PHPackages                             arjanwestdorp/exposable - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. arjanwestdorp/exposable

ActiveLibrary[Security](/categories/security)

arjanwestdorp/exposable
=======================

A laravel package to expose protected model in a secure way.

2.1.0(6y ago)011.9k2[1 issues](https://github.com/arjanwestdorp/exposable/issues)[1 PRs](https://github.com/arjanwestdorp/exposable/pulls)MITPHPPHP &gt;=7.0.13CI failing

Since May 2Pushed 2y ago1 watchersCompare

[ Source](https://github.com/arjanwestdorp/exposable)[ Packagist](https://packagist.org/packages/arjanwestdorp/exposable)[ Docs](https://github.com/arjanwestdorp/exposable)[ RSS](/packages/arjanwestdorp-exposable/feed)WikiDiscussions master Synced 4d ago

READMEChangelog (5)Dependencies (8)Versions (9)Used By (0)

Laravel exposable
-----------------

[](#laravel-exposable)

[![Latest Stable Version](https://camo.githubusercontent.com/1d77fc4e1147f9047b2815fd51291faa5bd53a3296bc25a0c9a294fe0d8064f6/68747470733a2f2f706f7365722e707567782e6f72672f61726a616e77657374646f72702f6578706f7361626c652f762f737461626c653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/arjanwestdorp/exposable)[![License](https://camo.githubusercontent.com/07ca284ce398bb31eec9425f555289ee4e0b6157ec729771950459f5fd5d77ca/68747470733a2f2f706f7365722e707567782e6f72672f61726a616e77657374646f72702f6578706f7361626c652f6c6963656e73653f666f726d61743d666c61742d737175617265)](https://packagist.org/packages/arjanwestdorp/exposable)[![Build Status](https://camo.githubusercontent.com/b3c65789459110c6aa7e2253b16d212d28bec1e24fec096483fc7e63480fe7e8/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f61726a616e77657374646f72702f6578706f7361626c652f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/arjanwestdorp/exposable)[![Quality Score](https://camo.githubusercontent.com/62d144f81521035a436427f8a50b07f5c68d0db28f2567935a2b54816f83a704/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f61726a616e77657374646f72702f6578706f7361626c652e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/arjanwestdorp/exposable)[![Coverage](https://camo.githubusercontent.com/80ba72b6b2ad3d151a19c18432e443d5630789abc83ba854adab06e2345d5e0e/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f636f7665726167652f672f61726a616e77657374646f72702f6578706f7361626c652e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/arjanwestdorp/exposable)[![StyleCI](https://camo.githubusercontent.com/05007d84def5cff540497b70fe5e154649d9e14e2f1d79f3917675dcc9926f25/68747470733a2f2f7374796c6563692e696f2f7265706f732f38393937373332342f736869656c64)](https://styleci.io/repos/89977324)

This is a package to expose your protected models in a secure way. You maybe also ran into the problem that you have a file stored in a secure location and you only want to expose it to your users when they are logged in or payed for it. Laravel exposable will make this much easier for you now.

Version Compatibility
---------------------

[](#version-compatibility)

LaravelExposable5.31.0.x5.41.1.xInstallation
------------

[](#installation)

The recommended way to install Exposable is through composer:

```
composer require arjanwestdorp/exposable
```

Next, you'll have to add the service provider to your `config/app.php`

```
// config/app.php
'providers' => [
    ...
    ArjanWestdorp\Exposable\ExposableServiceProvider::class,
];
```

Now you'll need to publish the config file:

```
php artisan vendor:publish --provider="ArjanWestdorp\Exposable\ExposableServiceProvider" --tag="config"
```

Usage
-----

[](#usage)

Add the `Exposable` trait to the model(s) you want to expose:

```
namespace App;

use ArjanWestdorp\Exposable\Exposable;
use Illuminate\Database\Eloquent\Model;

class File extends Model {

    use Exposable;

}
```

Next, you will need to implement the `expose` method on your model:

```
namespace App;

use ArjanWestdorp\Exposable\Exposable;
use Illuminate\Database\Eloquent\Model;

class File extends Model {

    use Exposable;

    /**
     * Expose the model.
     *
     * @return \Illuminate\Http\Response
     */
    public function expose()
    {
        return response('My secure content');
    }
}
```

Finally you'll need to add the model to the config file `config/exposable.php` and bind it to a key:

```
'exposables' => [
    'file' => App\File::class,
],
```

Now your model is ready to expose. Simply use the `exposeUrl` method to get the url on which the model will be available.

```
$file = File::first();
echo $file->exposeUrl();

// http://app.app/expose/file/1?expire=1483261800&guard=member&signature=716817ecaed63fa8b1b887b64ab9505d90cf065dc0677d8b011e3a8b014c43e0
```

Configuration
-------------

[](#configuration)

Configuration is mainly done through the config file. Although there is the option to deviate on model level.

### Config file

[](#config-file)

Below an explanation of all options in the [config file](/arjanwestdorp/exposable/blob/master/src/config/exposable.php).

