codewiser/otp-authenticate
Composer 安装命令:
composer require codewiser/otp-authenticate
包简介
One time passwords for Laravel
README 文档
README
In a very simple case, our Laravel applications authenticates users by login and password. Sometimes we force our applications to verify user's emails.
This package requires users to periodically re-verify emails using one time passwords.
The authentication process will be:
- user signs-in with login and password
- application sends an email with one time password
- user affirms authentication providing this password
Installation
Install service.
composer require codewiser/otp-authenticate
php artisan otp:install
Service Provider
Configure the frequency of email re-verification and rate limiters in a service provider class.
Providers/OtpServiceProvider.php
<?php namespace App\Providers; use Codewiser\Otp\OtpService; use Codewiser\Otp\RateLimiter\OtpLimit; use Codewiser\Otp\RateLimiter\Throttle; use Illuminate\Http\Request; use Illuminate\Support\Facades\RateLimiter; use Illuminate\Support\ServiceProvider; class OtpServiceProvider extends ServiceProvider { /** * Register any application services. */ public function register(): void { $this->app->singleton(OtpService::class, fn($app) => new OtpService('P1W') ); } /** * Bootstrap any application services. */ public function boot(): void { RateLimiter::for(Throttle::issue, fn(Request $request) => [ OtpLimit::perMinute(1)->for(Throttle::issue)->by('minute:'.$request->user()->id), OtpLimit::perDay(15)->for(Throttle::issue)->by('day:'.$request->user()->id), ]); RateLimiter::for(Throttle::verify, fn(Request $request) => [ OtpLimit::perDay(30)->for(Throttle::verify)->by($request->user()->id) ]); } }
As you can see, we use extended OtpLimit with custom response that returns
user back to the previous page with a throttle message.
You may use base Limit as well.
Otp service constructor
OtpService class constructor has one optional parameter. It is a string in
date interval
format.
For example, if we define new OtpService('P1M'), users will sign in
using otp at least once a month.
Empty constructor new OtpService() means that every authentication process
accompanied by otp.
Either way, the otp process will be invoked no more often than once during user session.
Otp user contract
Apply MustVerifyEmailWithOtp contract and MustVerifyEmailWithOtp trait
to a User model. These contract and trait extends well known
MustVerifyEmail.
Models/User.php
use Codewiser\Otp\Contracts\MustVerifyEmailWithOtp; use Codewiser\Otp\Traits\MustVerifyEmailWithOtp as HasOtp; use Illuminate\Foundation\Auth\User as Authenticatable; class User extends Authenticatable implements MustVerifyEmailWithOtp { use HasOtp; // }
Protecting routes
Use EnsureOtpIsPassed middleware to protect only stateful (web) requests.
To protect stateless (api) requests keep using
EnsureEmailIsVerified (aka verified) middleware.
routes/web.php
use Codewiser\Otp\Middleware\EnsureOtpIsPassed; use Illuminate\Support\Facades\Route; Route::middleware(['auth', EnsureOtpIsPassed::class])->group(function () { // });
Customization
You may change published blade template, or you may register custom view. You may register custom function to generate otp codes. And you may register custom function for composing a notification.
use Codewiser\Otp\OtpService; use Codewiser\Otp\Notifications\EmailWithOtp; use Illuminate\Support\ServiceProvider; class OtpServiceProvider extends ServiceProvider { /** * Bootstrap any application services. */ public function boot(): void { OtpService::view(fn() => view('auth.custom-view')); OtpService::newCodeUsing(fn() => rand(1000, 9999)); EmailWithOtp::toMailUsing(function(object $notifiable, string $otp) { // }); } }
codewiser/otp-authenticate 适用场景与选型建议
codewiser/otp-authenticate 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 09 月 25 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 codewiser/otp-authenticate 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 codewiser/otp-authenticate 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 10
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 17
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-09-25
