仅通过身份验证中间件和基于令牌的身份验证访问存储文件夹中的文件 [英] Access files in storage folder only through Auth Middleware and Token based authentication

问题描述

我的Laravel网站中有以下文件夹.

I have following folder in my Laravel website.

/storage/Asset/Media

/storage/Asset/Media

此文件夹可以包含以下信息

This folder can have info like below

/storage/Asset/Media/1/abc.png

/storage/Asset/Media/1/abc.png

/storage/Asset/Media/2/abc.png

/storage/Asset/Media/2/abc.png

这里1或2是文件夹名称.

Here 1 or 2 is the folder names.

我有以下代码来保护文件夹的安全，以便没有身份验证的人无法访问该文件夹

I have following code to secure the folder so that nobody can access the folder without authentication

Route::group(['middleware' => ['web', 'auth']], function () {
    Route::get('/storage/Asset/Media/{ID}/{eded}', array(
        'as' => 'Files',
        'uses' => 'User\Account\Media\MediaController@DownloadMedia',
    ));
});

因此，在浏览器未终止用户会话之前，没有人可以访问文件.

so in this way nobody can access the files until user's session is not expired in a browser.

问题在Android中，因此由于Auth Middleware，现在没有人可以访问文件.

Issue is in Android, so now nobody can access the files due to Auth Middleware.

有人可以建议这种方法，使文件可以通过基于令牌的身份验证(通过Android)以及使用身份验证控制器(通过网站)进行下载吗?

Can somebody suggest the approach such that, files can be accessible to download via Token Based Authentication(through Android) and also using Auth Controller(through Website)?

推荐答案

您不需要在routes.php中使用任何其他配置，如果您遵循此指南，一切都将正常工作:

You don't need to use any other config in routes.php, everything will work just fine if You follow this guide:

最简单的解决方案是创建名为api_token的列是users表.然后，当尝试从android设备访问资源时，只需将?api_token=<token>添加到您的URL中，其中<token>是users表中的api_token列.

The easiest solution would be to create column named api_token is users table. Then when trying to access resource from android device, just add ?api_token=<token> to Your URL, where <token> is a api_token column in Your users table.

例如: domain.com/storage/Asset/Media/1/2?api_token=123hello4secret

系统将尝试使用api_token == 123hello4secret搜索用户记录，因此只需将123hello4secret放入您的用户api_token字段中即可.

System will try to search for user record with api_token == 123hello4secret, so just put that 123hello4secret into Your user api_token field.

如果您想知道为什么要api_token作为列名，答案在这里:

If You wonder why You should api_token as column name, the answer is here: https://github.com/laravel/framework/blob/2a38acf7ee2882d831a3b9a1361a710e70ffa31e/src/Illuminate/Auth/TokenGuard.php#L45 Laravel will try to authorize You using api_token if it is found in request fields.

您还可以使用HTTP标头通过令牌进行授权:
标头示例:

Also You can use HTTP headers to authorize with token:
Header example:

Authorization: Bearer 123hello4secret

这篇关于仅通过身份验证中间件和基于令牌的身份验证访问存储文件夹中的文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！