use signed URL by default

Question

use signed URL by default

Gummibeer opened this issue 4 years ago · 3 comments

For API driven Apps the current authentication/authorization middleware doesn't work because the link in email can't provide a Bearer token. But the links still shouldn't be fully public.
A nice and easy solution would be a temporary signed URL.

// mail.blade.php
\Illuminate\Support\Facades\URL::temporarySignedRoute('personal-data-exports', $deletionDatetime, ['zipFilename' => $zipFilename]);

// PersonalDataExportServiceProvider
Route::get("$url/{zipFilename}", [PersonalDataExportController::class, 'export'])
    ->middleware('signed')
    ->name('personal-data-exports');

This way there isn't any need for a session/cookie anymore and the export is still protected.

freekmurze commented 4 years ago

Thanks!

Answer 1 · 2020-08-06T07:20:23.000Z

That's a nice idea, I'd accept a PR for this!

Answer 2 · 2020-08-06T08:18:36.000Z

PR incoming.