Build a Livewire CSV Importer/Exporter

Sign in Get started

This episode is for members only

Sign up to access "Build a Livewire CSV Importer/Exporter" right now.

Already a member? Sign in to continue

Playing

22. Expiring downloads

Episodes

0%

Your progress

Total: 2h 18m
Played: 0m
Remaining: 2h 18m

Join or sign in to track your progress

Transcript

00:00

Okay, let's look at a slightly different way to handle the download of an export.

00:05

Now really this depends on what you're building, how you're building it, what security you want between authenticated users. Let's just review what we're doing at the moment. So if we head over to the browser, when I go ahead and click on download, that is just downloading the file itself. Now these files we know, let's just talk about storage, we know that these are stored over here in this private directory.

00:28

Now this cannot be accessed as a public URL. So for example, we can't do something like livewire-csv.test 1 and then the name of the file, it just doesn't get found, it's basically hidden away. Now the alternative way to do this would be to generate a link to this. Now this would be useful if you did want links to be shared between other people, perhaps people that are not signed in or don't have permission to access this.

00:59

And here's how you would do it. Now what we're going to do is jump straight in with temporary URLs because we want to make sure that these URLs get generated so we can publicly access them. But we do not want them to be available for more than we need, more time than we need. So when we use temporary URL, we give the path to it that we want to generate and then we give an expiry.

01:24

So to do this really easily, we can grab the current date and time and we can add on a certain amount of time. So just to test this out, let's add on say 30 seconds. So let's say add seconds and 30 and this isn't going to work on its own, so just returning this isn't going to work. We can still click it, but what that's going to do is it's going to actually generate a URL to the file.

01:50

Now let's just take a look at the structure of what we've got here. So I'm going to go ahead and take all of this up to the query string. So the path to the CSV, which remember I said we can't access and we're going to go ahead and just try and hit this in the browser and you see we get a 403 forbidden. So it's there, but we can't access it unless we've generated a temporary URL with a signature and an expiry.

02:15

So the signature will contain the expiry, which will be validated. So this can't be tweaked. Let's go ahead and hit that. And again, it's still forbidden, but that's just because I've been speaking for more than 30 seconds. Let's give that a refresh to refresh this and let's go ahead and try and download that and you can see that it works.

02:34

So this is great if you do want these URLs to be shareable, but you want the expiry and signature in here. So what do we do here then? Because at the moment when I go ahead and click on download, it just goes ahead and shows this. Well, what we can do is we can redirect to this or you can implement some ability to copy and paste this URL or you could show the URL, really whatever you want to do. I'm just kind of giving you options here.

03:01

So we're going to say redirect and we're just going to wrap that. And there we go. So we need to do. So let's go back over, click download. And there we go. We get redirected to that. So this is, again, useful if you want to show the URL anywhere. You now have a couple of options that you can choose from.

Episode summary

In this episode, we explore a better way to let users download exported files by generating expiring download links. First, we talk a bit about how things work right now: the files are stored in a private directory that isn't directly accessible via a public URL. This is great for keeping things secure, but sometimes, you might want to share a link—maybe with someone who isn't even logged in.

To solve this, we use 'temporary URLs'. These links give public access to the file, but only for a limited amount of time that we specify. You can choose how many seconds or minutes the link should work for. In the demo, we try it out with a link that expires after just 30 seconds, showing that it works, and then seeing how it returns a forbidden error once it expires.

The nice part is these URLs are signed and include the expiry info, so users can't just tweak the URL to get more time. We also check out some options for how you might present these URLs in your app—like redirecting users straight to the file, copying the temporary URL, or even showing it directly.

Basically, by the end of this episode, you'll know how to add short-lived, secure download links to your app—making downloads more flexible without sacrificing security.

Episode discussion

No comments, yet. Be the first!