dasundev / filament-access-secret
Secures access to Filament by requiring a secret key in the URL.
Fund package maintenance!
dasundev
Installs: 1 029
Dependents: 1
Suggesters: 0
Security: 0
Stars: 31
Watchers: 2
Forks: 3
Open Issues: 1
Requires
- php: ^8.0
- filament/filament: ^3.0
Requires (Dev)
- larastan/larastan: ^2.0
- laravel/pint: ^1.13
- orchestra/testbench: ^8.0
- orchestra/testbench-dusk: ^8.12
- pestphp/pest: ^2.30.0
README
✨ Introduction
This package provides a middleware for securing access to Filament by requiring a secret key to be provided in the URL.
🔍 How it Works
Once you set up and configure this package, it works by preventing access to http://my-website.com/admin. If you try to visit that link, you will see a "404" message. But if you add the secret key at the end of the URL like this: http://my-website.com/admin/secret, you will be able to access the admin panel.
Important
This functionality is facilitated through a specific type of cookie working behind the scenes. This cookie validates whether you possess the authorization to access the Filament panel.
📦 Installation
You can install the package via Composer:
composer require dasundev/filament-access-secret
Optionally, you can publish the config file using:
php artisan vendor:publish --tag="filament-access-secret-config"
👩💻 Usage
After installing the package, open the .env file and add the following key with your secret key:
DEFAULT_FILAMENT_ACCESS_SECRET_KEY=default123
To access Filament, append the secret key to the Filament URL like this:
https://my-website.com/admin/secret
Open the app/Providers/Filament/AdminPanelProvider.php and right at the start of the list of middleware, add VerifyAdminAccessSecret middleware as follows.
use Dasundev\FilamentAccessSecret\Middleware\VerifyAdminAccessSecret; class AdminPanelProvider extends PanelProvider { public function panel(Panel $panel): Panel { return $panel ... ->middleware([ VerifyAdminAccessSecret::class, // Other middlewares... ]) ...; } }
Now, your Filament access is secured with the provided secret key.
🔥 Multiple Panel Support
The filament access secret is supports for multiple panels with different secret keys.
To enable it, you must publish the configuration file by running the following command.
php artisan vendor:publish --tag="filament-access-secret-config"
Then open the config file at config/filament-access-secret.php and add your new key with the env variable as follows.
'keys' => [ ... 'app' => env('APP_FILAMENT_ACCESS_SECRET_KEY', ''), // "app" is the id of the panel ],
Now you can set a secret key for the new panel (in this case for the "app" panel).
APP_FILAMENT_ACCESS_SECRET_KEY=app123
🚫 Disable Secret Access
If you want to disable secret access, leave each secret environment key value blank or delete it from the .env file as follows.
DEFAULT_FILAMENT_ACCESS_SECRET_KEY= APP_FILAMENT_ACCESS_SECRET_KEY=
🔐 Enhance Security
To enhance security, you have the option to include your own cookie class through the configuration file.
<?php return [ /* |-------------------------------------------------------------------------- | Access Secret Cookie |-------------------------------------------------------------------------- | | To use your own access secret cookie, set it here. | */ 'cookie' => MyAccessSecretCookie::class ];
📌 Special Note
The filament access secret key only works if your panel provider ID and path are the same.
class AdminPanelProvider extends PanelProvider { public function panel(Panel $panel): Panel { return $panel ->default() ->id('admin') ->path('admin')
You get the idea right? 🙌
🔄 Changelog
Please see CHANGELOG for more information on what has changed recently.
🤝 Contributing
Please see CONTRIBUTING for details.