In this episode, we dive into how to let users securely download files related to their purchases. First up, we build out a simple unordered list to display all files linked to a product, then make each file item a clickable link.
But we don't want just anyone to be able to download these files! So, we create a special route and controller method to handle the file downloads by their ID, using Laravel's Storage
facade to serve up the files with their proper names.
Just having a direct download link would be insecure, so we take it a step further and generate temporary signed routes. This way, each download link is only valid for a short period (like 10 minutes), making it way harder to share or guess download URLs.
We test out the link—at first, it works for anyone, but then we protect it by checking the signature on each request. If the link is expired or doesn't have the right signature, we abort with a 401 error. Only authorized users, from their unique sales page, with the right signed link, can now download the files. Super secure, but user-friendly!