Controller action for path-identified assets

src/Controllers/TenantAssetsController.php

@@ -26,4 +26,26 @@ class TenantAssetsController extends Controller
             abort(404);
         }
     }
+    
+     public function assetWithPath($path = null)
+    {
+        abort_if($path === null, 404);
+
+        /**
+         * Prevents path traversal attack in asset requests
+         *
+         * @see https://www.stackhawk.com/blog/laravel-path-traversal-guide-examples-and-prevention/
+         */
+        $basePath = storage_path("app/public");
+        $requestPath = realpath($basePath . '/' . $path);
+
+        $validPath = substr($requestPath, 0, strlen($basePath)) === $basePath;
+        abort_if($validPath === false, 404);
+
+        try {
+            return response()->file($requestPath);
+        } catch (Throwable $th) {
+            abort(404);
+        }
+    }
 }