This episode is for members only
Sign up to access "Chunking Large Uploads in Livewire" right now.
Get started
Already a member? Sign in to continue
Playing
12. Changing over the file path for security
01. Introduction and demo
3m 4s
0%
02. Getting a file
5m 19s
0%
03. Starting the chunked upload
5m 22s
0%
04. Showing progress and handling success
5m 3s
0%
05. Handling chunks on the server
7m 20s
0%
06. Responding with the uploaded file
4m 43s
0%
07. Feeding back into Livewire
6m 54s
0%
08. Storing the file
3m 2s
0%
09. Refreshing a list of uploads
3m 29s
0%
10. Cancelling uploads
3m 3s
0%
11. Pausing and resuming uploads
2m 32s
0%
12. Changing over the file path for security
2m 11s
0%
13. Using nextTick to fix a rendering issue
1m 15s
0%
Transcript
00:00
OK, so I said we'd come back to this potential security issue with the file path that we're effectively broadcasting to the client side.
00:07
Let's just remind ourselves of what that looks like. So if we come over to our uploader component and we find the event here where we get the response back, let's just take a look at what this is.
00:18
So we'll grab this. We'll go ahead and console log this out. Remember, this is all public coming through to the client. So we need to be really, really careful.
00:27
And let's choose one of these files and head over to the console. So let's cancel this off and choose another file here. We've got an error here, which we can fix up
00:36
as well in the next episode. Let's hit Upload here and just wait for this. And there we go. So this is revealing a lot about our directory structure, which
00:45
is not what we want to do. So let's go and figure out how we can kind of make this a little bit more secure. So instead of get real path, what we're going to do
00:55
is switch this over to get file name. We know that all of our chunks are always uploaded to this directory as they are being pieced together.
01:04
So the file name is really all we need. Now, if we do this now and if we change this over, of course, what is going to happen is when we upload this, it's not going to be able to find that file when
01:15
we try and reconstruct a file after this has been pieced together. So if we go over to our upload component here and we go up to where we are piecing this back together,
01:26
instead of the path, which is now just the file name of this, we now need to go into the storage directory and pick up that. So what we can do is we can use the storage path helper here
01:37
and wrap that in path. And then just before that, we can choose where this is. Now, that's under app and chunks and then the file name. So path technically is now the file name.
01:48
Let's keep it at path. So now, all we're broadcasting to the client is the name of the temporary file, which isn't a massive deal.
01:56
And then we're looking this up directly in our app from the backend. So let's go and just try this one more time and we should have this issue fixed.
02:03
And let's wait for that to finish. And there we go. So a little bit more secure now with not broadcasting the entire file structure of our application.
13 episodes• 53 mins•1 year ago
Overview
Effortlessly handle large file uploads in your Livewire apps with chunked, resumable uploading.
We’ll cover the entire upload process, display a progress bar, then add the ability to pause, resume and cancel uploads.
From there, you’ll be able to handle huge file uploads anywhere in your applications.
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!
Episode discussion
No comments, yet. Be the first!