可以在Laravel 5中保护图像不受public view的影响.x文件夹.
在Laravel的storage文件夹(I have chosen 101 folder because it has write permission already that I can use when I upload images to it)下创建images文件夹,如storage/app/images
将要保护的图像从公用文件夹移动到新创建的images文件夹.您也可以 Select 其他位置来创建images文件夹,但不在公用文件夹内,但具有in-Laravel文件夹 struct ,但仍然是逻辑位置示例,不在控制器文件夹内.接下来,您需要创建一个路由和图像控制器
Create Route
Route::get('images/users/{user_id}/{slug}', [
'as' => 'images.show',
'uses' => 'ImagesController@show',
'middleware' => 'auth',
]);
如果用户未登录,则路由会将所有图像请求访问转发到身份验证页面.
Create ImagesController
class ImagesController extends Controller {
public function show($user_id, $slug)
{
$storagePath = storage_path('app/images/users/' . $user_id . '/' . $slug);
return Image::make($storagePath)->response();
}
}
EDIT (NOTE)
For those who use Laravel 5.2 and newer. Laravel introduces new and better way to serve files that has less overhead (This way does not regenerate the file as mentioned in the answer):
File Responses
file方法可用于显示文件,如图像或
PDF,直接在用户浏览器中,而不是启动下载.
此方法接受文件的路径作为其第一个参数,并接受
作为其第二个参数的标头数组:
return response()->file($pathToFile);
return response()->file($pathToFile, $headers);
You can modify your storage path and file/folder structure as you wish to fit your requirement, this is just to demonstrate how I did it and how it works.
You can also added condition to show the images only for specific members in the controller.
It is also possible to hash the file name with file name, time stamp and other variables in addition.
Addition:一些人问,这种方法是否可以作为公用文件夹上传的替代方法,是的,这是可能的,但这不是本answer中解释的推荐做法.因此,同样的方法也可以用于上传存储路径中的图像,即使您不打算保护它们,只需遵循相同的过程,但删除'middleware' => 'auth',即可.这样,您就不会在公用文件夹中授予777权限,并且仍然有一个安全的上载环境.同样提到的answer还解释了如何在没有身份验证的情况下使用这种方法,以防有人会使用它或给出替代解决方案.