teraone / laravel-cloudflare-zero-trust-middleware
Middleware to secure certain routes with Cloudflare Zero Trust
Installs: 11 268
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 2
Forks: 4
Open Issues: 2
Requires
- php: ^8.2
- guzzlehttp/guzzle: ^7.5
- illuminate/contracts: ^9.0|^10.0|^11.0
- spatie/laravel-package-tools: ^1.16
- web-token/jwt-library: ^3.4
Requires (Dev)
- larastan/larastan: ^2.9
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.1.1||^7.10.0
- orchestra/testbench: ^9.0.0||^8.22.0
- pestphp/pest: ^2.34
- pestphp/pest-plugin-arch: ^2.7
- pestphp/pest-plugin-laravel: ^2.3
- phpstan/extension-installer: ^1.3
- phpstan/phpstan-deprecation-rules: ^1.1
- phpstan/phpstan-phpunit: ^1.3
- spatie/laravel-ray: ^1.35
This package is auto-updated.
Last update: 2024-12-21 19:56:41 UTC
README
Installation
You can install the package via composer:
composer require teraone/laravel-cloudflare-zero-trust-middleware
Configuration
Publish the config file with:
php artisan vendor:publish --tag="cloudflare-zero-trust-middleware-config"
This is the content of the published config file:
return [ /* |-------------------------------------------------------------------------- | Cloudflare Team Name |-------------------------------------------------------------------------- | | Here you should define the name of your Cloudflare Team Account. | Not sure? Open https://one.dash.cloudflare.com/ | It will be the name on which you click. | */ 'cloudflare_team_name' => env('CLOUDFLARE_TEAM_NAME'), /* |-------------------------------------------------------------------------- | Cloudflare Zero Trust / Application Audience Tag |-------------------------------------------------------------------------- | | Please enter the Application Audience Tag which you want to protect. | Open the Zero Trust Dashboard at https://one.dash.cloudflare.com/: | Access > Applications: Select "Configure" for your application. | On the overview tab, copy the "Application Audience (AUD) Tag". | */ 'cloudflare_zero_trust_application_audience_tag' => env('CLOUDFLARE_ZERO_TRUST_APPLICATION_AUDIENCE_TAG'), /* |-------------------------------------------------------------------------- | Use certificate cache |-------------------------------------------------------------------------- | | Should it cache the cloudflare certificates. | */ 'cache' => true, /* |-------------------------------------------------------------------------- | Certificate cache TTL |-------------------------------------------------------------------------- | | How long should we cache your public cloudflare certificates? In seconds. | The certificate cache will be flushed when a new certificate is detected. | */ 'cache_ttl' => 60 * 60 * 24, /* |-------------------------------------------------------------------------- | Disable the middleware on these environments |-------------------------------------------------------------------------- | | Most likely you do not have cloudflare available during development. | Use this setting to bypass the middleware for specific environments. | */ 'disabled_environments' => [ 'local', ], ];
Usage
Add the middleware to the routes you want to protect.
// with shorthand alias Route::get('/protected', function(){ return 'Protected by Cloudflare Zero trust ✅';}) ->middleware('cloudflare-zero-trust'); // OR: Use Class directly Route::get('/also-secure', function(){ return 'Also protected by Cloudflare Zero trust ✅';}) ->middleware(\Teraone\ZeroTrustMiddleware\ZeroTrustMiddleware\ZeroTrustMiddleware::class);
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.
Support Spatie
We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.
We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.