laravel-stauth maintained by stauth
Laravel Stauth
Staging server athorization package, alternative for .htaccess, register at stauth.io
Installation
composer require stauth/laravel-stauth
Local and staging
If you don't want Stauth service provider to be exeuted at production environment, create StauthProtectionServiceProvider
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
use Stauth\StauthServiceProvider;
class StauthProtectionServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*
* @return void
*/
public function register()
{
if ($this->app->environment('local', 'staging')) {
$this->app->register(StauthServiceProvider::class);
}
}
}
And add it to config/app.php below AppServiceProvider:
'providers' => [
/**
* Stauth app access protection
*/
App\Providers\StauthProtectionServiceProvider::class,
],
Production
If you don't mind Stauth service provider being executed at production environment, or you want to protect your production env, add it directly at providers array in config/app.php.
'providers' => [
/**
* Staging access control
*/
Stauth\StauthServiceProvider::class,
],
Add Stauth middleware in app/Http/Kernel.php, it is very important that StauthProtection is above any response cache extension middleware like laravel-responsecache:
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
...
\Stauth\Middleware\StauthProtection::class,
],
Generate access token at stauth.io and add it as a STAUTH_ACCESS_TOKEN param in .env file:
STAUTH_ACCESS_TOKEN=verylongchainoflettersmixedwithsomerandomnumbers123
By default protected environment is staging, in order to change this, add STAUTH_PROTECTED_ENV param in .env file:
STAUTH_PROTECTED_ENV=local
Other
If you want to know or do more, read below.
Publish configuration
You can publish configuration and update required params in php file:
php artisan vendor:publish --provider="Stauth\StauthServiceProvider" --tag=config
Cache
Please keep in mind that this package takes adventage of csrf_token, therefore it is important to exclude both routes /stauth/protected and /stauth/authorize from any response caching engines.