pdphilip / cf-request
Cloudflare Laravel Request
Fund package maintenance!
pdphilip
Installs: 1 569
Dependents: 1
Suggesters: 0
Security: 0
Stars: 17
Watchers: 1
Forks: 0
Open Issues: 0
Requires
- php: ^8.2
- illuminate/contracts: ^10.0||^11.0
- matomo/device-detector: ^6.4
- pdphilip/omniterm: ^1.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- larastan/larastan: ^2.9
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.1.1||^7.10.0
- orchestra/testbench: ^9.0.0||^8.22.0
- pestphp/pest: ^2.34
- pestphp/pest-plugin-arch: ^2.7
- pestphp/pest-plugin-laravel: ^2.3
- phpstan/extension-installer: ^1.3
- phpstan/phpstan-deprecation-rules: ^1.1
- phpstan/phpstan-phpunit: ^1.3
README
Cloudflare Laravel Request
Cloudflare Laravel Request inherits the request object from Laravel and parses specific headers from Cloudflare to provide additional information about the request, including:
CfRequest::ip()
- Original Client IP (Before it passes through any proxies)CfRequest::country()
- Origin CountryCfRequest::timezone()
- Origin TimezoneCfRequest::city()
- Origin CityCfRequest::region()
- Origin RegionCfRequest::postalCode()
- Origin Postal CodeCfRequest::lat()
- Origin LatitudeCfRequest::lon()
- Origin LongitudeCfRequest::isBot()
- If it's a botCfRequest::threatScore()
- Threat Score from Cloudflare
The User-Agent is also parsed to provide additional information about the device, including:
CfRequest::deviceType()
- Device Type (mobile, tablet, desktop, tv, etc)CfRequest::deviceBrand()
- Device BrandCfRequest::deviceModel()
- Device ModelCfRequest::os()
- Device OSCfRequest::osVersion()
- Device OS VersionCfRequest::browser()
- Device BrowserCfRequest::browserVersion()
- Device Browser Version
With this package, you can:
- Replace
Request $request
withCfRequest $request
in your controller methods to access the additional methods. - Call the
CfRequest
facade anywhere in your application to access this information.
CF Request in action: Test your connection
Highlights
Lean into Cloudflare's Security
public function register(CfRequest $request) { if ($request->isBot()) { abort(403, 'Naughty bots'); } if ($request->threatScore() > 50) { abort(403, 'Thanks but no thanks'); } $attributes = $request->validate([ 'first_name' => 'required|string', 'last_name' => 'required|string', //... etc ]); //... etc }
Set the timezone based on the origin
date_default_timezone_set(CfRequest::timezone()); // Now carbon dates will be parsed for the user's timezone
Apply logic based on the user's country
public function welcome() { if (CfRequest::country() === 'US') { return view('welcome_us'); } return view('welcome'); }
Apply logic based on device type
public function welcome() { $loadVideo = true; if (CfRequest::deviceType() === 'mobile') { $loadVideo = false; } // etc }
Requirements
- Laravel 10+
- Cloudflare as a proxy (though it will work without it and have no data on the CF-specific headers)
Installation
Add the package via composer:
composer require pdphilip/cf-request
Then install with:
php artisan cf-request:install
Cloudflare Setup
Option 1: Via Cloudflare API
Step 1: Copy Zone ID
- Go to your Cloudflare dashboard
- Click on the domain you want to configure
- Copy the Zone ID
- Save in ENV as
CF_API_ZONE_ID
Step 2: Create an API Token
- Navigate to: https://dash.cloudflare.com/profile/api-tokens
- Click on "Create Token"
- Select: Create Custom Token (Get started)
Token Configuration
- {Enter Token name}
- Permissions
- Account: Account Rulesets: Edit
- Zone: Transform Rules: Edit
- Account Resources
- Include: All Accounts
- Zone Resources
- Include: All Zones
- Create Token and Save in ENV as
CF_API_TOKEN
Run the artisan command:
php artisan cf-request:headers
Option 2: Manually on Cloudflare
Navigate to "Modify Request Header"
- Go to your Cloudflare dashboard
- Click on the domain you want to configure
- Click on the "Rules -> Transform Rules" menu
- Select "Modify Request Header" tab
- Click "Create a Rule"
Creating the rule
- Name: "Laravel Headers:
- Select "All incoming requests"
- Set the following headers:
Set dynamic
X-AGENT
http.user_agent
Set dynamic
X-IP
ip.src
Set dynamic
X-COUNTRY
ip.src.country
Set dynamic
X-CONTINENT
ip.src.continent
Set dynamic
X-CITY
ip.src.city
Set dynamic
X-POSTAL-CODE
ip.src.postal_code
Set dynamic
X-REGION
ip.src.region
Set dynamic
X-TIMEZONE
ip.src.timezone.name
Set dynamic
X-LAT
ip.src.lat
Set dynamic
X-LON
ip.src.lon
Set dynamic
X-REFERER
http.referer
Set dynamic
X-IS-BOT
cf.client.bot
Set dynamic
X-THREAT-SCORE
cf.threat_score
Usage
All the standard Laravel request methods are available, with the following additional methods:
CfRequest::country()
CfRequest::city()
CfRequest::region()
CfRequest::postalCode()
CfRequest::lat()
CfRequest::lon()
CfRequest::timezone()
CfRequest::isBot()
CfRequest::threatScore()
CfRequest::isMobile()
CfRequest::isTablet()
CfRequest::isDesktop()
CfRequest::isTv()
CfRequest::deviceType()
CfRequest::deviceBrand()
CfRequest::deviceModel()
CfRequest::os()
CfRequest::osVersion()
CfRequest::osFamily()
CfRequest::browser()
CfRequest::browserVersion()
CfRequest::browserName()
CfRequest::browserFamily()
CfRequest::referer()
CfRequest::refererDomain()
You can use the CfRequest
facade or inject the CfRequest $request
class into your controller methods.
Testing headers
- This package comes with a test route that will display the headers being parsed from Cloudflare.
- You can access this route by visiting
/cf-request/status
on your application. - You can disable this in the config file or by setting the
CF_ALLOW_STATUS_VIEW
environment variable tofalse
.
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Credits
License
The MIT License (MIT). Please see License File for more information.