定制 mchuluq/laravel-mfa 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

mchuluq/laravel-mfa

Composer 安装命令:

composer require mchuluq/laravel-mfa

包简介

Multi-Factor Authentication package for Laravel with TOTP, Email OTP, and WebAuthn support

README 文档

README

Multi-Factor Authentication package for Laravel 8+ with support for TOTP, Email OTP, and WebAuthn/Passkey.

Features

  • 🔐 Multiple MFA Methods: TOTP (Authenticator Apps), Email OTP, WebAuthn/Passkey
  • 🎨 Driver Pattern: Easy to extend with custom drivers
  • 🛡️ Security First: Rate limiting, backup codes, device remembering
  • 🎯 Middleware Based: Simple integration as authentication layer
  • 📱 User Friendly: Multiple methods per user, fallback options
  • 🔧 Highly Configurable: Extensive configuration options
  • 🎭 Laravel 8+ Compatible: Built specifically for Laravel 8

Requirements

  • PHP ^7.4 or ^8.0
  • Laravel ^8.0
  • MySQL/PostgreSQL/SQLite

Installation

1. Install via Composer

composer require mchuluq/laravel-mfa

2. Publish

php artisan vendor:publish --tag=mfa-config
php artisan vendor:publish --tag=mfa-migrations
php artisan vendor:publish --tag=mfa-vue
php artisan vendor:publish --tag=mfa-blade
php artisan migrate

3. Add Trait to User Model

use Mchuluq\LaravelMFA\Traits\HasMFA;

class User extends Authenticatable
{
    use HasMFA;
    
    // ...
}

Configuration

Edit config/mfa.php:

return [
    'enabled' => true,
    
    'drivers' => [
        'totp' => [
            'enabled' => true,
            // ...
        ],
        'email_otp' => [
            'enabled' => true,
            // ...
        ],
        'webauthn' => [
            'enabled' => true,
            // ...
        ],
    ],
    
    // ...
];

Usage

Protect Routes with MFA

// routes/web.php
Route::middleware(['auth', 'mfa'])->group(function () {
    Route::get('/dashboard', [DashboardController::class, 'index']);
    Route::get('/profile', [ProfileController::class, 'show']);
});

Setup MFA for User

// In your controller
public function enableTotp(Request $request)
{
    $user = auth()->user();
    
    // Setup TOTP
    $setup = mfa('totp')->setup($user);
    
    return view('mfa.setup.totp', [
        'qrCode' => $setup['qr_code'],
        'secret' => $setup['secret'],
        'backupCodes' => $setup['backup_codes'],
    ]);
}

public function verifyTotp(Request $request)
{
    $user = auth()->user();
    $code = $request->input('code');
    
    if (mfa('totp')->verify($user, $code)) {
        return redirect()->route('dashboard')
            ->with('success', 'MFA enabled successfully!');
    }
    
    return back()->withErrors(['code' => 'Invalid code']);
}

Check MFA Status

// Check if user has MFA enabled
if ($user->hasMFAEnabled()) {
    // ...
}

// Get enabled methods
$methods = $user->getMFAMethods();

// Get primary method
$primary = $user->getPrimaryMFAMethod();

Using Helper Functions

// Get MFA manager
$manager = mfa();

// Get specific driver
$totp = mfa('totp');

// Check if MFA is verified in session
if (mfa_verified()) {
    // User has verified MFA
}

// Check if user requires MFA
if (mfa_required()) {
    // Redirect to challenge
}

Available Drivers

1. TOTP (Time-based One-Time Password)

Works with authenticator apps like:

  • Google Authenticator
  • Microsoft Authenticator
  • Authy
  • 1Password
// Setup
$setup = mfa('totp')->setup($user);

// Verify
$isValid = mfa('totp')->verify($user, $code);

// Disable
mfa('totp')->disable($user);

2. Email OTP

Send verification codes via email.

// Send challenge
mfa('email_otp')->challenge($user);

// Verify
$isValid = mfa('email_otp')->verify($user, $code);

3. WebAuthn / Passkey

Hardware security keys and biometric authentication.

// Setup
$options = mfa('webauthn')->setup($user);

// Verify
$isValid = mfa('webauthn')->verify($user, $credential);

Security Features

  • Rate Limiting: Configurable max attempts and lockout
  • Backup Codes: Emergency access codes for TOTP
  • Remember Device: Optional trusted device feature
  • Session Timeout: Automatic MFA session expiration
  • Audit Logging: Track all MFA events

Events

Listen to MFA events:

use Mchuluq\LaravelMFA\Events\MFAEnabled;
use Mchuluq\LaravelMFA\Events\MFAVerified;
use Mchuluq\LaravelMFA\Events\MFAFailed;

// In EventServiceProvider
protected $listen = [
    MFAEnabled::class => [
        SendMFAEnabledNotification::class,
    ],
    MFAVerified::class => [
        LogMFAVerification::class,
    ],
];

License

The MIT License (MIT). Please see License File for more information.

Credits

mchuluq/laravel-mfa 适用场景与选型建议

mchuluq/laravel-mfa 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 4 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 01 月 05 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「security」 「Authentication」 「two-factor」 「laravel」 「otp」 「totp」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 mchuluq/laravel-mfa 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 mchuluq/laravel-mfa 我们能提供哪些服务?
定制开发 / 二次开发

基于 mchuluq/laravel-mfa 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 4
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 34
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-01-05