如何在Laravel 5中保护图像免受公众观看? [英] How to protect image from public view in Laravel 5?
问题描述
我已经安装了Laravel 5.0并进行了身份验证.一切正常.
I have installed Laravel 5.0 and have made Authentication. Everything is working just fine.
我的网站仅对经过身份验证的成员开放.其中的内容仅受身份验证成员的保护,但网站内的图像不受公开查看的保护.
My web site is only open for Authenticated members. The content inside is protected to Authenticated members only, but the images inside the site is not protected for public view.
任何人直接写入图像URL都可以看到该图像,即使该人未登录系统也是如此.
Any one writes the image URL directly can see the image, even if the person is not logged in to the system.
http://www.somedomainname.net/images/users/userImage.jpg
我的问题:是否可以保护图像(上面的URL示例)不公开显示,换句话说,如果图像的URL发送给任何人,则该个人必须是成员并登录才能看到图像.
My Question: is it possible to protect images (the above URL example) from public view, in other Word if a URL of the image send to any person, the individual must be member and login to be able to see the image.
有可能吗?
推荐答案
可以从Laravel 5.x文件夹中的公共视图保护图像.
It is possible to protect images from public view in Laravel 5.x folder.
-
在Laravel中的
storage文件夹下创建images文件夹(我选择storage文件夹是因为它已经具有写权限,可以在上载图像时使用它)像storage/app/images.
Create
imagesfolder understoragefolder (I have chosenstoragefolder because it has write permission already that I can use when I upload images to it) in Laravel likestorage/app/images.
将要保护的图像从公用文件夹移动到新创建的images文件夹.您还可以选择其他位置来创建images文件夹,但不在公共文件夹内,而是使用Laravel文件夹结构,但仍然是逻辑位置示例,而不是在控制器文件夹内.接下来,您需要创建一个路线和图像控制器.
Move the images you want to protect from public folder to the new created images folder. You could also chose other location to create images folder but not inside the public folder, but with in Laravel folder structure but still a logical location example not inside controller folder. Next you need to create a route and image controller.
创建路线
Route::get('images/users/{user_id}/{slug}', [
'as' => 'images.show',
'uses' => 'ImagesController@show',
'middleware' => 'auth',
]);
如果未登录人员,则路由会将所有图像请求访问权限转发到身份验证"页面.
The route will forward all image request access to Authentication page if person is not logged in.
创建ImagesController
class ImagesController extends Controller {
public function show($user_id, $slug)
{
$storagePath = storage_path('app/images/users/' . $user_id . '/' . $slug);
return Image::make($storagePath)->response();
}
}
编辑(注意)
对于那些使用Laravel 5.2及更高版本的用户. Laravel引入了一种新的更好的方式来保留文件,这种方式开销较小(这种方式不会如答案中所述重新生成文件):
For those who use Laravel 5.2 and newer. Laravel introduces new and better way to serve files that has less overhead (This way does not regenerate the file as mentioned in the answer):
文件响应
file方法可用于显示文件,例如图像或 PDF,直接在用户的浏览器中进行,而不是启动下载. 此方法接受文件的路径作为其第一个参数,并接受 标头数组作为其第二个参数:
The file method can be used to display a file, such as an image or PDF, directly in the user's browser instead of initiating a download. This method accepts the path to the file as its first argument and an array of headers as its second argument:
return response()->file($pathToFile);
return response()->file($pathToFile, $headers);
您可以根据需要修改存储路径和文件/文件夹结构,这只是为了演示我是如何做到的以及它是如何工作的.
You can modify your storage path and file/folder structure as you wish to fit your requirement, this is just to demonstrate how I did it and how it works.
您还可以添加条件以仅显示控制器中特定成员的图像.
You can also added condition to show the images only for specific members in the controller.
还可以使用文件名,时间戳和其他变量对文件名进行散列.
It is also possible to hash the file name with file name, time stamp and other variables in addition.
添加:有人问是否可以使用此方法代替公用文件夹上载,可以,可以,但是不建议按照答案也解释了如何在没有身份验证的情况下使用此方法,以防有人使用它或提供其他解决方案.
Addition: some asked if this method can be used as alternative to public folder upload, YES it is possible but it is not recommended practice as explained in this answer. So the same method can be also used to upload images in storage path even if you do not intend to protect them, just follow the same process but remove 'middleware' => 'auth',. That way you won't give 777 permission in your public folder and still have a safe uploading environment. The same mentioned answer also explain how to use this method with out authentication in case some one would use it or giving alternative solution as well.
这篇关于如何在Laravel 5中保护图像免受公众观看?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
