Put your Laravel application into read-only mode.
A simple .env flag that can place your application into read-only mode. By default only get requests are allowed. You can optionally allow authentication.
You can install the package via composer:
composer require rappasoft/lockout
You can publish the configuration file to override the defaults:
php artisan vendor:publish --provider="Rappasoft\Lockout\LockoutServiceProvider"
Add to .env file
APP_READ_ONLY = true
By default only pages accessed with GET requests will be allowed, everything else will throw a 401 Unauthorized response. You can modify the blocked request types in the lockout configuration file.
To optionally allow logging into the application to view secure areas, after login only GET requests will still be allowed.
APP_READ_ONLY_LOGIN = true
You can set your login/logout paths from the configuration file if they differ from the Laravel default.
If you want to block access to regular pages in addition to the lockout types, or just by themselves you can edit the pages array of the config file:
'pages' => [ 'register', // Blocks access to the register page ],
You may conditionally render views based on the status of the lockout with this blade helper:
@readonly Sorry for the inconvenience, but our application is currently in read-only mode. Please check back soon. @endreadonly
You may whitelist certain paths for certain methods. I.e. part of your application is behind the password.confirm middleware and you want the demo user to be able to access it.
'whitelist' => [ 'post' => '/password/confirm', ],
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email email@example.com instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.