Has*_*qib 10 laravel laravel-5
我是Laravel的新手并尝试存储私有映像,以便只有经过身份验证的用户才能访问它们.首先,我将图像存储在Public/UserImages文件夹中.但是这里所有图片都可供未经身份验证的用户访问,也可以访问Inspect Element of chrome然后更改用户ID.请帮帮我...
ken*_*ler 11
以下是我如何解决在Laravel 5中存储图像的问题,以便只有经过身份验证的用户才能查看图像.未经过身份验证的人员将被定向到登录页面.我的服务器是Ubuntu/Apache2服务器.
创建目录/ var/www/YOURWEBSITE/app/Assets/Images
添加路线到app/Http/routes.php.
Route::get('/images/{file}','ImageController@getImage');
创建一个控制器app/Http/Controllers/ImageController.php
<?php
namespace App\Http\Controllers;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Auth;
class ImageController extends Controller {
public function __construct()
{
$this->middleware('auth');
}
public function getImage($filename) {
$path = '/var/www/YOURWEBSITE/app/Assets/Images/'.$filename;
$type = "image/jpeg";
header('Content-Type:'.$type);
header('Content-Length: ' . filesize($path));
readfile($path);
}
}
在您的视图中,您有img标签,其中包含:
src="{{ url('/images/test.jpg') }}"
这当然假设test.jpg是/ var/www/YOURWEBSITE/app/Assets/Images /中的文件
您当然可以添加更多逻辑,例如不对图像路径进行硬编码等.这只是一个强制执行身份验证的简单示例.请注意在控制器构造函数中使用中间件('auth').
小智 8
几天前我遇到了同样的问题并提出了这个解决方案:
您要做的第一件事是将文件上传到非公共目录.我的应用程序正在存储扫描的发票,所以我要把它们放在里面storage/app/invoices.上传文件和生成网址的代码如下:
// This goes inside your controller method handling the POST request.
$path = $request->file('invoice')->store('invoices');
$url = env('APP_URL') . Illuminate\Support\Facades\Storage::url($path);
返回的网址应该会产生类似http://yourdomain.com/storage/invoices/uniquefilename.jpg的内容
现在,您必须创建一个使用该控制器的控制器,auth middleware以确保用户通过身份验证.然后,定义一个从私有目录中获取文件并将其作为文件响应返回的方法.那将是:
<?php
namespace App\Http\Controllers;
use Illuminate\Support\Facades\Storage;
class FileController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function __invoke($file_path)
{
if (!Storage::disk('local')->exists($file_path)) {
abort(404);
}
$local_path = config('filesystems.disks.local.root') . DIRECTORY_SEPARATOR . $file_path;
return response()->file($local_path);
}
}
最后一件事是在routes/web.php文件中注册路由:
Route::get('/storage/{file_name}', 'FileController')->where(['file_name' => '.*'])
所以你有它,一个非常可重复使用的代码片段,用于处理私有文件的所有项目:)
要拥有私有文件(图像),您需要通过route => controller flow 提供文件。并且您的身份验证中间件将处理身份验证和权限。如果需要进一步的授权,请在控制器中进行处理。
在这里,我们可以采用一种方法来处理我们的所有文件[我个人不希望这样做]。我们可以使用这样的路由来做到这一点(就像通配符一样)。
Route::get('/storage/{filePath}', 'FileController@fileStorageServe')
->where(['filePath' => '.*'])
您也可以这样命名:
Route::get('/storage/{fileName}', 'FileController@fileStorageServe')
->where(['fileName' => '.*'])->name('storage.gallery.file');
否则,我们将为每种文件的类型/类别创建一个路由:(优点:您将能够更好地控制可访问性。(每种路由和资源的类型及其规则。如果要使用通配符路由来实现,我称之为),您需要有条件的块(否则,处理所有不同的情况。这是不必要的操作[直接转到正确的块,当路线分开时更好,此外,它还可以使您组织得更好权限处理])。
Route::get('/storage/gallery/{file}', 'System\FileController@getGalleryImage')
->name('storage.gallery.image');
外卡一
<?php
public function fileStorageServe($file) {
// know you can have a mapping so you dont keep the sme names as in local (you can not precsise the same structor as the storage, you can do anything)
// any permission handling or anything else
// we check for the existing of the file
if (!Storage::disk('local')->exists($filePath)){ // note that disk()->exists() expect a relative path, from your disk root path. so in our example we pass directly the path (/.../laravelProject/storage/app) is the default one (referenced with the helper storage_path('app')
abort('404'); // we redirect to 404 page if it doesn't exist
}
//file exist let serve it
// if there is parameters [you can change the files, depending on them. ex serving different content to different regions, or to mobile and desktop ...etc] // repetitive things can be handled through helpers [make helpers]
return response()->file(storage_path('app'.DIRECTORY_SEPARATOR.($filePath))); // the response()->file() will add the necessary headers in our place (no headers are needed to be provided for images (it's done automatically) expected hearder is of form => ['Content-Type' => 'image/png'];
// big note here don't use Storage::url() // it's not working correctly.
}
每条路线一
(最大的不同是参数,现在它仅引用文件名,而不引用存储磁盘根目录的相对路径)
<?php
public function getCompaniesLogo($file) {
// know you can have a mapping so you dont keep the sme names as in local (you can not precsise the same structor as the storage, you can do anything)
// any permission handling or anything else
$filePath = config('fs.gallery').DIRECTORY_SEPARATOR.$file; // here in place of just using 'gallery', i'm setting it in a config file
// here i'm getting only the path from the root (this way we can change the root later) / also we can change the structor on the store itself, change in one place config.fs.
// $filePath = Storage::url($file); <== this doesn't work don't use
// check for existance
if (!Storage::disk('local')->exists($file)){ // as mentionned precise relatively to storage disk root (this one work well not like Storage:url()
abort('404');
}
// if there is parameters [you can change the files, depending on them. ex serving different content to different regions, or to mobile and desktop ...etc] // repetitive things can be handled through helpers [make helpers]
return response()->file(storage_path('app'.DIRECTORY_SEPARATOR.($file))); // the response()->file() will add the necessary headers in our place
}
现在,您可以通过形成正确的URL进行检查(转到存储文件名之后的副本,并形成路由。它应该向您显示图像)
最后一件事:
通配符一
<img src="{{route('routeName', ['fileParam' => $storageRelativePath])}}" />
请注意,routeName在上面的示例中,此处为storage.file和fileParam将为filePath。例如,您从数据库获取$ storageRelativePath(通常就是这样)。
每条路线
<img src="{{route('routeName', ['fileName' => basename($storageRelativePath)])}}" />
相同,但我们仅提供文件名。
注意: 发送此类响应的最佳方法是使用response()-> file();。。那将在5.7文档中找到。针对Image :: make($ storagePath)-> response();的性能明智的做法 。除非您需要即时修改它。
您可以在以下媒体中查看我的文章:https : //medium.com/@allalmohamedlamine/how-to-serv-images-and-files-privatly-in-laravel-5-7-a4b469f0f706
| 归档时间: |
|
| 查看次数: |
12267 次 |
| 最近记录: |