Include basic handling for improper unique/file IDs.

mcab · mcab · commit 6ff798c2854e · 2017-05-12T16:13:21.000-04:00
diff --git a/app/Http/Controllers/FilesController.php b/app/Http/Controllers/FilesController.php
@@ -41,4 +41,14 @@ public function store()
 
         return back();
     }
+    public function get($unique_id, $file_id)
+    {
+        if ($unique_id !== auth()->user()->unique_id){
+            return back();
+        }
+        if (! \Storage::disk('public')->exists($unique_id . '/' . $file_id)) {
+            return back();
+        }
+        return \Storage::url($unique_id . '/' . $file_id);
+    }
 }
diff --git a/routes/web.php b/routes/web.php
@@ -20,4 +20,4 @@
 Route::get('/home', 'HomeController@index')->name('home');
 Route::get('/files', 'FilesController@index')->name('files');
 Route::post('/files', 'FilesController@store');
-Route::get('/files/{unique_id}/{file_id}', 'FilesController@get');
+Route::get('/storage/{unique_id}/{file_id}', 'FilesController@get');

Original file line number	Diff line number	Diff line change
`@@ -41,4 +41,14 @@ public function store()`
`41`	`41`
`42`	`42`	`return back();`
`43`	`43`	`}`
	`44`	`+ public function get($unique_id, $file_id)`
	`45`	`+ {`
	`46`	`+ if ($unique_id !== auth()->user()->unique_id){`
	`47`	`+ return back();`
	`48`	`+ }`
	`49`	`+ if (! \Storage::disk('public')->exists($unique_id . '/' . $file_id)) {`
	`50`	`+ return back();`
	`51`	`+ }`
	`52`	`+ return \Storage::url($unique_id . '/' . $file_id);`
	`53`	`+ }`
`44`	`54`	`}`