suwako
/
kikikan
アーカイブ
1
0
フォーク 0
コード イシュー プルリクエスト プロジェクト リリース Wiki アクティビティ

画像とPDF含めて、端的には「storageにある見るファイル」を「不要な人には表示しない」様に

このコミットが含まれているのは:
守矢諏訪子 2021-11-26 14:41:19 +09:00
0a11534f77
コミット 3b98515560
8個のファイルの変更97行の追加36行の削除
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード すべてのファイルを展開 すべてのファイルを折り畳む

12
backend/app/Http/Controllers/Api/ChildrenController.php
ファイルの表示

@ -143,8 +143,8 @@ class ChildrenController extends Controller {
$telact = TelActivation::where('token', $r->token)->first();
$image = base64_decode(substr($r->image, strpos($r->image, ',') + 1));
Storage::disk('public')->put($filename, $image);
$insert['image'] = '/storage/'.$filename;
Storage::disk('private')->put($filename, $image);
$insert['image'] = '/files/'.$filename;
$child->fill($insert);
$child->push();
@ -157,7 +157,7 @@ class ChildrenController extends Controller {
// 失敗
Log::critical($e->getMessage());
DB::rollback();
Storage::disk('public')->delete($filename);
Storage::disk('private')->delete($filename);
return ['status_code' => 400, 'error_messages' => ['登録に失敗しました。']];
}
@ -379,10 +379,10 @@ class ChildrenController extends Controller {
try {
$image = base64_decode(substr($r->image, strpos($r->image, ',') + 1));
Storage::disk('public')->put($filename, $image);
Storage::disk('private')->put($filename, $image);
$update = [
'image' => '/storage/'.$filename,
'image' => '/files/'.$filename,
];
Child::where('id', (int)$child_id)->update($update);
@ -395,7 +395,7 @@ class ChildrenController extends Controller {
} catch (\Throwable $e) {
// 失敗
Log::critical($e->getMessage());
Storage::disk('public')->delete($filename);
Storage::disk('private')->delete($filename);
return ['status_code' => 400, 'error_messages' => ['画像の更新に失敗しました。']];
}

16
backend/app/Http/Controllers/Api/FathersController.php
ファイルの表示

@ -168,7 +168,7 @@ class FathersController extends Controller {
$lastid = Father::select('id')->orderBy('id', 'desc')->first();
$filename = $this->uuidv4() . '.'.$ext;
$image = base64_decode(substr($r->image, strpos($r->image, ',') + 1));
Storage::disk('public')->put($filename, $image);
Storage::disk('private')->put($filename, $image);
}
try {
@ -179,7 +179,7 @@ class FathersController extends Controller {
'email' => $get->email,
'password' => $password,
'company' => $r->company,
'image' => !is_null($r->image) ? '/storage/'.$filename : '/assets/default/avatar.jpg',
'image' => !is_null($r->image) ? '/files/'.$filename : '/assets/default/avatar.jpg',
'profile' => $r->profile,
'tel' => $r->tel,
];
@ -202,7 +202,7 @@ class FathersController extends Controller {
// 本登録に失敗
Log::critical($e->getMessage());
DB::rollback();
if (!is_null($r->image)) Storage::disk('public')->delete($filename);
if (!is_null($r->image)) Storage::disk('private')->delete($filename);
return ['status_code' => 400, 'error_messages' => ['本登録に失敗しました。']];
}
@ -322,13 +322,13 @@ class FathersController extends Controller {
DB::beginTransaction();
$image = base64_decode(substr($r->image, strpos($r->image, ',') + 1));
Storage::disk('public')->put($filename, $image);
Storage::disk('private')->put($filename, $image);
$father = Father::find((int)$father_id);
if (!is_null($father->image)) {
$oldimg = $father->image;
}
$father->image = '/storage/'.$filename;
$father->image = '/files/'.$filename;
$father->save();
$login_user_datum = $father->toArray();
@ -342,12 +342,12 @@ class FathersController extends Controller {
// 親プロフィール画像のアップロードに失敗
Log::critical($e->getMessage());
DB::rollback();
Storage::disk('public')->delete($filename);
Storage::disk('private')->delete($filename);
return ['status_code' => 400, 'error_messages' => ['親の更新に失敗しました。']];
}
if (!is_null($oldimg)) {
$stor = Storage::disk('public')->delete($oldimg);
$stor = Storage::disk('private')->delete($oldimg);
}
// 親プロフィール画像のアップロードに成功
@ -483,7 +483,7 @@ class FathersController extends Controller {
$father->delete();
if (!is_null($img)) {
Storage::disk('public')->delete($img);
Storage::disk('private')->delete($img);
}
Session::forget($this->getGuard());
} catch (\Throwable $e) {

