F
Filament13mo ago
Matthew

Custom url links for file upload WITHOUT storage:link

Basically what I want to do, is retrieve files stored in storage without doing storage:link. The reason for that is because I dont want my folder to be public. After uploading an attachment, in a custom link in web.php with the help of a controller, I can retrieve the file like this: 
Route::get('/test/{filename}', [TestController::class,'show'])->middleware(['auth']);
Route::get('/test/{filename}', [TestController::class,'show'])->middleware(['auth']);
class TestController extends Controller
{
    public function show($filename)
    {
        /**
         * Sanitize and validate the filename input.. For example, a user might try to access files they shouldn't by
         * using ../ sequences in the filename (known as a directory traversal attack).
         */
        $filename = htmlspecialchars($filename);
    
        // Check if file exists in storage
        if (!Storage::disk('public')->exists($filename)) {
            abort(404);
        }
    
        // Additional checks (like user permissions) can go here
    
        // Serve the file directly from storage
        return Storage::disk('public')->response($filename);
    }
    
}
class TestController extends Controller
{
    public function show($filename)
    {
        /**
         * Sanitize and validate the filename input.. For example, a user might try to access files they shouldn't by
         * using ../ sequences in the filename (known as a directory traversal attack).
         */
        $filename = htmlspecialchars($filename);
    
        // Check if file exists in storage
        if (!Storage::disk('public')->exists($filename)) {
            abort(404);
        }
    
        // Additional checks (like user permissions) can go here
    
        // Serve the file directly from storage
        return Storage::disk('public')->response($filename);
    }
    
}
If the file exists (and the user is authenticated), then it will show. However, when previewing a FileUpload attachment(s), how can I override the default fetch url link that it uses such that it uses the test directory and not storage?
6 Replies
Lara Zeus
Lara Zeus13mo ago
"override the default fetch url link" you mean for the FileUpload component? or genreally to use other places?
Matthew
MatthewOP13mo ago
Yes for the FileUpload component What I mean by it is, that when FileUpload previews your attachments, then it uses APP_URL/storage/filename I dont want to use the default storage, or any other public storage. Just a url with a controller.
Lara Zeus
Lara Zeus13mo ago
I think you can use saveUploadedFileUsing to overwrite the upload but didnt find anything about the preview
awcodes
awcodes13mo ago
I think you’re over complicating this and need to look at the visibility options. Laravel supports private visibility of files in storage. You can also set the disk, directory and visibility on any file upload component.
Matthew
MatthewOP13mo ago
Hm, Im not sure how that will work Because iirc even with private visibilty I could still see the files
awcodes
awcodes13mo ago
Double check the laravel docs. If anyone could access private files then the visibility wouldn’t be relevant. It exists for a reason, you just have to use it in the right way.
Want results from more Discord servers?
Add your server