leuchtfeuer/secure-downloads
Composer 安装命令:
composer require leuchtfeuer/secure-downloads
包简介
"Secure Download": Apply TYPO3 access rights to ALL file assets (PDFs, TGZs or JPGs etc. - configurable) - protect them from direct access.
关键字:
README 文档
README
TYPO3 Extension "Secure Downloads"
In TYPO3, assets like PDFs, TGZs or JPGs etc. are normally just referenced by a URL e.g. to fileadmin/.... The file itself is
delivered directly by the web server, and is therefore not part of the TYPO3 access control scheme – files remain unprotected,
since URLs can be re-used, emailed, Search engine included or even guessed.
The "Secure Downloads" extension (EXT:secure_downloads) changes this behavior: Files will now be accessed through a script that
honors TYPO3 access rights. The converted URL's will then look like this:
https://www.example.com/securedl/sdl-eyJ0eXAiOiJKV1QiLCJhbGciO[...]vcM5rWxIulg5tQ/protected_image.jpg
This works regardless of where the files come from and is not limited to special plugins, etc.
Since in most cases you will not want to protect everything (which means that everything undergoes rather performance-consuming access right checking), Secure Downloads is highly configurable. You may choose:
- what directories to protect (e.g. you can include typo3temp or not)
- what file types to protect (do you want to protect JPGs or not? etc.)
As a complementary measure, you will of course need to configure your web server not to deliver these things directly (e.g. using .htaccess settings).
Requirements
We are currently supporting following TYPO3 versions:
| Extension Version | TYPO3 v14 | TYPO3 v13 |
|---|---|---|
| 14.x | x | - |
| 7.x | - | x |
Outdated Versions
For the following versions no more free bug fixes and new features will be provided by the authors:
| Extension Version | TYPO3 v12 | TYPO3 v11 | TYPO3 v10 | TYPO3 v9 | TYPO3 v8 | TYPO3 v7 | TYPO3 v6.2 | TYPO3 v4.5 |
|---|---|---|---|---|---|---|---|---|
| 6.x | x | - | - | - | - | - | - | - |
| 5.x1) | - | x | x | - | - | - | - | - |
| 4.x | - | - | x | x | - | - | - | - |
| 3.x | - | - | - | x | x | - | - | - |
| 2.0.4 - 2.x | - | - | - | - | x | x | - | - |
| 2.0.0 - 2.0.3 | - | - | - | - | - | x | x | - |
| 1.x2) | - | - | - | - | - | - | x | x |
- 1) Upcoming release as
leuchtfeuer/secure-downloads(vendor name changed). - 2) As
EXT:naw_securedlortypo3-ter/naw-securedl.
Installation
There are several ways to require and install this extension. We recommend getting this extension via composer.
Via Composer
If your TYPO3 instance is running in composer mode, you can simply require the extension by running:
composer req leuchtfeuer/secure-downloads:^14.0
Via Extension Manager
Open the extension manager module of your TYPO3 instance and select "Get Extensions" in the select menu above the upload button.
There you can search for secure_downlaods and simply install the extension. Please make sure you are using the latest version
of the extension by updating the extension list before installing the Secure Downloads extension.
Via ZIP File
You need to download the Secure Downloads extension from the
TYPO3 Extension Repository and upload the ZIP file to the extension
manager of your TYPO3 instance and activate the extension afterwards.
You can also download an archive from GitHub and put its
content directly into the typo3conf/ext directory of your TYPO3 instance. But please keep in mind, that the name of the folder
must be secure_downloads (the repository name will be default).
Configuration
After installation you need to configure this extension. Take a look at the corresponding section of the official manual.
Best Practice
You can configure this extension to fit your specific needs. However, here are some "best practices" that may help you when first using Secure Downloads:
- Install this extension as described above
- Create a new "File Storage" of type "Local filesystem" on page 0 of your TYPO3 instance and set the "Is publicly available?" option to false
- Create a directory on your filesystem which matches the previously configured "Base Path"
- Put an
.htaccessfile into that folder that denies the access to all files within and underneath this path - Configure the extension in the admin section of your TYPO3 Backend to match all files (use an astrix for the securedFiletypes option) in your newly created file storage (use the path for the securedDirs option).
Access Configuration
You also need to secure all the directories and file types by your server configuration. This can be done with .htaccess files.
Some example .htaccess files can be found in the
Resources/Private/Examples
folder.
Note: This extension cannot secure links to files that you include in your CSS file. For example, you can secure /fileadmin
with the default .htaccess_deny file by putting the file in /fileadmin. You can allow /fileadmin/templates/ with the
default .htaccess_allow file by putting this file to /fileadmin/template/.
Documentation
A detailed documentation can be found in the official TYPO3 documentation of this extension.
Changelog
The changelog can be found in the changelog chapter of the official TYPO3 documentation of this extension.
Contributing
You can contribute by making a pull request to the master branch of this repository, by using the "❤️ Sponsor" button on the top of this page, or just send us some beers 🍻...
leuchtfeuer/secure-downloads 适用场景与选型建议
leuchtfeuer/secure-downloads 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 255.86k 次下载、GitHub Stars 达 23, 最近一次更新时间为 2020 年 05 月 06 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「secure」 「typo3」 「downloads」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 leuchtfeuer/secure-downloads 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 leuchtfeuer/secure-downloads 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 leuchtfeuer/secure-downloads 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Secure Trading driver for the Omnipay PHP payment processing library
An extension on top of Spatie/laravel-medialibrary which allows to attach an asset on multiple models. Also ocalized assets are supported.
Timestamp parameter in public file uri
Set Links with a specific language parameter
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
TYPO3 CMS extension to create gallery content element with preset crop ratios and pagination
统计信息
- 总下载量: 255.86k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 23
- 点击次数: 27
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: GPL-2.0-or-later
- 更新时间: 2020-05-06