I am working on a side project on Laravel and I am a junior intern. Currently I need to generate an URL and send that to a specific email, where the user can view a pdf for a limited time and only once.
For now I am just working on the unique URL generation and would like some advice for generating them securely, following standards and for a limited time only.
Would love just some resources or advice.
CodePudding user response:
I think what you are looking for is Signed Routes in Laravel.
Probably this help
https://laravel.com/docs/9.x/urls#signed-urls
Example:
First of all Before using signed URL you need chek that in your App/Http/Kernel you have next line uncommented
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
after that in web routes you have to add signed middleware
Route::get('pdf/{id}/{user}/{response}', PdfController::class)->name('pdf.generate')->**middleware('signed')**
You finally can use your signed url as
use \Illuminate\Support\Facades\URL;
URL::temporarySignedRoute('pdf.generate', now()->addHour(), [
'id' => 25,
'user' => 100,
'response' => 'yes'
]);
which create a signed url like
https://example.com/pdf/25/100/yes?expires=1521543365 &signature=d32f53ced4a781f287b612d21a3b7d3c38ebc5ae53951115bb9af4bc3f88a87a
Where signature hash include all params in route and avoid manipulation, and the best of all in one hour will expire forever.
Throwing an Illuminate\Routing\Exceptions\InvalidSignatureException. when visited after expiring