nextvikas/laravel-google-authenticator
Composer 安装命令:
composer require nextvikas/laravel-google-authenticator
包简介
A highly secure, dependency-free package to add Google Two-Factor Authentication (2FA) to Laravel applications.
关键字:
README 文档
README
This package provides seamless integration of Google Authenticator for two-step verification in Laravel applications. It enhances security by requiring users to enter a time-based one-time password (TOTP) generated by the Google Authenticator app, in addition to their primary login credentials. This ensures an extra layer of protection against unauthorized access. With an easy-to-use API, this package simplifies the implementation of two-factor authentication (2FA) and includes features like QR code generation and token validation
Version
This is the first stable release:
v1.0.0
Requirements
The current package requirements are:
- PHP: "^7.4 || ^8.0 || ^8.1 || ^8.2 || ^8.3"
- Laravel: "^7.0|^8.0|^9.0|^10.0|^11.0|^12.0"
Installation
1. Add to composer.json
composer require nextvikas/laravel-google-authenticator
2. Publish the Files Using artisan vendor:publish command For a package, you typically use vendor:publish to copy files like migration or configuration files from the nextvikas/laravel-google-authenticator to your application.
php artisan vendor:publish --provider="Nextvikas\Authenticator\AuthenticatorServiceProvider"
3. Run the Migration
php artisan migrate
Demo
Documentation
Once the extension is installed, Simply add Authenticator middleware to whatever you want to secure, and that's it, your work ends here and Authenticator begins...
Route::middleware(['authenticator:admin'])->group(function () { Route::get('/', [AccountController::class, 'index']); });
or you can use multiple middleware in the same like:
Route::middleware([ExampleMiddleware::class,'authenticator:admin'])->group(function () { Route::get('/', [AccountController::class, 'index']); });
or you can use in single route middleware in the same like:
Route::get('/admin', [AccountController::class, 'index'])->middleware('authenticator:admin');
or like:
Route::get('/account', [AccountController::class, 'index'])->middleware('authenticator:account');
Note: Please note that any names you write in middleware 'authenticator:', alongside must be included in the configuration file 'config\authenticator.php'
Simply change default configration values on config\authenticator.php file:
// config\authenticator.php return [ /* * Common OTP generation and verification settings. These apply globally * and are used by default across all authentication contexts. * Context-specific settings will override these if defined within the context. */ 'otp_settings' => [ /* * This format will be displayed in the Google Authenticator app. You can customize the name however you like, * and you can include user fields in the format {field}. For example, you can add {email}, {name}, and so on. * It will be automatically prefixed with your application's name if not explicitly set. */ 'app_format' => env('AUTHENTICATOR_APP_FORMAT', config('app.name', 'Laravel App') . ': {name}'), // The name of the database column in the users table to store the 2FA secret key. 'secret_column_name' => env('AUTHENTICATOR_SECRET_COLUMN', 'authenticator_secret'), // Changed default to avoid 'authenticator' field name collision if user wants to use it for other purposes. // The number of digits for the OTP code (typically 6 or 8). 'otp_digits' => env('AUTHENTICATOR_OTP_DIGITS', 6), // The period in seconds for which an OTP code is valid (typically 30 seconds). 'otp_period' => env('AUTHENTICATOR_OTP_PERIOD', 30), // The algorithm used for HMAC-based One-Time Passwords (TOTP). // Common values: 'sha1', 'sha256', 'sha512'. 'otp_algorithm' => env('AUTHENTICATOR_OTP_ALGORITHM', 'sha1'), // The number of allowed disparities (time steps) for verification. // This helps account for clock drift between the server and the user's device. 'otp_window' => env('AUTHENTICATOR_OTP_WINDOW', 1), // 1 means +/- 30 seconds (for 30s period) ], /* * You can pass parameters to middleware in Laravel using a format like 'authenticator:admin'. * Please note that whatever value you specify here will be received in your middleware. For instance, * if you write 'newsecure', your middleware should be set up to handle it as 'authenticator:newsecure'. */ 'admin' => [ // Determines whether the verification process is enabled. // It pulls the value from the environment file (.env), with a default value of 'true' if not set. 