[FIXED] Laravel - Include assets on Middleware Auth

Issue

Inside my app, exist a route group called admin, any route inside this group call two resources: public/css/admin.css and public/js/admin.js, but any unauthenticated user has access to these files. How can I include these files inside the Auth Middleware?

My admin routes:

Route::group(['prefix' => 'admin', 'middleware' => ['auth']], function () {
    Route::get('/', 'Admin\IndexController@index')->name('panel');

    Route::group(['prefix' => 'users'], function() {});

    Route::group(['prefix' => 'settings'], function() {});

    Route::fallback('Admin\ExceptionController@exception');
});

My resources links:

http://localhost:3000/css/admin.css
http://localhost:3000/js/admin.js

My resources links should be:

http://localhost:3000/admin/css/admin.css
http://localhost:3000/admin/js/admin.js

If I just create the folder admin inside the public folder I just got a 403 error...

What can I do about it?

Solution

Update: Now we'll use storage instead of public directory.

Although I agree that you should not have any sensitive info in your css/js files but if you really want to serve the files to authenticated users you can do it with this work around.

NOTE: I have made the project publicaly avaiable on git so you can clone from there if you want. Git Repo

1. Create a directory for admin assets with permission 755
2. Create a helper function to serve admin assets.
3. Make the helper function available in blade.
4. Link the assets using the helper function in order to first authenticate and then serve the file.

Basic Idea:

• The basic idea is to have a directory which no one can access via browser.
• Authenticate the user
• Copy the files from protected directory.
• Paste the files in a new directory (in storage) only associated with the authenticated user.
• Delete the associated directory on user logout.

Implementation:

1. Created a directory called admin_assets in public directory.
2. Change the permission of the directory to 755.
3. Created a helper class named CommonHelper, and write functions to serve and delete admin assets.
4. Served the assets with these helper functions as following:

<link href="{{ asset( CommonHelper::serveAdminAssets('app.css', '/css/') ) }}" rel="stylesheet">

5. Deleted the files at logout.

Finally, as far as the user is logged in the files will be available for him/her, all files will be deleted from the folder once the user logs out.

CommonHelper class:

<?php
/**
 *
 */
use Illuminate\Support\Facades\File;
use Illuminate\Support\Facades\Storage;

class CommonHelper {
  public static function serveAdminAssets($fileName, $filePath) {

    if( Auth::check() ) {
      $adminAssetsBasePath = public_path().'/admin_assets';

      $source = $adminAssetsBasePath.$filePath.$fileName;

      $destDir = 'public/'.Auth::user()->id.$filePath;

      $dest = $destDir.$fileName;

      Storage::put($dest, file_get_contents($source));

      return Storage::url($dest);
    } else {
      return '';
    }
  }

  public static function removeAdminAssets($id) {

      $destDir = storage_path('app/public/'.Auth::user()->id);
      File::cleanDirectory($destDir);
      File::deleteDirectory($destDir);
  }
}
 ?>

Notes:

1. Remember, if you are using the local driver, all files that should be publicly accessible should be placed in the storage/app/public directory. Furthermore, you should create a symbolic link at public/storage which points to the storage/app/public directory. Docs

2. Before deleting a directory you should empty it first.

Answered By - Tahir Raza