Basically I want to know if it's possible to serve a microsite stored in /storage/app/somewhere but apply API middleware to ensure that the user requesting it has access to it and then just push it through if the user has the rights. Can't use sessions or cookies because the UI is an SPA secured with JWT.
So...I have this project where there's a bunch of users and each user has a collection of assets that are either small static microsites or pdf files. My client creates and deploys this content and I'm saving it currently in storage/app/somewhere. I'm saving it in specific folders in /storage/app/somewhere which I can easily figure out from the project. If it were just a single file that I was serving, I could do that by forcing all of that through an api route like /content or whatever and determine if the user is authorized and then push the file through. But I'm wondering if that would work with a full static microsite with all the resources like js , css, images and whatnot.
These sites are all relative and the links all relative so if I DO preface it all with /content/ the links in the sites should all still work, but run through /content?
Will that work though?
My biggest issue mentally, because I haven't tried it yet, is that I'm not sure there's any way to take an API authenticated user and "convert" that to an authenticated web user without additional sign in.