Looking to hire Laravel developers? Try LaraJobs

laravel maintained by gatekeepr

Description
Laravel middleware and client helpers for Gatekeepr signup and login abuse protection.
Last update
2026/05/15 09:37 (dev-main)
License
MIT
Links
GitHub - Packagist
Downloads
0
Tags
middleware - laravel - gatekeepr - abuse-prevention - signup-protection - fraud-protection

dev-main

Last update
2026/05/15 09:37
License
MIT
Require
  • php ^8.1
  • illuminate/contracts ^10.0|^11.0|^12.0
  • illuminate/http ^10.0|^11.0|^12.0
  • illuminate/support ^10.0|^11.0|^12.0
Comments
comments powered by Disqus

gatekeepr/laravel

Laravel middleware and client helpers for checking signup and login requests with Gatekeepr before accounts, credits, or sessions are created.

Install

composer require gatekeepr/laravel

Publish the config when you want to customize defaults:

php artisan vendor:publish --tag=gatekeepr-config

Set your API key:

GATEKEEPR_API_KEY=your_gatekeepr_api_key

Middleware

The package registers a gatekeepr middleware alias. Put it before the code that creates users or sessions.

use App\Http\Controllers\Auth\RegisteredUserController;
use Illuminate\Support\Facades\Route;

Route::post('/register', [RegisteredUserController::class, 'store'])
	->middleware('gatekeepr');

By default, only Gatekeepr block decisions are rejected. To reject challenges too:

Route::post('/login', [AuthenticatedSessionController::class, 'store'])
	->middleware('gatekeepr:block,challenge');

Blocked requests return JSON like:

{
	"error": "gatekeepr_blocked",
	"message": "Request blocked by Gatekeepr.",
	"status": "block",
	"threats": ["email_disposable"]
}

Manual Checks

use Gatekeepr\Laravel\Facades\Gatekeepr;
use Illuminate\Http\Request;

Route::post('/register', function (Request $request) {
	$decision = Gatekeepr::checkRequest($request);

	if ($decision->blocked()) {
		return response()->json($decision->responseBody(), $decision->responseStatus());
	}

	// Create the user.
});

Payload Extraction

The package sends:

  • email from request input fields email, username, or user.email, then route params, then the authenticated user.
  • ip from common proxy headers, then Laravel's $request->ip().
  • user_agent from $request->userAgent().

Customize extraction in config/gatekeepr.php:

'email_fields' => ['email', 'login'],
'email_sources' => ['input'],
'reject_statuses' => ['block', 'challenge'],
'block_message' => 'Signup blocked by Gatekeepr.',

For one-off calls:

$decision = Gatekeepr::checkRequest($request, [
	'get_email' => fn (Request $request) => $request->input('account.email'),
	'get_ip' => fn (Request $request) => $request->ip(),
	'get_user_agent' => fn (Request $request) => $request->userAgent(),
]);

Direct Client

use Gatekeepr\Laravel\GatekeeprClient;

$client = new GatekeeprClient(config('gatekeepr.api_key'));

$result = $client->check([
	'email' => 'user@example.com',
	'ip' => request()->ip(),
	'user_agent' => request()->userAgent(),
]);

Testing

composer install
composer test