52
backend/app/Http/Controllers/Api/FilesController.php ノーマルファイル
ファイルの表示

@ -0,0 +1,52 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller, Session;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;
use Symfony\Component\HttpFoundation\StreamedResponse;
use App\Models\Meeting;
use App\Models\MeetingImage;
use App\Models\Child;
use App\Models\Father;
use App\Models\FatherRelations;
class FilesController extends Controller {
public function __invoke (Request $request, $path) {
$err = 'このファイルは存在しません。パスをご確認下さい。';
abort_if(!Storage::disk('private')->exists($path), 404, $err);
abort_if(!session()->has('children') && !session()->has('fathers') && !session()->has('admins'), 404, $err);
if (substr($path, -4) == '.pdf') {
if (session()->has('children')) {
abort_if(null === ($rel = FatherRelations::where('child_id', (int)session()->get('children')['id'])->first()), 404, $err);
abort_if(null === (Meeting::where('father_id', $rel->father_id)->where('pdf', '/files/'.$path)->first()), 404, $err);
}
else if (session()->has('fathers')) {
abort_if(null === (Meeting::where('father_id', (int)session()->get('fathers')['id'])->where('pdf', '/files/'.$path)->first()), 404, $err);
}
}
else {
if (null !== ($meetimg = MeetingImage::where('image', '/files/'.$path)->first())) {
if (session()->has('children')) {
abort_if(null === ($rel = FatherRelations::where('child_id', (int)session()->get('children')['id'])->first()), 404, $err);
abort_if(null === (Meeting::where('father_id', $rel->father_id)->first()), 404, $err);
}
if (session()->has('fathers')) {
abort_if(null === (Meeting::where('father_id', (int)session()->get('fathers')['id'])->first()), 404, $err);
}
}
if (session()->has('children')) {
abort_if(null === (Child::where('id', (int)session()->get('children')['id'])->where('image', '/files/'.$path)->first()), 404, $err);
}
else if (session()->has('fathers')) {
abort_if(null === (Father::where('id', (int)session()->get('fathers')['id'])->where('image', '/files/'.$path)->first()), 404, $err);
}
}
return Storage::disk('private')->response($path);
}
}

8
backend/app/Http/Controllers/Api/MeetingImagesController.php
ファイルの表示

@ -45,11 +45,11 @@ class MeetingImagesController extends Controller {
$filename = $this->uuidv4() . '.'.$ext;
$fname[] = $this->uuidv4() . '.'.$ext;
$image = base64_decode(substr($img, strpos($img, ',') + 1));
Storage::disk('public')->put($filename, $image);
Storage::disk('private')->put($filename, $image);
$insert = [
'meeting_id' => (int)$r->meeting_id,
'image' => '/storage/'.$filename,
'image' => '/files/'.$filename,
];
MeetingImage::create($insert);
@ -58,7 +58,7 @@ class MeetingImagesController extends Controller {
// 失敗
Log::critical($e->getMessage());
foreach ($fname as $filename) {
Storage::disk('public')->delete($filename);
Storage::disk('private')->delete($filename);
}
return ['status_code' => 400];
}
@ -83,7 +83,7 @@ class MeetingImagesController extends Controller {
try {
MeetingImage::where('id', (int)$r->image_id)->delete();
Storage::disk('public')->delete($get->image);
Storage::disk('private')->delete($get->image);
} catch (\Throwable $e) {
// 失敗
Log::critical($e->getMessage());