'enabled' => env('AUTHENTICATOR_ADMIN_ENABLED', true), // The route name for the login page. // This specifies where the user will be redirected for login, with a default route 'admin.login'. 'login_route_name' => env('AUTHENTICATOR_ADMIN_LOGIN_ROUTE_NAME', 'admin.login'), // The name of the guard used for login. // It is pulled from the .env file with 'web' as the default guard. // 'login_guard_name' => 'admin', 'login_guard_name' => env('AUTHENTICATOR_ADMIN_GUARD_NAME', 'web'), // The main layout used for the verification views. // Defaults to 'layouts.app', but can be overridden via the .env file. 'main_layout' => env('AUTHENTICATOR_ADMIN_MAIN_LAYOUT', 'layouts.app'), // The route name for logout functionality. // Default value is 'false'. If a route is set here, the verification page will show a logout button. // Otherwise, the logout button will be hidden. // 'logout_route_name' => 'admin.logout', 'logout_route_name' => env('AUTHENTICATOR_ADMIN_LOGOUT_ROUTE_NAME', false), // The route name for a successful verification. // If set to false (default), the user will be redirected to the root page after successful verification. // Otherwise, it will redirect to the specified route name. // 'success_route_name' => 'admin.home', 'success_route_name' => env('AUTHENTICATOR_ADMIN_SUCCESS_ROUTE_NAME', false), ], /* * You can pass parameters to middleware in Laravel using a format like 'authenticator:account'. * Please note that whatever value you specify here will be received in your middleware. For instance, * if you write 'accountsecure', your middleware should be set up to handle it as 'authenticator:accountsecure'. */ 'account' => [ // Determines whether the verification process is enabled. // It pulls the value from the environment file (.env), with a default value of 'true' if not set. 'enabled' => env('AUTHENTICATOR_ACCOUNT_ENABLED', true), // The route name for the login page. // This specifies where the user will be redirected for login, with a default route 'account.login'. 'login_route_name' => env('AUTHENTICATOR_ACCOUNT_LOGIN_ROUTE_NAME', 'account.login'), // The name of the guard used for login. // It is pulled from the .env file with 'web' as the default guard. // 'login_guard_name' => 'account', 'login_guard_name' => env('AUTHENTICATOR_ACCOUNT_GUARD_NAME', 'web'), // The main layout used for the verification views. // Defaults to 'layouts.app', but can be overridden via the .env file. 'main_layout' => env('AUTHENTICATOR_ACCOUNT_MAIN_LAYOUT', 'layouts.app'), // The route name for logout functionality. // Default value is 'false'. If a route is set here, the verification page will show a logout button. // Otherwise, the logout button will be hidden. // 'logout_route_name' => 'account.logout', 'logout_route_name' => env('AUTHENTICATOR_ACCOUNT_LOGOUT_ROUTE_NAME', false), // The route name for a successful verification. // If set to false (default), the user will be redirected to the root page after successful verification. // Otherwise, it will redirect to the specified route name. // 'success_route_name' => 'account.home', 'success_route_name' => env('AUTHENTICATOR_ACCOUNT_SUCCESS_ROUTE_NAME', false), ], ];
Modify View Files
Open:
1. \resources\views\vendor\authenticator\scan.blade.php 2. \resources\views\vendor\authenticator\verify.blade.php
And then you can modify the view files with your own stylist UI.
nextvikas/laravel-google-authenticator 适用场景与选型建议
nextvikas/laravel-google-authenticator 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 25 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 09 月 21 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「google」 「two-factor」 「laravel」 「otp」 「authenticator」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 nextvikas/laravel-google-authenticator 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 nextvikas/laravel-google-authenticator 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 nextvikas/laravel-google-authenticator 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Filament Two Factor Authentication: Google 2FA + Passkey Authentication
Novactive eZ 2FA Bundle is an Ibexa bundle that provides two-factor authentication for your Ibexa project
Provide a way to secure accesses to all routes of an symfony application.
Two-factor Authentication for WordPress
It's a barebone security class written on PHP
Contao CMS integrity check for some files
统计信息
- 总下载量: 25
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 28
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2024-09-21