Build a File Marketplace with Laravel
This episode is for members only

Sign up to access "Build a File Marketplace with Laravel" right now.

Get started
Already a member? Sign in to continue
Playing
31. Creating and validating the product download page

Episodes

0%
Your progress
  • Total: 3h 32m
  • Played: 0m
  • Remaining: 3h 32m
Join or sign in to track your progress
01. Introduction and setting up
01. Introduction and demo
5m 51s
0%
02. A fresh project with Laravel Breeze
4m 29s
0%
02. Onboarding with Stripe
03. The onboarding screen
7m 17s
0%
04. Registering the Stripe PHP library
3m 43s
0%
05. Automatically creating Stripe accounts for your users
3m 11s
0%
06. Forwarding users to Stripe Connect
4m 36s
0%
07. Verifying if payouts are enabled
2m 24s
0%
03. Creating products
08. Setting up and listing products
10m 54s
0%
09. Installing Livewire
2m 49s
0%
10. Building the product creation form
15m 1s
0%
11. Automatically generating the slug from the product title
1m 28s
0%
12. Validating and creating a product
6m 23s
0%
13. Handling product file uploads
8m 14s
0%
14. Attaching files to a product
6m 45s
0%
04. Editing products
15. Creating the product edit form
5m 4s
0%
16. Reviving product state
5m 21s
0%
17. Showing and modifying existing files
7m 55s
0%
18. Pulling together the product update process
4m 20s
0%
19. Flashing an update message
4m 57s
0%
05. User subdomains
20. Adding a user subdomain on registration
10m 54s
0%
21. Subdomain routing basics
6m 47s
0%
22. Adding a string macro to properly display the user's name
3m 32s
0%
23. Listing the user's live products
3m 49s
0%
06. Product checkout
24. Showing the product page
10m 35s
0%
25. Creating the checkout success page
3m 57s
0%
26. Starting the checkout flow
9m 22s
0%
07. Storing sales
27. Handling Stripe webhooks
12m 1s
0%
28. Storing product sales
10m 15s
0%
29. Sending a confirmation email to customers
4m 30s
0%
30. Securing Stripe webhooks
4m 32s
0%
08. Accessing purchased files
31. Creating and validating the product download page
3m 54s
0%
32. Displaying and downloading files
4m 50s
0%
09. Sales dashboard
33. Calculating and displaying download stats
6m 6s
0%
34. Listing through sales
7m 3s
0%

Transcript

00:00
We finished up creating the sale, sending the email, now we need to allow the user to click on access files, go through to a page on our app which allows them to see all of the files and access these. So we're going to head over back to our main app because this is where we're going to create this page and let's create out a route here which is going to handle this for us.
00:20
So we're going to call this slash sales and then it's going to be the sale in here but it's going to take the token in, that's the reason we generated that token. Imagine if we had an id here that would be really easy to guess, so the token makes it a little bit harder for the sale page to be accessed by just anyone.
00:38
Okay so I'm just going to comment this out and we're going to generate out a controller in here, we can actually cancel off expose as well and we're going to make out a controller in here called sale show controller and let's create that out. So we can go ahead and hook this up now, sale show controller
00:56
and let's go ahead and give this a name, we'll call this sales.show. Okay so over in the sale show controller let's go ahead and create out an invoke magic method and for this we're just going to return a view and let's put them the sales and show. So let's create this page out really quickly, so under our views,
01:15
new folder called sales and show.blade.php. Okay so once again this is going to be a really simple page, let's just grab maybe the home page for this and we'll put that inside of here and we'll just write sale.
01:32
Okay so if we just come over to slash sales, let's go ahead and find out a sale token from in here, it can be any of these it doesn't really matter, but let's go ahead and just pop that into here and we see sale. So we know that this is successfully worked because if we just chose anything here
01:49
and we actually hooked up over in the sale show controller, the sale model being resolved out of the database, if we give that a refresh we get 404 not found. If we go back to this one, sure enough it's found, so we know that we now have a valid sale in here
02:07
which we can start to extract products from. What we could also do to make this page a little bit harder to guess is maybe add in the email address of the user who has purchased this. So I'm going to go ahead and add in the email address at the end here within the query string
02:22
and we could create out a really simple abort if and say that if the email address doesn't match here we're just going to kill the page. So let's go ahead and bring in our request object here and what this will do is it will abort the entire request,
02:40
much like you'd find if you just used something like abort in Laravel with some kind of status code if the condition in here is true. So we're going to go ahead and say request email which is what we just put in the query string and we're going to say if that doesn't equal the sale email we're going to abort with a 403.
02:59
So let's try this out, if we give this a refresh it works but let's say we had alex at cocos.co.uk we get a 403 forbidden. So that just adds another layer of protection onto what we have here just to make sure these two things match up and we can actually access the sale.
03:17
So let's go ahead and just pass the sale down into this template and let's just fill in a couple of details here. So the header at the top here let's go ahead and create out a maybe just a paragraph for this, so let's create a paragraph out here and let's just say thanks for purchasing
03:35
and we can say sale product title and just after this we'll say from and again because we've got all of our relationships set up we can make this a little bit more friendly with a bit more information, sale product user and name. So if we head over there we go.

Episode summary

In this episode, we're building the product download page—the place your customers land when they click the "Access files" button from their purchase email. We'll walk through setting up a dedicated route and controller just for these download links, and talk a bit about why using a unique token (not just an easily guessable ID) is important for keeping things secure.

You'll see how we return the download page view only if the token matches a real sale record. Then, we go a step further: to keep things extra safe and make sure only the rightful buyer gets their product, we add a simple email address verification in the query string. We show you how to check if the provided email matches the one stored on the sale, and if not, we simply abort the request with a 403 error—locking out anyone who tries to snoop or guess their way into a download!

After all the security checks are in place, we make the download page a bit more welcoming. We'll pass key sale and product details to the template so it can thank the buyer by name and show the product info, along with the creator's name. By the end, you'll have a fully functional and secure product download page ready to go!

Episode discussion

No comments, yet. Be the first!