('/res/{res}', ['middleware' => 'auth', 'uses' => 'TestController@res']);</code>
You can see the pictures directly when you visit. How to ensure that only logged-in users can see the pictures?
I looked at the link to the picture in my Baidu disk,
it was similar to this
<code>http://thumbnail0.baidupcs.com/thumbnail/e9be0226a22b8a1ad721032ac0338bb3?fid=4079835327-250528-565979844600151&time=1467727200&rt=yt&sign=FDTAER-DCb740ccc5511e5e8fedcff06b081203-4mQdS41CM3TuSq6hpE8LIAn%2FiL0%3D&expires=2h&chkv=0&chkbd=0&chkpc=&dp-logid=4335431112578733428&dp-callid=0&size=c256_u256&quality=100</code>
It seems to generate a hash value for each image, then verify it based on the routing and parameters in the routing, and return the file based on the hash after passing it.
Can anyone tell me the specific implementation principle?
Laravel itself only handles the entrance of /public/index.php. The image file you mentioned is not in index.php, Laravel does not care;
Unless you put the image access in a controller, such as /Img/locaiton?user=xxx&name=iiii, access ImgController.php like this, you can just read the image and display it yourself, and you can add auth yourself. (Be careful not to put the picture under /public, put it in the same directory as public)
Except for index.php, the other files in public/ are purely static files and are not included in Laravel routing at all
As for the hash parameters of Baidu Netdisk, they are the address and expiration time of the read file. You can implement it in your own way. Add whatever you want
Use WebServer to do rewrite, pass through a controller php, and Auth:check in this controller.
Files that require controlled access should not be placed in the public directory, but in the storage directory, so that it is impossible to access them directly from the outside.
You can implement a controller to authenticate the visitor's permissions. If it is consistent, you can output the image binary data through the HTTP transport stream in the form you want.
Laravel (Symfony to be precise) already provides this type of Response. You can read the documentation to find the corresponding API.
Most of the image permission verification and hotlink prevention methods you know are like this.
Above.