Add support for temporaryUploadUrl to the local filesystem

[mnapoli]

This is heavily inspired from the temporaryUrl feature, but applied for uploads.

I also added support for buildTemporaryUploadUrlsUsing(), that way temporary upload and download URLs have exactly the same features (for the local filesystem).

Background: https://github.com/mnapoli/laravel-local-temporary-upload-url and https://x.com/taylorotwell/status/2014899205295243592

[AbdelElrafa]

I had a need for this the other day and because it wasn't available I had to setup minio 🤮. Thanks for adding this in!

[dxnter]

Excellent! I think it's worth noting that there's a minor security issue since download and upload URLs are identical because they share the same URL pattern:

Storage::put('receive-file-test.txt', 'Original Content');

$downloadUrl = Storage::temporaryUrl('receive-file-test.txt', now()->addMinute());

$response = $this->call('PUT', $downloadUrl, [], [], [], [], 'Malicious Content');
$response->assertNoContent();

$this->assertSame('Malicious Content', Storage::get('receive-file-test.txt'));

That means anyone with a download URL can overwrite that file with a PUT. S3 doesn't have this issue because presigned URLs are operation specific (GetObject vs PutObject). This could be mitigated with some type of distinguishing parameter: ['path' => $path, 'upload' => true] or something.

[mnapoli]

Ohh, I was certain the signature included the method (GET, PUT, etc.)

I'm pushing a fix thanks 👍

[taylorotwell]

Thanks 👍

[mnapoli]

👯 thanks for merging!