elic-dev/laravel-site-protection

Protect your site with a simple password form

Maintainers

Details

github.com/elic-dev/laravel-site-protection

Source

Issues

Installs: 187 044

Dependents: 0

Suggesters: 0

Security: 0

Stars: 41

Watchers: 2

Forks: 11

Open Issues: 0

1.2.0 2023-07-12 07:16 UTC

Requires

  • php: >=5.6.4

MIT 0b124ccd7837f92609cd720a0bb6ce30d2decb72

  • Matthias Lill <m.lill.woop@gmx.de>

This package is not auto-updated.

Last update: 2024-04-19 12:39:58 UTC

README

This will add a simple password form in front of your application to protected it from any access. The password is specified using the .env file to protect DEV or STAGE sites only.

You can use multiple passwords for different user groups. Once the password is removed, the access is revoked.

This does not protect any assets files like css or images.

Looks like

SiteProtection

Installation

composer require elic-dev/laravel-site-protection

Laravel >= 5.2

This package requires at least the Laravel Framework of version 5.2.

Add ServiceProvider to the providers array in app/config/app.php.

ElicDev\SiteProtection\SiteProtectionServiceProvider::class,

Laravel >= 5.5

You don't need to add this package to your app/config/app.php since it supports auto discovery.

Add Middleware (Laravel < 11.0)

Add Middleware to app/Http/Kernel.php or specific routes you want to protect.

protected $middlewareGroups = [
    'web' => [
        ...
        \ElicDev\SiteProtection\Http\Middleware\SiteProtection::class,
    ],
    ...
];

Add Middleware (Laravel >= 11.0)

Edit Middleware at config/app.php and include against the 'web' middleware.

 ->withMiddleware(function (Middleware $middleware) {
        $middleware->appendToGroup('web',\ElicDev\SiteProtection\Http\Middleware\SiteProtection::class);
    })

Configuration

Most configuration can be done using ENV variables by adding the following keys to your .env file.

Adjusting the passwords

You can use multiple passwords separated by comma.

SITE_PROTECTION_PASSWORDS=password1,password2

To revoke access to your site simply change the password. This requires every user using the old password to re-enter a password.

Exclude certain paths from protection

You can exclude specific paths from protection. Add a comma seperated list of paths to your .env file. You can use the * to exclude a group of paths.

SITE_PROTECTION_EXCEPT_PATHS=path1,path2,login*

Protect only specific paths

You can protect only some paths. Add a comma seperated list of paths to your .env file. You can use the * to protect a a group of paths.

SITE_PROTECTION_PROTECTED_ONLY_PATHS=path1,path2,admin*

Set a CSS file uri

You can change the look and feel of the password protection page by adding an uri to your main css file. The css file is appened to the existing css styles to keep basic alignments.

SITE_PROTECTION_CSS_FILE_URI=/assets/app.css

Cookie lifetime

Set the duration for the cookie lifetime in seconds. Default is set to one year. The following .env value would change it to one week:

SITE_PROTECTION_COOKIE_LIFETIME=604800

Customization

In case you really need to. You can modify the view that handles password entry by publishing the views to your resource folder. This is not recommended and might cause problems on future updates. Try using the uri to a css file first.

Run the following command:

php artisan vendor:publish --provider="ElicDev\SiteProtection\SiteProtectionServiceProvider" --tag=views

You can now make the changes in resources/vendor/views/site-protection/site-protection-form.blade.php.