Skip to content
/ nova-security Public
generated from spatie/package-skeleton-laravel

This is a collection of different techniques and measures to make your laravel app more secure.

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

idezdigital/nova-security

BranchesTags

Repository files navigation

Nova Security

Latest Version on Packagist GitHub Tests Action Status GitHub Code Style Action Status Total Downloads

This is a collection of different techniques and measures to make your laravel app more secure.

Support us

Send email to [email protected] or [email protected]

Installation

You can install the package via composer:

composer require idez/nova-security

You can publish and run the migrations with:

php artisan vendor:publish --tag="nova-security-migrations"
php artisan migrate

You can publish the config file with:

php artisan vendor:publish --tag="nova-security-config"

You can publish the translations files with:

php artisan vendor:publish --tag="nova-security-translations"

You can publish the views files with:

php artisan vendor:publish --tag="nova-security-views"

This is the contents of the published config file:

return [
    'brute_force' => [
        'enabled' => true,
        'max_attempts' => 3,
        'ttl' => 3600,
        'protected_field' => 'email',
    ],


    '2fa' => [
        /**
         * Uses original config file for the 2fa.
         */
        'ignore_override' => false,

        /**
         * Require 2FA for all users.
         */
        'require_for_all' => false,

        //... Other settings are the same as the google2fa-laravel configuration file.
    ]
];

Usage

Brute Force

Brute force protection is a Middleware, which can be registered in your application's in App\Http\Kernel:

use Idez\NovaSecurity\Http\Middleware\NovaBruteForceProtection;
    'middleware' => [
        NovaBruteForceProtection::class
    ]

Nothing prevents you from placing it elsewhere, such as App\Http\Kernel or config/nova.php

2FA

This package uses the pragmarx/google2fa-laravel package as a base.

Google 2fa or One Time Password is a Middleware, which can be registered in your application's in config/nova.php:

use Idez\NovaSecurity\Http\Middleware\NovaTwoFactor;
    'middleware' => [
        NovaTwoFactor::class
    ]

Actions

In User Resource

    \Idez\NovaSecurity\Actions\SetupUserTwoFactorAction::make()->onlyOnDetail()
        ->canSee(fn ($request) => $request instanceof ActionRequest || ($this->resource->id === auth()->user()->id && ! filled($this->resource->two_factor_secret)))
        ->canRun(fn ($request) => $request instanceof ActionRequest || ($this->resource->id === auth()->user()->id && ! filled($this->resource->two_factor_secret))),


    \Idez\NovaSecurity\Actions\UnblockUserAction::make()
        ->onlyOnDetail()
        ->canSee(fn () => $request->user()->isSuperAdmin()),

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

About

This is a collection of different techniques and measures to make your laravel app more secure.

Topics

security laravel laravel-framework laravel-package nova laravel-nova

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1.0.3 Latest
Jan 19, 2022
+ 2 releases

Sponsor this project

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages