QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-16 01:34:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ea1fc9b7998008b7f1bb7e6eb649efc0ccce517a
InvoiceShelf/app/Http/Controllers/Admin/Settings/DiskController.php
Darko Gjorgjijoski 67268ac2b7 Secure expense receipts by wiring Media Library to FileDisk 
Spatie Media Library now uses the default FileDisk (local_private) for
new uploads instead of the public disk. Expense receipts are no longer
directly web-accessible.

- AppServiceProvider configures media-library disk from FileDisk on boot
- Change media-library fallback from 'public' to 'local'
- Expense receipt URL accessor returns authenticated route instead of
  direct file URL
- Add registerMediaCollections() to Expense model
- Prevent deleting FileDisk that contains files or is a system disk
- Add media:secure command to migrate existing receipts to private disk

Fixes #187
2026-04-07 01:01:59 +02:00

227 lines
6.0 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\Admin\Settings;
use App\Http\Controllers\Controller;
use App\Http\Requests\DiskEnvironmentRequest;
use App\Http\Resources\FileDiskResource;
use App\Models\FileDisk;
use App\Services\FileDiskService;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\DB;
class DiskController extends Controller
{
public function __construct(
private readonly FileDiskService $fileDiskService,
) {}
/**
* @throws AuthorizationException
* @throws AuthorizationException
*/
public function index(Request $request): AnonymousResourceCollection
{
$this->authorize('manage file disk');
$limit = $request->has('limit') ? $request->limit : 5;
$disks = FileDisk::applyFilters($request->all())
->latest()
->paginateData($limit);
return FileDiskResource::collection($disks);
}
/**
* @return JsonResponse
*
* @throws AuthorizationException
* @throws AuthorizationException
*/
public function store(DiskEnvironmentRequest $request): JsonResponse|FileDiskResource
{
$this->authorize('manage file disk');
if (! $this->fileDiskService->validateCredentials($request->credentials, $request->driver)) {
return respondJson('invalid_credentials', 'Invalid Credentials.');
}
$disk = $this->fileDiskService->create($request);
return new FileDiskResource($disk);
}
/**
* @throws AuthorizationException
*/
public function update(FileDisk $disk, Request $request): JsonResponse|FileDiskResource
{
$this->authorize('manage file disk');
$credentials = $request->credentials;
$driver = $request->driver;
if ($credentials && $driver && $disk->type !== 'SYSTEM') {
if (! $this->fileDiskService->validateCredentials($credentials, $driver)) {
return respondJson('invalid_credentials', 'Invalid Credentials.');
}
$this->fileDiskService->update($disk, $request);
} elseif ($request->set_as_default) {
$this->fileDiskService->setAsDefault($disk);
}
return new FileDiskResource($disk);
}
/**
* @param Request $request
*
* @throws AuthorizationException
* @throws AuthorizationException
*/
public function show($disk): JsonResponse
{
$this->authorize('manage file disk');
$diskData = [];
switch ($disk) {
case 'local':
$diskData = [
'root' => config('filesystems.disks.local.root'),
];
break;
case 's3':
$diskData = [
'key' => '',
'secret' => '',
'region' => '',
'bucket' => '',
'root' => '',
];
break;
case 's3compat':
$diskData = [
'endpoint' => '',
'key' => '',
'secret' => '',
'region' => '',
'bucket' => '',
'root' => '',
];
case 'doSpaces':
$diskData = [
'key' => '',
'secret' => '',
'region' => '',
'bucket' => '',
'endpoint' => '',
'root' => '',
];
break;
case 'dropbox':
$diskData = [
'token' => '',
'key' => '',
'secret' => '',
'app' => '',
'root' => '',
];
break;
}
$data = array_merge($diskData);
return response()->json($data);
}
/**
* Remove the specified resource from storage.
*
* @param FileDisk $taxType
*
* @throws AuthorizationException
* @throws AuthorizationException
*/
public function destroy(FileDisk $disk): JsonResponse
{
$this->authorize('manage file disk');
if ($disk->type === 'SYSTEM') {
return respondJson('not_allowed', 'System disks cannot be deleted.');
}
if ($disk->setAsDefault()) {
return respondJson('not_allowed', 'The default disk cannot be deleted.');
}
$prefix = env('DYNAMIC_DISK_PREFIX', 'temp_');
$diskName = $prefix.$disk->driver;
$mediaCount = DB::table('media')
->where('disk', $diskName)
->orWhere('disk', $disk->driver)
->count();
if ($mediaCount > 0) {
return respondJson('disk_has_files', 'Cannot delete this disk — it contains '.$mediaCount.' file(s). Migrate files first.');
}
$disk->delete();
return response()->json([
'success' => true,
]);
}
/**
* @throws AuthorizationException
* @throws AuthorizationException
*/
public function getDiskDrivers(): JsonResponse
{
$this->authorize('manage file disk');
$drivers = [
[
'name' => 'Local',
'value' => 'local',
],
[
'name' => 'Amazon S3',
'value' => 's3',
],
[
'name' => 'S3 Compatible Storage',
'value' => 's3compat',
],
[
'name' => 'Digital Ocean Spaces',
'value' => 'doSpaces',
],
[
'name' => 'Dropbox',
'value' => 'dropbox',
],
];
$default = config('filesystems.default');
return response()->json([
'drivers' => $drivers,
'default' => $default,
]);
}
}
Reference in New Issue View Git Blame Copy Permalink