gatekeepr/laravel

Laravel middleware and client helpers for Gatekeepr signup and login abuse protection.

Maintainers

Package info

github.com/gtkppr/laravel

pkg:composer/gatekeepr/laravel

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

dev-main 2026-05-15 07:37 UTC

Requires

Requires (Dev)

MIT 08c26c12ad7eafebd801aa790ec262a94d5d6327

middlewarelaravelgatekeeprabuse-preventionsignup-protectionfraud-protection

This package is auto-updated.

Last update: 2026-05-15 08:05:25 UTC

README

Laravel middleware and client helpers for checking signup and login requests with Gatekeepr before accounts, credits, or sessions are created.

Install

composer require gatekeepr/laravel

Publish the config when you want to customize defaults:

php artisan vendor:publish --tag=gatekeepr-config

Set your API key:

GATEKEEPR_API_KEY=your_gatekeepr_api_key

Middleware

The package registers a gatekeepr middleware alias. Put it before the code that creates users or sessions.

use App\Http\Controllers\Auth\RegisteredUserController;
use Illuminate\Support\Facades\Route;

Route::post('/register', [RegisteredUserController::class, 'store'])
	->middleware('gatekeepr');

By default, only Gatekeepr block decisions are rejected. To reject challenges too:

Route::post('/login', [AuthenticatedSessionController::class, 'store'])
	->middleware('gatekeepr:block,challenge');

Blocked requests return JSON like:

{
	"error": "gatekeepr_blocked",
	"message": "Request blocked by Gatekeepr.",
	"status": "block",
	"threats": ["email_disposable"]
}

Manual Checks

use Gatekeepr\Laravel\Facades\Gatekeepr;
use Illuminate\Http\Request;

Route::post('/register', function (Request $request) {
	$decision = Gatekeepr::checkRequest($request);

	if ($decision->blocked()) {
		return response()->json($decision->responseBody(), $decision->responseStatus());
	}

	// Create the user.
});

Payload Extraction

The package sends:

  • email from request input fields email, username, or user.email, then route params, then the authenticated user.
  • ip from common proxy headers, then Laravel's $request->ip().
  • user_agent from $request->userAgent().

Customize extraction in config/gatekeepr.php:

'email_fields' => ['email', 'login'],
'email_sources' => ['input'],
'reject_statuses' => ['block', 'challenge'],
'block_message' => 'Signup blocked by Gatekeepr.',

For one-off calls:

$decision = Gatekeepr::checkRequest($request, [
	'get_email' => fn (Request $request) => $request->input('account.email'),
	'get_ip' => fn (Request $request) => $request->ip(),
	'get_user_agent' => fn (Request $request) => $request->userAgent(),
]);

Direct Client

use Gatekeepr\Laravel\GatekeeprClient;

$client = new GatekeeprClient(config('gatekeepr.api_key'));

$result = $client->check([
	'email' => 'user@example.com',
	'ip' => request()->ip(),
	'user_agent' => request()->userAgent(),
]);

Testing

composer install
composer test