Allow front-end User to access protected files

- 1 answer

Ad

I want to be able to allow certain frontend users to access protected files. The frontend users is using https://github.com/rainlab/user-plugin

At the moment I can only see there are 2 options. Public and Protected. Public is too insecure as can be viewed by anyone and Protected is only available to backend users.

Is there any way I can auth a certain directory using routes.php in a plugin or solution to using User auth on protected files?

Here is an example of my route.php but not sure how to extend to auth.

$cmsStorage = AppConfig::get('cms.storage.uploads.path', '/storage/app/uploads');
$uploadsPath = $cmsStorage. '/privatefiles/{dir1}/{dir2}/{dir3}/{disk_name}';


Routes::get($uploadsPath, function ($dir1, $dir2, $dir3) {

// some login in here to return file


});
Ad

Answer

Ad

According to the documentation of the plugin, you can restrict access to certain routes by applying the Auth middleware as such:

Route::group(['middleware' => 'RainLab\User\Classes\AuthMiddleware'], function () {
    // All routes here will require authentication
});

So you can easily protect those routes that return a file response by placing them in the route group above.

Ad
source: stackoverflow.com
Ad