Laravel makes downloading a server file very easy, in this post I'm going to show a way to download files but only let authenticated users.
First, a route group is used to set up the auth middleware:
Route::group(['middleware' => 'auth'], function () {
Next create a dedicated download route:
Route::get('download', function () {
Collect a request:
$path = request('f');
Detect the file extension
$extension = pathinfo($path, PATHINFO_EXTENSION);
Create a blocked list array, this is a list of all extensions we won't allow to be downloaded.
$blocked = ['php', 'htaccess'];
If the requested file is not in the blocked array then download it.
if (! in_array($extension, $blocked)) {
//download the file
return response()->download($path);
}
Putting it all together:
//only logged in users can download
Route::group(['middleware' => 'auth'], function () {
//respond to route /download?f=path
Route::get('download', function () {
//get the GET request
$path = request('f');
//look at the extension of the file being requested
$extension = pathinfo($path, PATHINFO_EXTENSION);
//create an array of items to reject being downloaded
$blocked = ['php', 'htaccess'];
//if the requested file is not in the blocked array
if (! in_array($extension, $blocked)) {
//download the file
return response()->download($path);
}
});
});