32
backend/app/Http/Controllers/Api/MeetingsController.php
ファイルの表示

@ -67,12 +67,12 @@ class MeetingsController extends Controller {
try {
if (isset($r->pdf)) {
$filename = $this->uuidv4() . '.pdf';
$insert['pdf'] = '/storage/'.$filename;
$insert['pdf'] = '/files/'.$filename;
if (substr($r->pdf, -4) != '.pdf') {
$pdf = base64_decode(substr($r->pdf, strpos($r->pdf, ',') + 1));
Storage::disk('public')->put($filename, $pdf);
Storage::disk('private')->put($filename, $pdf);
}
else {
$insert['pdf'] = $r->pdf;
@ -89,9 +89,9 @@ class MeetingsController extends Controller {
$fname = $this->uuidv4() . '.'.$ext;
$fnames[] = $fname;
$image = base64_decode(substr($img, strpos($img, ',') + 1));
Storage::disk('public')->put($fname, $image);
Storage::disk('private')->put($fname, $image);
$imgname = '/storage/'.$fname;
$imgname = '/files/'.$fname;
}
else {
@ -123,11 +123,11 @@ class MeetingsController extends Controller {
Log::critical($e->getMessage());
if (!is_null($meeting) && $meeting != 0) {
if (isset($r->pdf)) {
Storage::disk('public')->delete($filename);
Storage::disk('private')->delete($filename);
}
if (isset($r->image)) {
foreach ($fnames as $f) {
Storage::disk('public')->delete($f);
Storage::disk('private')->delete($f);
}
}
}
@ -704,29 +704,29 @@ class MeetingsController extends Controller {
// DBにミーティングがある場合
if ($chk = Meeting::select('pdf')->where('id', (int)$meeting_id)->first()) {
// base64の場合(ファイルパスだったら、スキップ)
if (!preg_match('/\/storage\/(.*).pdf/', $r->pdf)) {
if (!preg_match('/\/files\/(.*).pdf/', $r->pdf)) {
// もう存在しているPDFのファイル名からパスを外します。
$opdf = str_replace('/storage/', '', $chk->pdf);
$opdf = str_replace('/files/', '', $chk->pdf);
// PDFのbase64をGETします。
$pdf = base64_decode(substr($r->pdf, strpos($r->pdf, ',') + 1));
// 既にPDFが存在する場合(なければ、スキップ)
if (Storage::disk('public')->exists($opdf)) {
if (Storage::disk('private')->exists($opdf)) {
// 既に存在しているPDFとアップロードしているPDFを比べてみます。異なる場合、存在しているPDFを削除します。
if (strcmp(Storage::disk('public')->get($opdf), $pdf) !== 0) {
Storage::disk('public')->delete($opdf);
if (strcmp(Storage::disk('private')->get($opdf), $pdf) !== 0) {
Storage::disk('private')->delete($opdf);
}
}
$update['pdf'] = '/storage/'.$filename;
Storage::disk('public')->put($filename, $pdf);
$update['pdf'] = '/files/'.$filename;
Storage::disk('private')->put($filename, $pdf);
}
}
// なければ、そのままストレージに保存します。
else {
$update['pdf'] = '/storage/'.$filename;
Storage::disk('public')->put($filename, $pdf);
$update['pdf'] = '/files/'.$filename;
Storage::disk('private')->put($filename, $pdf);
}
}
@ -735,7 +735,7 @@ class MeetingsController extends Controller {
} catch (\Throwable $e) {
Log::critical($e->getMessage());
if (isset($r->pdf) && !is_null($r->pdf)) {
Storage::disk('public')->delete($filename);
Storage::disk('private')->delete($filename);
}
return ['status_code' => 400];
}

4
backend/app/Http/Controllers/Controller.php
ファイルの表示

@ -42,7 +42,7 @@ class Controller extends BaseController
public function imagesize ($value) {
try {
return strlen($value) < env('PDF_MAX_SIZE');
return strlen($value) < (int)env('PDF_MAX_SIZE');
} catch (\Throwable $e) {
Log::critical($e->getMessage());
return false;
@ -123,7 +123,7 @@ class Controller extends BaseController
try {
$ok = true;
foreach (json_decode($value) as $v) {
if (strlen(base64_decode($v)) > env('PDF_MAX_SIZE')) {
if (strlen(base64_decode($v)) > (int)env('PDF_MAX_SIZE')) {
$ok = false;
}
}

7
backend/config/filesystems.php
ファイルの表示

@ -42,6 +42,13 @@ return [
'visibility' => 'public',
],
'private' => [
'driver' => 'local',
'root' => storage_path('app/private'),
'url' => env('APP_URL').'/storage',
'visibility' => 'private',
],
's3' => [
'driver' => 's3',
'key' => env('AWS_ACCESS_KEY_ID'),

2
backend/routes/web.php
ファイルの表示

@ -128,3 +128,5 @@ Route::group(['prefix' => 'admin'], function () {
Route::get('/child/edit/password/{child_id}', function () { return view('admin.index'); });
});
});
Route::get('/files/{path}', \App\Http\Controllers\Api\FilesController::class);