Issue
Inside my app, exist a route group called admin
, any route inside this group call two resources: public/css/admin.css
and public/js/admin.js
, but any unauthenticated user has access to these files. How can I include these files inside the Auth Middleware?
My admin routes:
Route::group(['prefix' => 'admin', 'middleware' => ['auth']], function () {
Route::get('/', 'Admin\IndexController@index')->name('panel');
Route::group(['prefix' => 'users'], function() {});
Route::group(['prefix' => 'settings'], function() {});
Route::fallback('Admin\ExceptionController@exception');
});
My resources links:
http://localhost:3000/css/admin.css
http://localhost:3000/js/admin.js
My resources links should be:
http://localhost:3000/admin/css/admin.css
http://localhost:3000/admin/js/admin.js
If I just create the folder admin
inside the public
folder I just got a 403 error...
What can I do about it?
Solution
Update: Now we'll use storage instead of public directory.
Although I agree that you should not have any sensitive info in your css/js files but if you really want to serve the files to authenticated users you can do it with this work around.
NOTE: I have made the project publicaly avaiable on git so you can clone from there if you want. Git Repo
- Create a directory for admin assets with permission
755
- Create a helper function to serve admin assets.
- Make the helper function available in blade.
- Link the assets using the helper function in order to first authenticate and then serve the file.
Basic Idea:
- The basic idea is to have a directory which no one can access via browser.
- Authenticate the user
- Copy the files from protected directory.
- Paste the files in a new directory (in storage) only associated with the authenticated user.
- Delete the associated directory on user logout.
Implementation:
- Created a directory called
admin_assets
in public directory. - Change the permission of the directory to
755
. - Created a helper class named
CommonHelper
, and write functions to serve and delete admin assets. - Served the assets with these helper functions as following:
<link href="{{ asset( CommonHelper::serveAdminAssets('app.css', '/css/') ) }}" rel="stylesheet">
- Deleted the files at logout.
Finally, as far as the user is logged in the files will be available for him/her, all files will be deleted from the folder once the user logs out.
CommonHelper class:
<?php
/**
*
*/
use Illuminate\Support\Facades\File;
use Illuminate\Support\Facades\Storage;
class CommonHelper {
public static function serveAdminAssets($fileName, $filePath) {
if( Auth::check() ) {
$adminAssetsBasePath = public_path().'/admin_assets';
$source = $adminAssetsBasePath.$filePath.$fileName;
$destDir = 'public/'.Auth::user()->id.$filePath;
$dest = $destDir.$fileName;
Storage::put($dest, file_get_contents($source));
return Storage::url($dest);
} else {
return '';
}
}
public static function removeAdminAssets($id) {
$destDir = storage_path('app/public/'.Auth::user()->id);
File::cleanDirectory($destDir);
File::deleteDirectory($destDir);
}
}
?>
Notes:
Remember, if you are using the local driver, all files that should be publicly accessible should be placed in the storage/app/public directory. Furthermore, you should create a symbolic link at public/storage which points to the storage/app/public directory. Docs
Before deleting a directory you should empty it first.
Answered By - Tahir Raza
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.