diff --git a/backend/app/Http/Controllers/ImageController.php b/backend/app/Http/Controllers/ImageController.php
new file mode 100644
index 0000000..b8a7cf2
--- /dev/null
+++ b/backend/app/Http/Controllers/ImageController.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Str;
+
+class ImageController extends Controller
+{
+    public function index(string $path): Response
+    {
+        $cleanPath = ltrim($path, '/');
+
+        if ($cleanPath === '' || Str::contains($cleanPath, ['../', '..\\'])) {
+            abort(404);
+        }
+
+        $disk = Storage::disk('images');
+
+        if (! $disk->exists($cleanPath)) {
+            abort(404);
+        }
+
+        $file = $disk->get($cleanPath);
+
+        if ($file === null) {
+            abort(404);
+        }
+
+        $contentType = match (strtolower(pathinfo($cleanPath, PATHINFO_EXTENSION))) {
+            'jpg', 'jpeg' => 'image/jpeg',
+            'png' => 'image/png',
+            'webp' => 'image/webp',
+            'gif' => 'image/gif',
+            'svg' => 'image/svg+xml',
+            default => 'application/octet-stream',
+        };
+
+        return response($file, 200, [
+            'Content-Type' => $contentType,
+            'Cache-Control' => 'public, max-age=31536000, immutable',
+        ]);
+    }
+}
diff --git a/backend/routes/api.php b/backend/routes/api.php
index d5804a0..2c63153 100644
--- a/backend/routes/api.php
+++ b/backend/routes/api.php
@@ -1,6 +1,7 @@
 <?php
 
 use App\Http\Controllers\CategoryController;
+use App\Http\Controllers\ImageController;
 use App\Http\Controllers\ProductController;
 use App\Http\Resources\UserResource;
 use Illuminate\Http\Request;
@@ -9,6 +10,9 @@ use Illuminate\Support\Facades\Route;
 Route::get('/products', [ProductController::class, 'index']);
 Route::get('/categories', [CategoryController::class, 'index']);
 
+Route::get('/image/{path}', [ImageController::class, 'index'])
+    ->where('path', '.*');
+
 Route::middleware('auth:sanctum')->group(function() {
     Route::get('/user', fn (Request $request) => new UserResource($request->user()));
 });