Secure Uploads - v1.0.0
ArtisanPack UI Secure Uploads Documentation
File upload security for Laravel — validation, malware scanning, secure storage, signed URLs, rate limiting, and quarantine workflows.
This package is part of the ArtisanPack UI Security 2.0 split. The 1.x security toolkit's upload features now live here as a focused, standalone package you can install on its own or alongside the rest of the ecosystem.
What's in this package
- Validation pipeline — MIME sniffing, magic-byte verification, extension allow/blocklists, size limits, double-extension and null-byte trick detection, EXIF stripping
- Malware scanning — pluggable scanners with shipped implementations for ClamAV (socket + binary), VirusTotal (API + by-hash), and a no-op Null scanner for dev / CI
- Secure storage — files stored outside the public root, served only via signed URLs through the bundled
SecureFileController - Quarantine workflow — async scanning quarantines files until
security:scan-quarantineclears them HasSecureFilesEloquent concern — attach validated, scanned files to any model via amorphManyrelationship- Events — observe
FileUploaded,FileUploadRejected,FileServed,MalwareDetected - Middleware + rate limiting —
validate.upload,scan.upload,FileUploadRateLimiter - Artisan commands —
security:cleanup-files,security:scan-quarantine
Documentation map
- Getting Started — 5-minute install + first signed-URL upload
- Installation — requirements, configuration, scanner setup
- Usage — validation, scanning, storage, signed URLs, events, middleware, commands
- Advanced — extending validators, custom scanners, quarantine workflow, rate limiting
- FAQ
- Troubleshooting
Related packages
| Package | Scope |
|---|---|
artisanpack-ui/security |
Core: input sanitization, escaping, CSP, security headers |
artisanpack-ui/security-auth |
2FA, password complexity, account lockout, sessions |
artisanpack-ui/security-advanced-auth |
WebAuthn, SSO, social login |
artisanpack-ui/rbac |
Roles, permissions, Gate integration |
artisanpack-ui/security-analytics |
Event logging, anomaly detection, SIEM, dashboards (subscribes to the FileUploaded / MalwareDetected events) |