qisthidev/laravel-auth-device
Composer 安装命令:
composer require qisthidev/laravel-auth-device
包简介
Laravel package for device-based authentication. Users authenticate using registered devices without passwords and access is granted through admin invitations.
README 文档
README
A Laravel package for device-based authentication. Users authenticate using registered devices (without passwords) and access is granted through admin invitations.
Features
- Device-based Authentication: Authenticate users via registered devices using unique device tokens
- Invitation System: Admin users can invite new users via email
- Device Management: Users can manage their registered devices
- Custom Guard: Dedicated authentication guard for device-based auth
- Flexible Configuration: Customizable token lengths, expiry times, and more
- Event System: Events for all major actions (device registered, authenticated, revoked, etc.)
Requirements
- PHP 8.2+
- Laravel 12.x
Installation
Install the package via Composer:
composer require qisthidev/laravel-auth-device
Publish and run the migrations:
php artisan vendor:publish --provider="Qisthidev\AuthDevice\AuthDeviceServiceProvider" --tag="auth-device-migrations" php artisan migrate
Publish the config file:
php artisan vendor:publish --provider="Qisthidev\AuthDevice\AuthDeviceServiceProvider" --tag="auth-device-config"
Configuration
The config file config/auth-device.php contains the following options:
return [ // Device token settings 'device_token_length' => 64, 'device_token_expiry_days' => 365, // null for no expiry // Invitation settings 'invitation_code_length' => 8, 'invitation_expiry_hours' => 48, // Security settings 'max_devices_per_user' => 5, // null for unlimited 'require_device_verification' => false, // Routes 'route_prefix' => 'api/auth', 'route_middleware' => ['api'], // Models (allow customization) 'models' => [ 'user' => 'App\\Models\\User', 'device' => Qisthidev\AuthDevice\Models\Device::class, 'invitation' => Qisthidev\AuthDevice\Models\Invitation::class, ], // Table names 'tables' => [ 'devices' => 'auth_devices', 'invitations' => 'auth_invitations', ], ];
Auth Guard Configuration
Add the device guard to your config/auth.php:
'guards' => [ // ... other guards 'device' => [ 'driver' => 'device', 'provider' => 'device', ], ], 'providers' => [ // ... other providers 'device' => [ 'driver' => 'device', ], ],
Setting Up Your User Model
Add the required traits to your User model:
<?php namespace App\Models; use Illuminate\Foundation\Auth\User as Authenticatable; use Qisthidev\AuthDevice\Traits\HasDevices; use Qisthidev\AuthDevice\Traits\CanInvite; class User extends Authenticatable { use HasDevices, CanInvite; // ... rest of your model }
Usage
Admin Inviting a User
use App\Models\User; $admin = User::find(1); // Create an invitation $invitation = $admin->invite('newuser@example.com', [ 'role' => 'member', 'department' => 'Engineering', ]); // Get pending invitations $pendingInvitations = $admin->pendingInvitations();
User Accepting Invitation and Registering Device
Send a POST request to /api/auth/invitation/{code}/accept:
{
"name": "John Doe",
"device_name": "iPhone 15 Pro",
"device_fingerprint": "unique-device-id",
"platform": "ios"
}
Response:
{
"message": "Invitation accepted successfully.",
"user": {
"id": 2,
"name": "John Doe",
"email": "newuser@example.com"
},
"device": {
"id": 1,
"name": "iPhone 15 Pro",
"platform": "ios"
},
"token": "your-device-token-here"
}
Authenticating with Device Token
Send a POST request to /api/auth/authenticate:
{
"device_token": "your-device-token-here"
}
Or include the token in the Authorization header for protected routes:
Authorization: Bearer your-device-token-here
Or use the X-Device-Token header:
X-Device-Token: your-device-token-here
Managing Devices
use App\Models\User; $user = User::find(1); // Get all devices $devices = $user->devices; // Get active devices only $activeDevices = $user->activeDevices(); // Register a new device $device = $user->registerDevice([ 'name' => 'Chrome on Windows', 'platform' => 'web', 'device_fingerprint' => 'unique-browser-fingerprint', 'metadata' => ['user_agent' => 'Mozilla/5.0...'], ]); // Check if user has a specific device $hasDevice = $user->hasDevice($deviceToken); // Revoke a specific device $user->revokeDevice($deviceId); // Revoke all devices $user->revokeAllDevices();
API Endpoints
Public Routes
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/auth/invitation/{code} |
Get invitation details by code |
| POST | /api/auth/invitation/{code}/accept |
Accept invitation and register device |
| POST | /api/auth/authenticate |
Authenticate using device token |
Protected Routes (requires device authentication)
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/auth/logout |
Logout (revoke current device) |
| GET | /api/auth/devices |
List user's devices |
| DELETE | /api/auth/devices/{id} |
Revoke specific device |
Admin Routes (requires device authentication + CanInvite trait)
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/auth/invitations |
List all invitations |
| POST | /api/auth/invitations |
Create new invitation |
| DELETE | /api/auth/invitations/{id} |
Revoke invitation |
Events
The package dispatches the following events:
| Event | Description |
|---|---|
DeviceRegistered |
When a new device is registered |
DeviceAuthenticated |
When a user authenticates via device |
DeviceRevoked |
When a device is revoked |
InvitationCreated |
When an admin creates an invitation |
InvitationAccepted |
When a user accepts an invitation |
InvitationRevoked |
When an invitation is revoked |
Listening to Events
// In your EventServiceProvider protected $listen = [ \Qisthidev\AuthDevice\Events\DeviceRegistered::class => [ \App\Listeners\SendDeviceRegisteredNotification::class, ], \Qisthidev\AuthDevice\Events\DeviceAuthenticated::class => [ \App\Listeners\LogDeviceAuthentication::class, ], ];
Middleware
The package provides the following middleware:
device.valid- Ensures the device token is valid, active, and not expiredcan-invite- Ensures the authenticated user can create invitations
Security Considerations
- Token Storage: Device tokens should be stored securely on the client side
- Token Rotation: Consider implementing token rotation for enhanced security
- Rate Limiting: Apply rate limiting to authentication endpoints
- HTTPS: Always use HTTPS in production
- Token Expiry: Configure appropriate token expiry times
- Device Limits: Set reasonable limits on devices per user
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.
qisthidev/laravel-auth-device 适用场景与选型建议
qisthidev/laravel-auth-device 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 0 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 12 月 03 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「Authentication」 「laravel」 「device」 「Invitation」 「qisthidev」 「auth-device」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 qisthidev/laravel-auth-device 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 qisthidev/laravel-auth-device 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 qisthidev/laravel-auth-device 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Automatically logs-in users if they are already authenticated by a remote source. (e.g. environment variable REMOTE_USER)
GraphQL authentication for your headless Craft CMS applications.
Platine User Agent is a lightweight library for detecting user browser, device, OS, CPU
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
Email Toolkit Plugin for CakePHP
Yii2 extension for Mobile-Detect library
统计信息
- 总下载量: 0
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 23
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-12-03