-1

I have a laravel application (5.4)

Every user has a folder under /public where the admin can upload (via FTP) some videos for the users to see. Every user have different Videos.

The problem i have now is, that everything in the public folder is accessible. Also if the user is not logged in. How to avoid this?

hatemjapo
  • 800
  • 3
  • 8
  • 30
  • you need to store them as private files, then when user hits a link you make sure it is logged and have access to the link – Hussein May 06 '18 at 07:59

1 Answers1

0

let's suppose we have 2 users with these usernames:

  • john
  • Sarah

then you would have 2 folders:

  • storage/app/john
  • storage/app/sarah

now to access john's files, you should have in your routes/web.php the following:

Route::get('/file/{username}/{name}','FilesController@getFile');

then in the FilesController add this function:

public function getFile($username,$name){
   if(!Auth::user()){
       //user is not logged in
       return response(null,403)
    }
   $auth_user = Auth::user()->username;
   if($username === $auth_user){
    //continue with the request

      $exists = Storage::disk('local')->exists($username .'/'. $name);
     if(!$exists){
         // file not found
         return response(null,404);
     }
      $file = Storage::get($username .'/'. $name);
      return response($file);
   }else{
     // the user doesn't have access
   }
}

i didn't test this so if you had issues let me know

More on laravel storage

Hussein
  • 1,143
  • 1
  • 9
  • 16
  • Thx for the solution. Every logged in user can access their videos and cant access other users videos. The problem is, when i change the url to the mp4 file, also if no one is logged in, i can see it. Moving it to the storage folder and i have no access on it, also when logged in. – hatemjapo May 06 '18 at 11:16
  • you only can access the files through this function, direct link to the file won't work because it's not in the `storage/app/public` folder – Hussein May 06 '18 at 13:40
  • so how is it possible to pass the files to the video or img tag in html? – hatemjapo May 06 '18 at 16:02
  • through this `return response()->file(storage_path('app',$username .'/'. $name));` – Hussein May 06 '18 at 16:05