/exposable

Expose your protected models in a secure way.

Primary LanguagePHPMIT LicenseMIT

Laravel exposable

Latest Stable Version License Build Status Quality Score Coverage StyleCI

This is a package to expose your protected models in a secure way. You maybe also ran into the problem that you have a file stored in a secure location and you only want to expose it to your users when they are logged in or payed for it. Laravel exposable will make this much easier for you now.

Version Compatibility

Laravel Exposable
5.3 1.0.x
5.4 1.1.x

Installation

The recommended way to install Exposable is through composer:

composer require arjanwestdorp/exposable

Next, you'll have to add the service provider to your config/app.php

// config/app.php
'providers' => [
    ...
    ArjanWestdorp\Exposable\ExposableServiceProvider::class,
];

Now you'll need to publish the config file:

php artisan vendor:publish --provider="ArjanWestdorp\Exposable\ExposableServiceProvider" --tag="config"

Usage

Add the Exposable trait to the model(s) you want to expose:

namespace App;
    
use ArjanWestdorp\Exposable\Exposable;
use Illuminate\Database\Eloquent\Model;
    
class File extends Model {
    
    use Exposable;

}

Next, you will need to implement the expose method on your model:

namespace App;
    
use ArjanWestdorp\Exposable\Exposable;
use Illuminate\Database\Eloquent\Model;
    
class File extends Model {
    
    use Exposable;
    
    /**
     * Expose the model.
     *
     * @return \Illuminate\Http\Response
     */
    public function expose()
    {
        return response('My secure content');
    }
}

Finally you'll need to add the model to the config file config/exposable.php and bind it to a key:

'exposables' => [
    'file' => App\File::class,
],

Now your model is ready to expose. Simply use the exposeUrl method to get the url on which the model will be available.

$file = File::first();
echo $file->exposeUrl();
    
// http://app.app/expose/file/1?expire=1483261800&guard=member&signature=716817ecaed63fa8b1b887b64ab9505d90cf065dc0677d8b011e3a8b014c43e0

Configuration

Configuration is mainly done through the config file. Although there is the option to deviate on model level.

Config file

Below an explanation of all options in the config file.

key

The key which is used to sign the expose urls. By default it uses the Laravel key of you application.

Default: config('app.key')

url-prefix

The prefix of the url on which the models will be exposed.

Default: '/expose'

When exposing the complete url would look like:

http://app.app/expose/file/1?expire=1483261800&guard=member&signature=716817ecaed63fa8b1b887b64ab9505d90cf065dc0677d8b011e3a8b014c43e0

middleware

Here you can define middleware of your application you want to include for the expose url.

Default: 'web'

lifetime

The time after which the url expires. When an integer is given the time is in minutes. Any valid date modification can be used like 2 hours, 1 day. See http://php.net/manual/en/datetime.formats.relative.php for all allowed formats.

Default: 10

exposables

Array containing all the models you want to expose. The key is used in the url to retrieve the corresponding model.

Default: []

guards

Array of guards which can protect the exposables. These are NOT the same as the Laravel guards. A custom guard can be very usefull when you want to expose a model only to authenticated users that have payed for the content for example. See Custom guards for an example.

Default: ['auth' => \ArjanWestdorp\Exposable\Guards\AuthGuard::class]

default-guard

The default guard that is used to check if the model can be exposed. You can override this settings on the exposable model if needed. Set to null if you don't want a guard check. That only works when the require-guard is set to false.

Default: 'auth'

require-guard

Define if a guard is always required when exposing a model. Settings this to false will give you the option to use no guard by setting the default-guard option to null or $exposableGuard on a model.

Default: true

Model configuration

On a model you can override the default lifetime and the guard which are used to expose:

namespace App;
    
use ArjanWestdorp\Exposable\Exposable;
use Illuminate\Database\Eloquent\Model;
    
class File extends Model {
    
    use Exposable;
    
    /**
     * The time the expose url will be valid.
     *
     * @var string
     */
    protected $exposableLifetime = '2 hours';
    
    /**
     * The guard to use when exposing this model.
     *
     * @var string
     */
    protected $exposableGuard = 'member';
    
    /**
     * Expose the model.
     *
     * @return \Illuminate\Http\Response
     */
    public function expose()
    {
        return response('My secure content');
    }
}

Custom guards

You can define your own custom guards which will be checked when accessing the expose url. These guards will need to implement the ArjanWestdorp\Exposable\Guards\Guard interface. An example of using a custom guard can be when checking if a user is not only authenticated, but also a member:

namespace App\Guards;
    
use ArjanWestdorp\Exposable\Guards\Guard;
 
class MemberGuard implements Guard{
    
    /**
     * Check if the user is authenticated and if he is a member.
     * 
     * @return bool
     */
    public function authenticate(){
        if(!auth()->check()){
            return false;
        }
        
        return auth()->user()->isMember();
    }
}

Define this guard in the config/exposable.php config file:

'guards' => [
    ...
    'member' => \App\Guards\MemberGuard::class,
],

Now you're good to go and set either the default-guard => 'member' in your config file or set the protected $exposableGuard = 'member' on your model.

Changelog

Please see CHANGELOG for more information about what has changed recently.

Security

If you discover any security issues, please email arjanwestdorp@gmail.com instead of creating an issue.

Credits

License

The MIT License (MIT). Please see License File for more information.