pdphilip/cf-request

Cloudflare Laravel Request

Fund package maintenance!
pdphilip

v1.0.2 2024-09-19 13:04 UTC

This package is auto-updated.

Last update: 2024-11-04 09:03:20 UTC


README

Cloudflare Laravel Request

Cloudflare Laravel Request

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

Cloudflare Laravel Request inherits the request object from Laravel and parses specific headers from Cloudflare to provide additional information about the request, including:

  • CfRequest::ip() - Original Client IP (Before it passes through any proxies)
  • CfRequest::country() - Origin Country
  • CfRequest::timezone() - Origin Timezone
  • CfRequest::city() - Origin City
  • CfRequest::region() - Origin Region
  • CfRequest::postalCode() - Origin Postal Code
  • CfRequest::lat() - Origin Latitude
  • CfRequest::lon() - Origin Longitude
  • CfRequest::isBot() - If it's a bot
  • CfRequest::threatScore() - Threat Score from Cloudflare

The User-Agent is also parsed to provide additional information about the device, including:

  • CfRequest::deviceType() - Device Type (mobile, tablet, desktop, tv, etc)
  • CfRequest::deviceBrand() - Device Brand
  • CfRequest::deviceModel() - Device Model
  • CfRequest::os() - Device OS
  • CfRequest::osVersion() - Device OS Version
  • CfRequest::browser() - Device Browser
  • CfRequest::browserVersion() - Device Browser Version

With this package, you can:

  • Replace Request $request with CfRequest $request in your controller methods to access the additional methods.
  • Call the CfRequest facade anywhere in your application to access this information.

CF Request in action: Test your connection

Highlights

Lean into Cloudflare's Security

public function register(CfRequest $request)
{
    if ($request->isBot()) {
        abort(403, 'Naughty bots');
    }
    if ($request->threatScore() > 50) {
        abort(403, 'Thanks but no thanks');
    }
    $attributes = $request->validate([
        'first_name' => 'required|string',
        'last_name' => 'required|string',
        //... etc
    ]);
   //... etc
}

Set the timezone based on the origin

date_default_timezone_set(CfRequest::timezone());
// Now carbon dates will be parsed for the user's timezone

Apply logic based on the user's country

public function welcome()
{
   if (CfRequest::country() === 'US') {
         return view('welcome_us');
   }
   return view('welcome');
}

Apply logic based on device type

public function welcome()
{
    $loadVideo = true;
    if (CfRequest::deviceType() === 'mobile') {
        $loadVideo = false;
    }
    // etc
}

Requirements

  • Laravel 10+
  • Cloudflare as a proxy (though it will work without it and have no data on the CF-specific headers)

Installation

Add the package via composer:

composer require pdphilip/cf-request

Then install with:

php artisan cf-request:install

Cloudflare Setup

Option 1: Via Cloudflare API

Step 1: Copy Zone ID

  • Go to your Cloudflare dashboard
  • Click on the domain you want to configure
  • Copy the Zone ID
  • Save in ENV as CF_API_ZONE_ID
Cloudflare Laravel Request - zoneid

Step 2: Create an API Token

Token Configuration

  • {Enter Token name}
  • Permissions
    • Account: Account Rulesets: Edit
    • Zone: Transform Rules: Edit
  • Account Resources
    • Include: All Accounts
  • Zone Resources
    • Include: All Zones
Cloudflare Laravel Request - token perms
  • Create Token and Save in ENV as CF_API_TOKEN

Run the artisan command:

php artisan cf-request:headers
Cloudflare Laravel Request - artisan
Option 2: Manually on Cloudflare

Navigate to "Modify Request Header"

  • Go to your Cloudflare dashboard
  • Click on the domain you want to configure
  • Click on the "Rules -> Transform Rules" menu
  • Select "Modify Request Header" tab
  • Click "Create a Rule"

Creating the rule

  • Name: "Laravel Headers:
  • Select "All incoming requests"
  • Set the following headers:

Set dynamic
X-AGENT
http.user_agent

Set dynamic
X-IP
ip.src

Set dynamic
X-COUNTRY
ip.src.country

Set dynamic
X-CONTINENT
ip.src.continent

Set dynamic
X-CITY
ip.src.city

Set dynamic
X-POSTAL-CODE
ip.src.postal_code

Set dynamic
X-REGION
ip.src.region

Set dynamic
X-TIMEZONE
ip.src.timezone.name

Set dynamic
X-LAT
ip.src.lat

Set dynamic
X-LON
ip.src.lon

Set dynamic
X-REFERER
http.referer

Set dynamic
X-IS-BOT
cf.client.bot

Set dynamic
X-THREAT-SCORE
cf.threat_score

Usage

All the standard Laravel request methods are available, with the following additional methods:

CfRequest::country()

CfRequest::city()

CfRequest::region()

CfRequest::postalCode()

CfRequest::lat()

CfRequest::lon()

CfRequest::timezone()

CfRequest::isBot()

CfRequest::threatScore()

CfRequest::isMobile()

CfRequest::isTablet()

CfRequest::isDesktop()

CfRequest::isTv()

CfRequest::deviceType()

CfRequest::deviceBrand()

CfRequest::deviceModel()

CfRequest::os()

CfRequest::osVersion()

CfRequest::osFamily()

CfRequest::browser()

CfRequest::browserVersion()

CfRequest::browserName()

CfRequest::browserFamily()

CfRequest::referer()

CfRequest::refererDomain()

You can use the CfRequest facade or inject the CfRequest $request class into your controller methods.

Testing headers

  • This package comes with a test route that will display the headers being parsed from Cloudflare.
  • You can access this route by visiting /cf-request/status on your application.
  • You can disable this in the config file or by setting the CF_ALLOW_STATUS_VIEW environment variable to false.

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Credits

License

The MIT License (MIT). Please see License File for more information.