10 packages to secure your laravel application

Deven Rathore 5 min read
10 packages to secure your laravel application

Here is the list of 10 packages from which you can secure your laravel application with ease. all you have to do is just browse to your folder via command panel an and install these packages using composer

1 – laravel-security

This packages integrates Symfony Security Core in Laravel, mainly to use the Voters to check acces to roles/objects.

Install

Add this package to your composer.json and run composer update

"barryvdh/laravel-security": "0.2.x@dev"

After updating, add the ServiceProvider to ServiceProvider array in config/app.php

'Barryvdh\Security\SecurityServiceProvider'

You can optionally add the Facade as well, to provide faster access to the Security component.

'Security' => 'Barryvdh\Security\Facade',

Links

GitHubPackagist

2 – authority-controller

AuthorityController is an PHP authorization library for Laravel 5.0 & 5.1 which restricts what resources a given user is allowed to access.

All permissions are defined in a single location:

config/authority-controller.php

and not duplicated across controllers, routes, views, and database queries.

Links

GitHubPackagist

3 – security

Laravel Security was created by, and is maintained by Graham Campbell, and is a port of the security class from CodeIgniter 3 for Laravel 5. This package is best used wrapped in my Laravel Binput package.

 

Installation

PHP 5.5+ or HHVM 3.6+, and Composer are required.

To get the latest version of Laravel Security, simply add the following line to the require block of your composer.json file:

"graham-campbell/security": "~3.2"

You’ll then need to run composer install or composer update to download it and have the autoloader updated.

Once Laravel Security is installed, you need to register the service provider. Open up config/app.php and add the following to the providers key.

  • 'GrahamCampbell\Security\SecurityServiceProvider'

You can register the Security facade in the aliases key of your config/app.php file if you like.

  • 'Security' => 'GrahamCampbell\Security\Facades\Security'

Configuration

Laravel Security supports optional configuration.

To get started, you’ll need to publish all vendor assets:

$ php artisan vendor:publish

This will create a config/security.php file in your app that you can modify to set your configuration. Also, make sure you check for changes to the original config file in this package between releases.

There is one config option:

Evil attributes

This option ('evil') defines the evil attributes and they will be always be removed from the input

 

Links

GitHubPackagist

 

4 – HTMLPurifier for Laravel 5

A simple Laravel 5 service provider for including the HTMLPurifier for Laravel 5.

for Laravel 4 HTMLPurifier for Laravel 4

This package can be installed via Composer by requiring the mews/purifier package in your project’s composer.json:

{
    "require": {
        "laravel/framework": "~5.0",
        "mews/purifier": "~2.0",
    }
}

or

Require this package with composer:

composer 

Update your packages with composer update or install with composer install

 

Links

HomepageGitHubPackagist

 

 

5 -binput

Binput Is An Input Protector For Laravel 5

Links

GitHubPackagis

6 – visualcaptcha-laravel

Laravel library for visualCaptcha. VisualCaptcha is created by EmotionLoop

Links

HomepageGitHubPackagist

7 – power

 

Full Administrative Package for laravel

 

Links

GitHubPackagist

8 -Laravel-ACL

Light-weight role-based permissions for Laravel 5 built in Auth system.

Links

GitHubPackagist

9- sysguard

Extend Laravel 5.0 Authentication to add more functionality.

Installation

First, pull in the package through Composer.

"require": {
    "ifaniqbal/sysguard": "dev-master"
}

Install with composer:

composer install

Include the service provider within config/app.php.

'providers' => [
    'Ifaniqbal\Sysguard\SysguardServiceProvider'
];

Add a facade alias to this same file at the bottom:

'aliases' => [
    'Sysguard' => 'Ifaniqbal\Sysguard\SysguardFacade'
];

Add this middleware within script app/Http/Kernel.php:

protected $routeMiddleware = [
    'authorize' => 'Ifaniqbal\Sysguard\AuthorizeMiddleware'
];

Copy migration file to migration directory:

php artisan vendor:publish --force

Run artisan migrate to create the required tables on database:

php artisan migrate

You may need to run php artisan fresh so that the migration doesn’t conflict with Laravel user table migration.

Now, you’re ready to add this route in app/Http/routes.php:

Route::get ('/sysguard', ['uses' => '\Ifaniqbal\Sysguard\SysguardController@index', 'as' => 'sysguard.index']);

Route::resource('user', '\Ifaniqbal\Sysguard\UserController', ['except' => ['destroy']]);
Route::get ('/user/{user}/destroy', ['uses' => '\Ifaniqbal\Sysguard\UserController@destroy', 'as' => 'user.destroy']);

Route::resource('group', '\Ifaniqbal\Sysguard\GroupController', ['except' => ['destroy']]);
Route::get ('/group/{group}/destroy', ['uses' => '\Ifaniqbal\Sysguard\GroupController@destroy', 'as' => 'group.destroy']);

Route::resource('menu', '\Ifaniqbal\Sysguard\MenuController', ['except' => ['destroy']]);
Route::get ('/menu/{menu}/destroy', ['uses' => '\Ifaniqbal\Sysguard\MenuController@destroy', 'as' => 'menu.destroy']);

Route::resource('permission', '\Ifaniqbal\Sysguard\PermissionController', ['except' => ['destroy']]);
Route::get ('/permission/{permission}/destroy', ['uses' => '\Ifaniqbal\Sysguard\PermissionController@destroy', 'as' => 'permission.destroy']);

This package use watson/boostrap-form. So, you need to add these service providers:

'Collective\Html\HtmlServiceProvider',
'Watson\BootstrapForm\BootstrapFormServiceProvider',

Then, add these aliases:

'Form'      => 'Collective\Html\FormFacade',
'HTML'      => 'Collective\Html\HtmlFacade',
'BootstrapForm' => 'Watson\BootstrapForm\Facades\BootstrapForm',

Usage

To check authorization for current user in current route:

Sysguard::authorize();

To get sidebar menu for current user:

Sysguard::getHierarchicalMenu();

To get all menu for current user:

Sysguard::getEffectiveMenu();

To get all permission for current user:

Sysguard::getEffectivePermission();


Links

GitHubPackagist

 

10 – lock-laravel

A Laravel Driver for Lock.

This package is a Laravel 5 driver for Lock. Check the documentation of Lock for more info. It requires PHP 5.5.9+.

Links