#### key

[](#key)

The key which is used to sign the expose urls. By default it uses the Laravel key of you application.

```
Default: config('app.key')

```

#### url-prefix

[](#url-prefix)

The prefix of the url on which the models will be exposed.

```
Default: '/expose'

```

When exposing the complete url would look like:

```
http://app.app/expose/file/1?expire=1483261800&guard=member&signature=716817ecaed63fa8b1b887b64ab9505d90cf065dc0677d8b011e3a8b014c43e0

```

#### middleware

[](#middleware)

Here you can define middleware of your application you want to include for the expose url.

```
Default: 'web'

```

#### lifetime

[](#lifetime)

The time after which the url expires. When an integer is given the time is in minutes. Any valid date modification can be used like `2 hours`, `1 day`. See  for all allowed formats.

```
Default: 10

```

#### exposables

[](#exposables)

Array containing all the models you want to expose. The key is used in the url to retrieve the corresponding model.

```
Default: []

```

#### guards

[](#guards)

Array of guards which can protect the exposables. These are NOT the same as the Laravel guards. A custom guard can be very usefull when you want to expose a model only to authenticated users that have payed for the content for example. See [Custom guards](#custom-guards) for an example.

```
Default: ['auth' => \ArjanWestdorp\Exposable\Guards\AuthGuard::class]

```

#### default-guard

[](#default-guard)

The default guard that is used to check if the model can be exposed. You can override this settings on the exposable model if needed. Set to null if you don't want a guard check. That only works when the `require-guard` is set to false.

```
Default: 'auth'

```

#### require-guard

[](#require-guard)

Define if a guard is always required when exposing a model. Settings this to false will give you the option to use no guard by setting the `default-guard` option to null or `$exposableGuard` on a model.

```
Default: true

```

### Model configuration

[](#model-configuration)

On a model you can override the default lifetime and the guard which are used to expose:

```
namespace App;

use ArjanWestdorp\Exposable\Exposable;
use Illuminate\Database\Eloquent\Model;

class File extends Model {

    use Exposable;

    /**
     * The time the expose url will be valid.
     *
     * @var string
     */
    protected $exposableLifetime = '2 hours';

    /**
     * The guard to use when exposing this model.
     *
     * @var string
     */
    protected $exposableGuard = 'member';

    /**
     * Expose the model.
     *
     * @return \Illuminate\Http\Response
     */
    public function expose()
    {
        return response('My secure content');
    }
}
```

Custom guards
-------------

[](#custom-guards)

You can define your own custom guards which will be checked when accessing the expose url. These guards will need to implement the `ArjanWestdorp\Exposable\Guards\Guard` interface. An example of using a custom guard can be when checking if a user is not only authenticated, but also a member:

```
namespace App\Guards;

use ArjanWestdorp\Exposable\Guards\Guard;

class MemberGuard implements Guard{

    /**
     * Check if the user is authenticated and if he is a member.
     *
     * @return bool
     */
    public function authenticate(){
        if(!auth()->check()){
            return false;
        }

        return auth()->user()->isMember();
    }
}
```

Define this guard in the `config/exposable.php` config file:

```
'guards' => [
    ...
    'member' => \App\Guards\MemberGuard::class,
],
```

Now you're good to go and set either the `default-guard => 'member'` in your config file or set the `protected $exposableGuard = 'member'` on your model.

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information about what has changed recently.

Security
--------

[](#security)

If you discover any security issues, please email  instead of creating an issue.

Credits
-------

[](#credits)

- [Arjan Westdorp](https://github.com/arjanwestdorp)
- [Trait Development](http://www.trait-development.nl)
- [All Contributors](../../contributors)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

32

—

LowBetter than 69% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity20

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity63

Established project with proven stability

 Bus Factor1

Top contributor holds 93.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~252 days

Total

5

Last Release

2337d ago

Major Versions

1.1.1 → 2.0.02019-09-09

PHP version history (2 changes)1.0.0PHP &gt;=5.6.0

2.0.0PHP &gt;=7.0.13

### Community

Maintainers

![](https://www.gravatar.com/avatar/6b8e9f6f76f71bca41a5f56025678c55340a73575ec67924873bed1f37d0aa3f?d=identicon)[arjanwestdorp](/maintainers/arjanwestdorp)

---

Top Contributors

[![arjanwestdorp](https://avatars.githubusercontent.com/u/7716654?v=4)](https://github.com/arjanwestdorp "arjanwestdorp (30 commits)")[![KaneCohen](https://avatars.githubusercontent.com/u/578455?v=4)](https://github.com/KaneCohen "KaneCohen (2 commits)")

---

Tags

exposefileslaravelmodelssecurelaravelexposearjanwestdorp

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/arjanwestdorp-exposable/health.svg)

```
[![Health](https://phpackages.com/badges/arjanwestdorp-exposable/health.svg)](https://phpackages.com/packages/arjanwestdorp-exposable)
```

###  Alternatives

[laravel/framework

The Laravel Framework.

34.8k532.1M19.5k](/packages/laravel-framework)[laravel/horizon

Dashboard and code-driven configuration for Laravel queues.

4.1k91.3M282](/packages/laravel-horizon)[spatie/laravel-responsecache

Speed up a Laravel application by caching the entire response

2.8k8.7M64](/packages/spatie-laravel-responsecache)[craftcms/cms

Craft CMS

3.6k3.6M2.9k](/packages/craftcms-cms)[sebastienheyd/boilerplate

Laravel Boilerplate based on AdminLTE 3 with blade components, user management, roles, permissions, logs viewer, ...

29419.5k3](/packages/sebastienheyd-boilerplate)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
