如何在 Laravel 5 中保护图像不被公众看到? [英] How to protect image from public view in Laravel 5?
问题描述
我已经安装了 Laravel 5.0 并进行了身份验证.一切正常.
I have installed Laravel 5.0 and have made Authentication. Everything is working just fine.
我的网站仅对经过身份验证的会员开放.里面的内容只保护认证会员,但网站里面的图片不保护公众查看.
My web site is only open for Authenticated members. The content inside is protected to Authenticated members only, but the images inside the site is not protected for public view.
任何人直接写图片网址都可以看到图片,即使这个人没有登录系统.
Any one writes the image URL directly can see the image, even if the person is not logged in to the system.
http://www.somedomainname.net/images/users/userImage.jpg
我的问题:是否可以保护图像(上面的 URL 示例)不被公众查看,换句话说,如果图像的 URL 发送给任何人,则个人必须是会员并登录能够看到图像.
My Question: is it possible to protect images (the above URL example) from public view, in other Word if a URL of the image send to any person, the individual must be member and login to be able to see the image.
这可能吗?如何做到?
推荐答案
可以保护 Laravel 5.x 文件夹中的图像不被公共视图.
It is possible to protect images from public view in Laravel 5.x folder.
在
storage文件夹下创建images文件夹(我选择了storage文件夹,因为它已经有写权限,我可以在 Laravel 中上传图像时使用),例如storage/app/images.
Create
imagesfolder understoragefolder (I have chosenstoragefolder because it has write permission already that I can use when I upload images to it) in Laravel likestorage/app/images.
将要保护的图像从公共文件夹移动到新创建的 images 文件夹.您还可以选择其他位置来创建 images 文件夹,但不在公共文件夹内,但在 Laravel 文件夹结构中,但仍然是不在控制器文件夹内的逻辑位置示例.接下来,您需要创建一个路由和图像控制器.
Move the images you want to protect from public folder to the new created images folder. You could also chose other location to create images folder but not inside the public folder, but with in Laravel folder structure but still a logical location example not inside controller folder. Next you need to create a route and image controller.
创建路线
Route::get('images/users/{user_id}/{slug}', [
'as' => 'images.show',
'uses' => 'ImagesController@show',
'middleware' => 'auth',
]);
如果用户未登录,该路由会将所有图像请求访问权限转发到身份验证页面.
The route will forward all image request access to Authentication page if person is not logged in.
创建图像控制器
class ImagesController extends Controller {
public function show($user_id, $slug)
{
$storagePath = storage_path('app/images/users/' . $user_id . '/' . $slug);
return Image::make($storagePath)->response();
}
}
<小时>编辑(注意)
适用于使用 Laravel 5.2 及更新版本的用户.Laravel 引入了新的更好的方式来服务文件,开销更少(这种方式不会不重新生成答案中提到的文件):
For those who use Laravel 5.2 and newer. Laravel introduces new and better way to serve files that has less overhead (This way does not regenerate the file as mentioned in the answer):
文件回复
file 方法可用于显示文件,例如图像或PDF,直接在用户的浏览器中,而不是启动下载.这个方法接受文件的路径作为它的第一个参数和一个标头数组作为其第二个参数:
The file method can be used to display a file, such as an image or PDF, directly in the user's browser instead of initiating a download. This method accepts the path to the file as its first argument and an array of headers as its second argument:
return response()->file($pathToFile);
return response()->file($pathToFile, $headers);
<小时>
您可以根据自己的需要修改存储路径和文件/文件夹结构,这只是为了演示我是如何做到的以及它是如何工作的.
You can modify your storage path and file/folder structure as you wish to fit your requirement, this is just to demonstrate how I did it and how it works.
您还可以添加条件以仅显示控制器中特定成员的图像.
You can also added condition to show the images only for specific members in the controller.
还可以使用文件名、时间戳和其他变量对文件名进行哈希处理.
It is also possible to hash the file name with file name, time stamp and other variables in addition.
补充:有些人询问是否可以将此方法用作公用文件夹上传的替代方法,是的,这是可能的,但如本 答案.因此,即使您不打算保护它们,也可以使用相同的方法将图像上传到存储路径中,只需遵循相同的过程但删除 'middleware' =>;'认证',.这样你就不会在你的公共文件夹中授予 777 权限,并且仍然有一个安全的上传环境.同样提到的 answer 也解释了如何使用此方法无需身份验证,以防有人会使用它或提供替代解决方案.
Addition: some asked if this method can be used as alternative to public folder upload, YES it is possible but it is not recommended practice as explained in this answer. So the same method can be also used to upload images in storage path even if you do not intend to protect them, just follow the same process but remove 'middleware' => 'auth',. That way you won't give 777 permission in your public folder and still have a safe uploading environment. The same mentioned answer also explain how to use this method with out authentication in case some one would use it or giving alternative solution as well.
这篇关于如何在 Laravel 5 中保护图像不被公众看到?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
