Build a File Marketplace with Laravel
This episode is for members only

Sign up to access "Build a File Marketplace with Laravel" right now.

Get started
Already a member? Sign in to continue
Playing
32. Displaying and downloading files

Episodes

0%
Your progress
  • Total: 3h 32m
  • Played: 0m
  • Remaining: 3h 32m
Join or sign in to track your progress
01. Introduction and setting up
01. Introduction and demo
5m 51s
0%
02. A fresh project with Laravel Breeze
4m 29s
0%
02. Onboarding with Stripe
03. The onboarding screen
7m 17s
0%
04. Registering the Stripe PHP library
3m 43s
0%
05. Automatically creating Stripe accounts for your users
3m 11s
0%
06. Forwarding users to Stripe Connect
4m 36s
0%
07. Verifying if payouts are enabled
2m 24s
0%
03. Creating products
08. Setting up and listing products
10m 54s
0%
09. Installing Livewire
2m 49s
0%
10. Building the product creation form
15m 1s
0%
11. Automatically generating the slug from the product title
1m 28s
0%
12. Validating and creating a product
6m 23s
0%
13. Handling product file uploads
8m 14s
0%
14. Attaching files to a product
6m 45s
0%
04. Editing products
15. Creating the product edit form
5m 4s
0%
16. Reviving product state
5m 21s
0%
17. Showing and modifying existing files
7m 55s
0%
18. Pulling together the product update process
4m 20s
0%
19. Flashing an update message
4m 57s
0%
05. User subdomains
20. Adding a user subdomain on registration
10m 54s
0%
21. Subdomain routing basics
6m 47s
0%
22. Adding a string macro to properly display the user's name
3m 32s
0%
23. Listing the user's live products
3m 49s
0%
06. Product checkout
24. Showing the product page
10m 35s
0%
25. Creating the checkout success page
3m 57s
0%
26. Starting the checkout flow
9m 22s
0%
07. Storing sales
27. Handling Stripe webhooks
12m 1s
0%
28. Storing product sales
10m 15s
0%
29. Sending a confirmation email to customers
4m 30s
0%
30. Securing Stripe webhooks
4m 32s
0%
08. Accessing purchased files
31. Creating and validating the product download page
3m 54s
0%
32. Displaying and downloading files
4m 50s
0%
09. Sales dashboard
33. Calculating and displaying download stats
6m 6s
0%
34. Listing through sales
7m 3s
0%

Transcript

00:00
To get started securely downloading these files, let's create out an unordered list with some list items in here. And we'll go ahead and iterate through all of the files that exist for that particular product.
00:12
Then we'll go ahead and hook this up to a signed root, which means that it will have an expiry. So we're going to go ahead and save for each sale product files as file, and we'll iterate through each of them. So inside of here is going to be an anchor.
00:28
Let's create one out. And in here is, of course, going to be the file and the file name. So let's just go ahead and add in a class to this. We'll say text indigo 500.
00:40
And let's check this out. There we go. We can space things out here a little bit by adding in a space y6. And there we go.
00:49
Perfect. So the goal is to be able to click on this here, get a secure temporary link to a file download. How do we do that?
00:59
Well, we're going to have to go ahead and create out the root and controller to be able to download a file, first of all. So let's go ahead and say root get. And for this, we'll say slash files and then the file itself.
01:11
We can just do that by the ID if we want to. And of course, we're going to need a controller for this. So let's create out a really simple controller here to handle this. We'll call this file show controller.
01:24
And let's go ahead and just hook that up before we fill this stuff in. File show controller. And we're done. We'll just add a quick name onto this.
01:32
Of course, that's going to be files.show. OK, so the file show controller then, if we invoke this here, is basically going to download the file that we have given into here by its ID. So to do this, we're going to go ahead and return.
01:46
We're going to use the storage facade over in Laravel. And we're just going to say download. For this, we're going to pass in the file path. That's the path to this on our file system.
01:58
But then we want to give the name of the file in here as well. So that's just going to be the original file name. So let's hook this up. And then we'll look at securing it with a signed download URL.
02:10
So over in show here, let's hook this up to the route that we've just created, files and show. And of course, we're going to pass the file into there. So that on its own will work.
02:22
You can see that that will download that file that we've created. But now technically, anyone can guess this slash files slash. We just head over to our route here and the ID just here. So what we're going to do over in our show page here
02:37
is instead of just generating out a normal route, we're going to generate out a temporary signed route. How do we do this? Well, to do this, we use the URL facade.
02:48
Let's pull that in here. And we say temporary signed URL or in our case route, because this links through to a route. The route is file show and we just pass through the file as normal.
03:03
In the middle of here, though, we need to give an expiry. So we can use Laravel's now helper, which returns a carbon instance. And we can add an expiry onto this in minutes, in hours, whatever we want to do. For our case, let's just say 10 minutes.
03:18
So we want this link to be valid for 10 minutes. But of course, you can do something like add hours if you want to. OK, now we've done this. Let's just check out the difference.
03:27
If I click on this and we actually just copy the link address. Let's paste this into here. And you can see that we've got file slash five. But this time we've got an expiry and we've got a signature in here as well.
03:40
Now, at the moment, this is not making any difference. I'll show you this if we just paste this in here and we go over to file slash five. That will download the file, even if we don't contain the expiry and the signature in the URL in the query string.
03:55
Now, to actually get this to work, we need to manually abort this if these do not match and if it's not valid. Now, this is pretty easy to do because the request that we get through into here actually has a method on it called has valid signature.
04:13
So what we can do is we can take this and we can say abort unless this has a valid signature and we'll abort with a 401. So now if we head over to the page that we just looked at, so let's just copy the link address and go over to slash five.
04:32
That's not going to work unless we have the signature in there, which we generate for each file. So now no one can download these files unless they have access to this specific sale page, which we know that we're securing with this token and the user's email address.

Episode summary

In this episode, we dive into how to let users securely download files related to their purchases. First up, we build out a simple unordered list to display all files linked to a product, then make each file item a clickable link.

But we don't want just anyone to be able to download these files! So, we create a special route and controller method to handle the file downloads by their ID, using Laravel's Storage facade to serve up the files with their proper names.

Just having a direct download link would be insecure, so we take it a step further and generate temporary signed routes. This way, each download link is only valid for a short period (like 10 minutes), making it way harder to share or guess download URLs.

We test out the link—at first, it works for anyone, but then we protect it by checking the signature on each request. If the link is expired or doesn't have the right signature, we abort with a 401 error. Only authorized users, from their unique sales page, with the right signed link, can now download the files. Super secure, but user-friendly!

Episode discussion

No comments, yet. Be the first!