A simple but highly customizable package for preventing access to private or WIP Laravel projects.
- Convenient access control for private projects or pages
- Simple, beautiful and fully customizable error page
- Replaceable authentication process & token storage
Blockade offers a simple way to share access to development or staging environments only by typing in a password. The authenticating user will return the intended URL after a successful login. The built in Laravel Maintenance Mode uses a different approach by denying access in deployment or maintenance procedures.
Yes! From my experience, other maintenance mode packages (and similar) only rely on one authentication method which is either cookie or session based. When working on many projects with different tech stacks, some drivers like session storage in API-only projects are simply not available. Blockade is meant to solve this issue by combining several auth mechanisms in one package.
composer require romanzipp/laravel-blockade
Copy configuration & assets files to project folder:
php artisan blockade:install
You can also publish views (--views) and language files (--lang) to further customize the Blockade template.
Make use of the --update parameter if you are seeing an error message at the bottom.
To enable Blockade, simply
- Set the environment variables
BLOCKADE_ENABLED=true&BLOCKADE_PASSWORD= - Register the
BlockadeMiddlewareclass in your middleware stack.
namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
use romanzipp\Blockade\Http\Middleware\BlockadeMiddleware;
class Kernel extends HttpKernel
{
// Globally for all routes
protected $middleware = [
// ...
BlockadeMiddleware::class,
];
// In a single middleware group
protected $middlewareGroups = [
'web' => [
// ...
BlockadeMiddleware::class,
]
];
// As named middleware, applied in your routes file
protected $routeMiddleware = [
// ...
'blockade' => BlockadeMiddleware::class,
];
}The package defaults to the provided view for password prompt and stores the authentication hash in a cookie.
To reset previous granted access, just change the BLOCKADE_PASSWORD entry. All issued access tokens will be invalid on the next page request.
Handlers are responsible for validating authentication requests and sending successful or failed responses. You can set the active handler in blockade.handler and customize each handler individually via the blockade.handlers.* config entries.
| Handler | Description | Class |
|---|---|---|
| Form (default) | The password is provided by a form | romanzipp\Blockade\Handlers\FormHandler |
| Query Parameter | The password is attached as query parameter | romanzipp\Blockade\Handlers\QueryParameterHandler |
Stores are storing (how surprising) the authentication state for later requests. You can set the active store in blockade.store and customize each store individually via the blockade.stores.* config entries.
| Store | Description | Class |
|---|---|---|
| Cookies (default) | The password hash will be stored as browser cookie | romanzipp\Blockade\Stores\CookieStore |
| Session | The password hash will be stored in the active session | romanzipp\Blockade\Stores\SessionStore |
Important: If you are using the SessionStore make sure the BlockadeMiddleware is appended after the Illuminate\Session\Middleware\StartSession middleware.
You can create your own authentication process by simply implementing the
romanzipp\Blockade\Handlers\Contracts\HandlerContractinterface for handlers andromanzipp\Blockade\Stores\Contracts\StoreContractinterface for stores.
It is recommended to publish the provided css files via the vendor:publish command listed at the top. If the bundled asset file is not available we will use a fallback from unkpg.com and display an error notice in the footer section.
Use the --update argument to update the published assets.
php artisan blockade:install --update
The package stores the authentication token as SHA 256 hash of the configured password.
./vendor/bin/phpunit
yarn dev
yarn prod
Special thanks to Katerina Limpitsouni for the awesome unDraw SVG illustrations!