idez / nova-security
This is a collection of different techniques and measures to make your laravel app more secure.
Fund package maintenance!
Idez
Installs: 1 120
Dependents: 0
Suggesters: 0
Security: 0
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 4
Requires
- php: ^8.0
- bacon/bacon-qr-code: ^2.0
- jenssegers/agent: ^2.6
- laravel/nova: ^3.0
- pragmarx/google2fa-laravel: ^2.0
- spatie/laravel-package-tools: ^1.9.2
Requires (Dev)
- nunomaduro/collision: ^5.10
- nunomaduro/larastan: ^1.0
- orchestra/testbench: ^6.22
- pestphp/pest: ^1.21
- pestphp/pest-plugin-faker: ^1.0
- pestphp/pest-plugin-laravel: ^1.1
- phpstan/extension-installer: ^1.1
- phpstan/phpstan-deprecation-rules: ^1.0
- phpstan/phpstan-phpunit: ^1.0
- phpunit/phpunit: ^9.5
- roave/security-advisories: dev-latest
- spatie/laravel-ray: ^1.26
This package is auto-updated.
Last update: 2024-04-09 04:27:42 UTC
README
This is a collection of different techniques and measures to make your laravel app more secure.
Support us
Send email to arthur@idez.com.br or pedro@idez.com.br
Installation
You can install the package via composer:
composer require idez/nova-security
You can publish and run the migrations with:
php artisan vendor:publish --tag="nova-security-migrations"
php artisan migrate
You can publish the config file with:
php artisan vendor:publish --tag="nova-security-config"
You can publish the translations files with:
php artisan vendor:publish --tag="nova-security-translations"
You can publish the views files with:
php artisan vendor:publish --tag="nova-security-views"
This is the contents of the published config file:
return [ 'brute_force' => [ 'enabled' => true, 'max_attempts' => 3, 'ttl' => 3600, 'protected_field' => 'email', ], '2fa' => [ /** * Uses original config file for the 2fa. */ 'ignore_override' => false, /** * Require 2FA for all users. */ 'require_for_all' => false, //... Other settings are the same as the google2fa-laravel configuration file. ] ];
Usage
Brute Force
Brute force protection is a Middleware, which can be registered in your application's in App\Http\Kernel:
use Idez\NovaSecurity\Http\Middleware\NovaBruteForceProtection; 'middleware' => [ NovaBruteForceProtection::class ]
Nothing prevents you from placing it elsewhere, such as App\Http\Kernel or config/nova.php
2FA
This package uses the pragmarx/google2fa-laravel package as a base.
Google 2fa or One Time Password is a Middleware, which can be registered in your application's in config/nova.php:
use Idez\NovaSecurity\Http\Middleware\NovaTwoFactor; 'middleware' => [ NovaTwoFactor::class ]
Actions
In User Resource
\Idez\NovaSecurity\Actions\SetupUserTwoFactorAction::make()->onlyOnDetail() ->canSee(fn ($request) => $request instanceof ActionRequest || ($this->resource->id === auth()->user()->id && ! filled($this->resource->two_factor_secret))) ->canRun(fn ($request) => $request instanceof ActionRequest || ($this->resource->id === auth()->user()->id && ! filled($this->resource->two_factor_secret))), \Idez\NovaSecurity\Actions\UnblockUserAction::make() ->onlyOnDetail() ->canSee(fn () => $request->user()->isSuperAdmin()),
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.