Sign up to access "Build a File Marketplace with Laravel" right now.

Then we'll go ahead and hook this up to a signed root, which means that it will have an expiry. So we're going to go ahead and save for each sale product files as file, and we'll iterate through each of them. So inside of here is going to be an anchor.

Let's create one out. And in here is, of course, going to be the file and the file name. So let's just go ahead and add in a class to this. We'll say text indigo 500.

And let's check this out. There we go. We can space things out here a little bit by adding in a space y6. And there we go.

Perfect. So the goal is to be able to click on this here, get a secure temporary link to a file download. How do we do that?

Well, we're going to have to go ahead and create out the root and controller to be able to download a file, first of all. So let's go ahead and say root get. And for this, we'll say slash files and then the file itself.

We can just do that by the ID if we want to. And of course, we're going to need a controller for this. So let's create out a really simple controller here to handle this. We'll call this file show controller.

And let's go ahead and just hook that up before we fill this stuff in. File show controller. And we're done. We'll just add a quick name onto this.

Of course, that's going to be files.show. OK, so the file show controller then, if we invoke this here, is basically going to download the file that we have given into here by its ID. So to do this, we're going to go ahead and return.

We're going to use the storage facade over in Laravel. And we're just going to say download. For this, we're going to pass in the file path. That's the path to this on our file system.

But then we want to give the name of the file in here as well. So that's just going to be the original file name. So let's hook this up. And then we'll look at securing it with a signed download URL.

So over in show here, let's hook this up to the route that we've just created, files and show. And of course, we're going to pass the file into there. So that on its own will work.

You can see that that will download that file that we've created. But now technically, anyone can guess this slash files slash. We just head over to our route here and the ID just here. So what we're going to do over in our show page here

is instead of just generating out a normal route, we're going to generate out a temporary signed route. How do we do this? Well, to do this, we use the URL facade.

Let's pull that in here. And we say temporary signed URL or in our case route, because this links through to a route. The route is file show and we just pass through the file as normal.

In the middle of here, though, we need to give an expiry. So we can use Laravel's now helper, which returns a carbon instance. And we can add an expiry onto this in minutes, in hours, whatever we want to do. For our case, let's just say 10 minutes.

So we want this link to be valid for 10 minutes. But of course, you can do something like add hours if you want to. OK, now we've done this. Let's just check out the difference.

If I click on this and we actually just copy the link address. Let's paste this into here. And you can see that we've got file slash five. But this time we've got an expiry and we've got a signature in here as well.

Now, at the moment, this is not making any difference. I'll show you this if we just paste this in here and we go over to file slash five. That will download the file, even if we don't contain the expiry and the signature in the URL in the query string.

Now, to actually get this to work, we need to manually abort this if these do not match and if it's not valid. Now, this is pretty easy to do because the request that we get through into here actually has a method on it called has valid signature.

So what we can do is we can take this and we can say abort unless this has a valid signature and we'll abort with a 401. So now if we head over to the page that we just looked at, so let's just copy the link address and go over to slash five.

That's not going to work unless we have the signature in there, which we generate for each file. So now no one can download these files unless they have access to this specific sale page, which we know that we're securing with this token and the user's email address.