I am creating a system when the admin will have to upload his invoices manually through an admin panel powered with Vue.js and the laravel passport API. Both apps are on a different domain(domain and sub).
What is the best way to protect the invoices that are getting uploaded to the storage directory please? At the moment it is symlinked because I have others things that need to be share publicly.
My laravel installed in below the public_html, so how can I upload something I can share via the API file is not above the public_html folder?
In laravel, you have a few different storage drives configured, take a look in the config/filesystem.php file. The one configured as public goes to storage/app/public, which in turn is symlinked to public/storage folder. I would suggest you use the local storage driver ( or configure a new one) that goes to storage/app folder, and then you can place the invoices inside a folder called invoices. This means the invoices wont be publically available using the url.
Then you could create your own route that in turn fetches the invoice from that storage folder and just returns the binary file to the client.
@GRENADECX - Thank you so much for the reply and my apology for the delayed response.
I will check this out today as I have never really tried to setup a secondary storage in the same application.
Thanks again!