How does laravel implement authorized access to files?

Source: Internet
Author: User
There is a res directory under the public directory of laravel. if you want to check whether the user has the permission to access the images in it, but the user enters the address to access the file directly, do not pass authentication of auth middleware, for example: put an image in the res directory under public, routing...

There is a res directory under the public directory of laravel. I want to verify whether the user has the permission to access the images in it,
However, the address entered by the user will directly access this file and will not be authenticated by auth middleware,
For example, put an image in the res directory under public,

Route:

Route::get('/res/{res}', ['middleware' => 'auth', 'uses' => 'TestController@res']);

You can view images directly during access. how can you view images only by logged-on users?

I looked at the link of the pictures on my Baidu disk,
Is similar to this

http://thumbnail0.baidupcs.com/thumbnail/e9be0226a22b8a1ad721032ac0338bb3?fid=4079835327-250528-565979844600151&time=1467727200&rt=yt&sign=FDTAER-DCb740ccc5511e5e8fedcff06b081203-4mQdS41CM3TuSq6hpE8LIAn%2FiL0%3D&expires=2h&chkv=0&chkbd=0&chkpc=&dp-logid=4335431112578733428&dp-callid=0&size=c256_u256&quality=100

It seems that a hash value is produced for each image, which is verified based on the parameters in the route and route. after passing the hash value, the file is returned based on the hash value.
Which of the following can I ask about the specific implementation principle?

Reply content:

There is a res directory under the public directory of laravel. I want to verify whether the user has the permission to access the images in it,
However, the address entered by the user will directly access this file and will not be authenticated by auth middleware,
For example, put an image in the res directory under public,

Route:

Route::get('/res/{res}', ['middleware' => 'auth', 'uses' => 'TestController@res']);

You can view images directly during access. how can you view images only by logged-on users?

I looked at the link of the pictures on my Baidu disk,
Is similar to this

http://thumbnail0.baidupcs.com/thumbnail/e9be0226a22b8a1ad721032ac0338bb3?fid=4079835327-250528-565979844600151&time=1467727200&rt=yt&sign=FDTAER-DCb740ccc5511e5e8fedcff06b081203-4mQdS41CM3TuSq6hpE8LIAn%2FiL0%3D&expires=2h&chkv=0&chkbd=0&chkpc=&dp-logid=4335431112578733428&dp-callid=0&size=c256_u256&quality=100

It seems that a hash value is produced for each image, which is verified based on the parameters in the route and route. after passing the hash value, the file is returned based on the hash value.
Which of the following can I ask about the specific implementation principle?

Laravel only processes the/public/index. php entry. The image file you mentioned is not in index. php. Laravel doesn't care;

Unless you put the image access in a controller, such as/Img/locaiton? User = xxx & name = iiii to access ImgController. php: You can read the image and display it on your own. you can add auth and OK (be sure not to put the image under/public and put it under the public Directory at the same level)

Public/All files except index. php are pure static files, which are not included in the Laravel route.

As for Baidu's network disk, the hash parameter and the expiration time of all files are read, you can implement it in your own way and add what you want

Use WebServer for rewrite. after passing through a controller php, Auth: check in this controller.

Files that require access control should not be stored in the public directory, but under the storage directory, so that external access is impossible.

You can implement a controller to authenticate the access permission. If yes, you can output the binary data of the image through the HTTP transmission stream as you want.

Laravel (or Symfony) already provides this type of Response. you can refer to the document to find the corresponding API.

Most of the image permission verification and anti-Leech processing methods you know are the same.

Above.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.