Merge pull request #5 from bnbwebexpertise/shareable

adds creation of shareable links with inbuilt expiry mechanism

Author: gabsource

README.md

@@ -277,6 +277,12 @@ public function boot()
 }
 ```
 
+## Temporary URLs
+It is possible to generate a unique temporary URL for downloading the attachments via the `getTemporaryUrl` method of the `Attachment` model, for sharing purposes foremost.  
+The `getTemporaryUrl` method has one parameter : a `Carbon` date, after which the link will no longer be valid.
+
+The default generated URL is of the form : `http://example.com/attachments/shared/<a very long string>`. The share path can be modified in the config file under the `shared_pattern` key.
+
 ## Cleanup commands
 
 A command is provided to cleanup the attachments not bound to a model

config/attachments.php

@@ -15,6 +15,7 @@
         'prefix' => 'attachments',
         'middleware' => 'web',
         'pattern' => '/{id}/{name}',
+        'shared_pattern' =>  '/shared/{token}',
         'dropzone' => [
             'upload_pattern' => '/dropzone',
             'delete_pattern' => '/dropzone/{id}',

routes/web.php

@@ -4,6 +4,11 @@
     'prefix' => config('attachments.routes.prefix'),
     'middleware' => config('attachments.routes.middleware')
 ], function () {
+    Route::get(config('attachments.routes.shared_pattern'), 'Bnb\Laravel\Attachments\Http\Controllers\ShareController@download')
+        ->where('token', '.+')
+        ->where('id', '[a-zA-Z0-9-]+')
+        ->where('name', '.+')
+        ->name('attachments.download-shared');
     Route::get(config('attachments.routes.pattern'), 'Bnb\Laravel\Attachments\Http\Controllers\DownloadController@download')
         ->where('id', '[a-zA-Z0-9-]+')
         ->where('name', '.+')

src/Attachment.php

@@ -2,11 +2,13 @@
 
 namespace Bnb\Laravel\Attachments;
 
+use Carbon\Carbon;
 use File as FileHelper;
 use Illuminate\Database\Eloquent\Model;
 use Storage;
 use Symfony\Component\HttpFoundation\File\File as FileObj;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
+use Crypt;
 
 /**
  * @property int    id
@@ -364,6 +366,27 @@ public function getExtension()
     }
 
 
+    /**
+     * Generate a temporary url at which the current file can be downloaded until $expire
+     *
+     * @param Carbon $expire
+     *
+     * @return string
+     */
+    public function getTemporaryUrl(Carbon $expire)
+    {
+
+        $payload = Crypt::encryptString(collect([
+            'id' => $this->uuid,
+            'expire' => $expire->getTimestamp(),
+            'shared_at' => Carbon::now()->getTimestamp()
+        ])->toJson());
+
+        return route('attachments.download-shared', ['token' => $payload]);
+
+    }
+
+
     /**
      * Generates a partition for the file.
      * return /ABC/DE1/234 for an name of ABCDE1234.

src/Http/Controllers/ShareController.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace Bnb\Laravel\Attachments\Http\Controllers;
+
+use Bnb\Laravel\Attachments\Attachment;
+use Carbon\Carbon;
+use Illuminate\Contracts\Encryption\DecryptException;
+use Illuminate\Http\Request;
+use Illuminate\Routing\Controller;
+use Lang;
+use Crypt;
+
+class ShareController extends Controller
+{
+
+    public function download($token, Request $request)
+    {
+        try {
+            $data = json_decode(Crypt::decryptString($token));
+            $id = $data->id;
+            $expire = $data->expire;
+
+        } catch(DecryptException $e) {
+            abort(404, Lang::get('attachments::messages.errors.file_not_found'));
+        }
+
+        if(Carbon::createFromTimestamp($expire)->isPast()) {
+            abort(403, Lang::get('attachments::messages.errors.expired'));
+        }
+
+        $disposition = ($disposition = $request->input('disposition')) === 'inline' ? $disposition : 'attachment';
+
+        if ($file = Attachment::where('uuid', $id)->first()) {
+            /** @var Attachment $file */
+            if ( ! $file->output($disposition)) {
+                abort(403, Lang::get('attachments::messages.errors.access_denied'));
+            }
+        }
+
+        abort(404, Lang::get('attachments::messages.errors.file_not_found'));
+    }
+}

translations/en/messages.php

@@ -4,6 +4,7 @@
     'errors' => [
         'access_denied' => 'Access denied.',
         'not_found' => 'Not found.',
+        'expired' => 'The file is no longer available.',
         'upload_failed' => 'Upload has failed.',
         'upload_denied' => 'Upload has been denied.',
         'delete_denied' => 'Resource deletion has been denied.',

translations/fr/messages.php

@@ -4,6 +4,7 @@
     'errors' => [
         'access_denied' => 'Vous n’êtes pas autorisé à accéder à la ressource demandée.',
         'not_found' => 'La ressource demandé est introuvable.',
+        'expired' => 'Le fichier n’est plus disponible.',
         'upload_failed' => 'L’envoi de la ressource a échoué.',
         'upload_denied' => 'L’envoi de la ressource a été refusée.',
         'delete_denied' => 'La suppression de la ressource a été refusée.',