0

What is the correct way to restrict access to large files in laravel

I am wondering what the best way to restrict access to large files in laravel is. I have seen this https://stackoverflow.com/questions/16262727/what-is-the-best-way-to-restrict-access-in-laravel and it doesn't fit my use case because I need to restrict LARGE files. This is what I have in the appropriate route right now ```php Route::get('/restricted/{page}', function($page) { $content_types = [ ".aac" => "audio/aac", ".abw" => "application/x-abiword", ".arc" => "application/x-freearc", ".avi" => "video/x-msvideo", ".azw" => "application/vnd.amazon.ebook", ".bin" => "application/octet-stream", ".bmp" => "image/bmp", ".bz" => "application/x-bzip", ".bz2" => "application/x-bzip2", ".csh" => "application/x-csh", ".css" => "text/css", ".csv" => "text/csv", ".doc" => "application/msword", ... ]; if (!preg_match("/.*\..*/",$page)) { $page .= "/index.htm"; } if (file_exists(app_path('StaticPages/' . $page))) { $captured = array(); preg_match("/^.*(\..*)$/", $page,$captured); $type = $content_types[$captured[1]] ?? 'text/plain'; return response(File::get(app_path('StaticPages/') . $page))->header('Content-Type', $type); } else { return abort(404); } })->middleware(['auth','admin-verified'])->name('static-pages')->where('page', '.*'); ``` For background, my client has a static html site that he needs to be restricted by an authentication system. I have that built, but the problem with what I have right now, is that about half of the large files (he has like 50 images on some pages) make 500 errors. It is different files each time though, so I'm pretty sure that it has to do with memory. Also I have alowed php to have unlimited memory. Any help would be appreciated. Thanks.

31st Jul 2020, 5:08 AM
Zachiah sawyer
Zachiah sawyer - avatar
3 Réponses
+ 2
Thanks! 1. Won't work because I need the images to show up even if they are huge. I think 2 should work. Thanks
2nd Aug 2020, 3:19 PM
Zachiah sawyer
Zachiah sawyer - avatar
0
Suggestion 1: Catch an exception related to php.ini configuration and respond with better HTTP response. The answer here might help you: https://stackoverflow.com/questions/46067336/laravel-validate-file-size-when-php-max-upload-size-limit-is-exceeded Check that before reading my other suggestion below. If catching the exception works well for you, that should be more efficient than my next suggestion. Suggestion 2: let Apache and the php.ini allow the huge file upload and let Laravel code validate the size. For this, I would start by ruling out PHP-related issues instead of Laravel. Run phpinfo(); in one of your scripts and you should see the active php.ini file. You could run it in index.php, your routes file. It doesn't really matter. Make sure all of the following properties are specified. You said you increased the memory_limit but that isn't the only setting to block a large file upload. memory_limit = 128M upload_max_filesize = 128M post_max_size = 128M Verify that all of those settings are as high as you expected by reloading the phpinfo() script. You could then use Laravel's Validator class and its max rule like this: $validator = Validator::make($request->all(), [ 'file' => 'max:5120', //5MB ]);
1st Aug 2020, 2:08 AM
Josh Greig
Josh Greig - avatar
0
If you'd rather scale down instead of having the server say "That image is too large" to the browser, that is more "sanitization" than "validation". I thought your question was just how to get a clearer validation response from the server when the file is too large. I thought you were annoyed by the HTTP 500 messages being confused with bugs in the server. Something like this should work: $maxDim = 800; $file_name = $_FILES['myFile']['tmp_name']; list($width, $height, $type, $attr) = getimagesize( $file_name ); if ( $width > $maxDim || $height > $maxDim ) { $target_filename = $file_name; $ratio = $width/$height; if( $ratio > 1) { $new_width = $maxDim; $new_height = $maxDim/$ratio; } else { $new_width = $maxDim*$ratio; $new_height = $maxDim; } $src = imagecreatefromstring( file_get_contents( $file_name ) ); $dst = imagecreatetruecolor( $new_width, $new_height ); imagecopyresampled( $dst, $src, 0, 0, 0, 0, $new_width, $new_height, $width, $height ); imagedestroy( $src ); imagepng( $dst, $target_filename ); // adjust format as needed imagedestroy( $dst ); } That snippet was copied from: https://stackoverflow.com/questions/18805497/php-resize-image-on-upload That isn't specific to Laravel but I don't think Laravel has a much better way of manipulating uploaded images. I implemented something like this for a profile photo upload feature here: https://github.com/joshi1983/hhaccessibility.github.io/blob/master/app/app/Http/Controllers/ProfilePhotoController.php The save method is where imagescale happens. That might give you other ideas for improvement.
2nd Aug 2020, 4:01 PM
Josh Greig
Josh Greig - avatar