[PR #665] [MERGED] Adds ability to secure images behind auth #5682

New Issue

Closed

opened 2026-02-05 10:14:06 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-05 10:14:06 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/665
Author: @ssddanbrown
Created: 1/13/2018
Status: ✅ Merged
Merged: 1/20/2018
Merged by: @ssddanbrown

Base: master ← Head: authed_images

---

📝 Commits (1)

• 0afa417 Added ability to secure images behind auth

📊 Changes

8 files changed (+67 additions, -45 deletions)

View changed files

📝 app/Http/Controllers/ImageController.php (+16 -0)
📝 app/Repos/ImageRepo.php (+3 -4)
📝 app/Services/AttachmentService.php (+31 -23)
📝 app/Services/ImageService.php (+6 -16)
📝 app/Services/UploadService.php (+0 -1)
📝 config/filesystems.php (+6 -1)
📝 routes/web.php (+3 -0)
➕ storage/uploads/images/.gitignore (+2 -0)

📄 Description

This feature puts images behind the authentication barrier so they are only viewable by logged-in users. Permission levels not taken into account, It's simply based on 'Is user authed?'.

Cannot be used alongside public viewing.
Set to be opt-in for now.

Public image access should still be served by the webserver as before, Secure image access goes through the app so will have a performance penalty.

Still in testing. Would be great for folks to test on their setups for any issues. (Do not test on production instances though). I experienced issues doing something similar when initially creating BookStack but so far everything has been working without issue on my dev machine.

Use Instructions

To use simply set STORAGE_TYPE=local_secure in your .env file.
Files will be stored in a storage/uploads/images folder similar to attachments.

If you are migrating to this option with existing images you will need to move all content in the folder public/uploads/images to storage/uploads/images.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/665 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 1/13/2018 **Status:** ✅ Merged **Merged:** 1/20/2018 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `master` ← **Head:** `authed_images` --- ### 📝 Commits (1) - [`0afa417`](https://github.com/BookStackApp/BookStack/commit/0afa417b0a9f1648e3c400f341ffa14c8b96599d) Added ability to secure images behind auth ### 📊 Changes **8 files changed** (+67 additions, -45 deletions) <details> <summary>View changed files</summary> 📝 `app/Http/Controllers/ImageController.php` (+16 -0) 📝 `app/Repos/ImageRepo.php` (+3 -4) 📝 `app/Services/AttachmentService.php` (+31 -23) 📝 `app/Services/ImageService.php` (+6 -16) 📝 `app/Services/UploadService.php` (+0 -1) 📝 `config/filesystems.php` (+6 -1) 📝 `routes/web.php` (+3 -0) ➕ `storage/uploads/images/.gitignore` (+2 -0) </details> ### 📄 Description This feature puts images behind the authentication barrier so they are only viewable by logged-in users. Permission levels not taken into account, It's simply based on 'Is user authed?'. Cannot be used alongside public viewing. Set to be opt-in for now. Public image access should still be served by the webserver as before, Secure image access goes through the app so will have a performance penalty. Still in testing. Would be great for folks to test on their setups for any issues. (Do not test on production instances though). I experienced issues doing something similar when initially creating BookStack but so far everything has been working without issue on my dev machine. ## Use Instructions To use simply set `STORAGE_TYPE=local_secure` in your `.env` file. Files will be stored in a `storage/uploads/images` folder similar to attachments. If you are migrating to this option with existing images you will need to move all content in the folder `public/uploads/images` to `storage/uploads/images`. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-05 10:14:06 +03:00

OVERLORD closed this issue 2026-02-05 10:14:10 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5682