Displaying images from the storage folder in laravel

Question

I don't want to publicly access able my user photos but I want to show them on the admin panel. How?

I try this :

Storage::get($fileName);

My .htaccess:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]  

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]   

</IfModule>

Answer 1

.htaccess would look this way:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_URI} ^.+?/?assets/images [NC]
    RewriteRule ^ index.php [L]   

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]   

</IfModule>

In the above the important lines are:

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} ^.+?/?assets/images [NC]
RewriteRule ^ index.php [L]

It says if the current request is of assets/images and if the request is a file name, then pass it to index.php which will basically go to the routes/web.php .

routes/web.php:

Route::middleware(['admin-access'])->group(function(){
    Route::get('assets/images/{file_name}',function($file_name){
        header('Content-type:image/jpeg');// can improve to detect file extension and render accordingly.
        readfile(public_path() . DIRECTORY_SEPARATOR . 'assets' . DIRECTORY_SEPARATOR . 'images' . DIRECTORY_SEPARATOR . $file_name);
        exit;
    });
});

Above route suggests that if the request is passed by admin-access , then only load the image.

AdminAccess Middlware:

<?php

namespace App\Http\Middleware;

use Closure;
use Auth;

class AdminAccess
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next){
        if(Auth::user->isAdmin()){ // or whatever you do to check
          return $next($request);    
        }

        return response("Permission denied.",403);
    }
}

Make sure you add admin-access in kernel.php as well.

protected $routeMiddleware = [
        'admin-access' => \App\Http\Middleware\AdminAccess::class,
        ....
]