Stars: 297
Forks: 26
Pull Requests: 25
Issues: 12
Watchers: 11
Last Updated: 2023-01-19 17:16:41
A package to protect your work in progress from prying eyes
License: MIT License
Languages: PHP
https://freek.dev/421-a-package-to-protect-your-work-in-progress-from-prying-eyes
Imagine you are working on a new app. Your client wants to see the progress that you've made. However your site isn't ready for prime time yet. Sure, you could create some login functionality and display the site only to logged in users. But why bother creating users when there is a more pragmatic approach?
This package provides a route middleware to protected routes from prying eyes. All users that visit a protected route will be redirect to a configurable url (e.g. /under-construction
). This is also the case when a user attempts to access an unknown route. To view the content of the routes a visitor must first visit a url that grants access (e.g. /demo
).
A word to the wise: do not use this package to restrict access to sensitive data or to protect an admin section. For those cases you should use proper authentication.
Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.
If you're on Laravel 8 or higher, use Laravel's built in php artisan down
command to activate demo mode. You don't need this package for that.
We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.
We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.
You can install the package via composer:
composer require spatie/laravel-demo-mode
The Spatie\DemoMode\DemoModeServiceProvider::class
service provider will be auto registered.
The \Spatie\DemoMode\DemoMode::class
-middleware must be registered in the kernel:
//app/Http/Kernel.php
protected $routeMiddleware = [
...
'demoMode' => \Spatie\DemoMode\DemoMode::class,
];
Naming the route middleware DemoMode
is just a suggestion. You can give it any name you'd like.
You must publish the config file:
php artisan vendor:publish --provider="Spatie\DemoMode\DemoModeServiceProvider"
This is the content of the published config file demo-mode.php
:
return [
/*
* This is the master switch to enable demo mode.
*/
'enabled' => env('DEMO_MODE_ENABLED', true),
/*
* Visitors browsing a protected url will be redirected to this path.
*/
'redirect_unauthorized_users_to_url' => '/under-construction',
/*
* After having gained access, visitors will be redirected to this path.
*/
'redirect_authorized_users_to_url' => '/',
/*
* The following IP's will automatically gain access to the
* app without having to visit the `demoAccess` route.
*/
'authorized_ips' => [
//
],
/*
* When strict mode is enabled, only IP's listed in `authorized_ips` will gain access.
* Visitors won't be able to gain access by visiting the `demoAccess` route anymore.
*/
'strict_mode' => false,
];
If you want to use the demoAccess
route you must call the demoAccess
route macro in your routes file.
Route::demoAccess('/demo');
Visiting /demo
will grant access to the pages protected by demo mode. Of course you can choose any url you'd like.
If you want to automatically authorize certain IP addresses you can add them in the authorized_ips
array in the demo-mode.php
config file.
To disable the demoAccess
route and only allow access to the authorized_ips
you can enable strict_mode
in the demo-mode.php
config file.
You can protect some routes by using the demoMode
-middleware on them.
//only users who have previously visited "/demo" will be able to see these pages.
Route::group(['middleware' => 'demoMode'], function () {
Route::get('/secret-route', function() {
echo 'Hi!';
});
});
Unless you visit the url used by the demoAccess
route macro first or from an authorized IP address, visiting these routes will result in a redirect in to the url specified in the redirect_unauthorized_users_to_url
-key of the config file.
An authenticated user has access to all protected routes too.
Because it uses session to verify the user, both demoAccess
route and protected routes must have the web
middleware, or having the \Illuminate\Session\Middleware\StartSession
middleware to be able to authorize a user that is either not authenticated or not visiting from an authorized IP.
Please see CHANGELOG for more information what has changed recently.
composer test
Please see CONTRIBUTING for details.
If you've found a bug regarding security please mail [email protected] instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.