承接 salehye/laravel-security 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

salehye/laravel-security

Composer 安装命令:

composer require salehye/laravel-security

包简介

🔥 Advanced Security Package for Laravel 12 - The most comprehensive security solution for Laravel applications

README 文档

README

🔥 Advanced Security Package for Laravel 12 - The most comprehensive security solution for Laravel applications.

Latest Version on Packagist Total Downloads License

Features

🛡️ Comprehensive Protection

  • Input Sanitization - Automatic XSS prevention and input cleaning
  • SQL Injection Protection - Advanced pattern detection and validation rules
  • XSS Protection - Cross-site scripting prevention
  • Path Traversal Protection - Directory traversal attack prevention
  • Command Injection Protection - Shell command injection prevention

🔐 Authentication & Session Security

  • Brute Force Protection - Rate-limited login attempts with progressive delays
  • Two-Factor Authentication (2FA) - Built-in 2FA support
  • Session Hardening - Session fixation prevention, concurrent session detection
  • Suspicious Login Detection - Geographic anomaly detection, impossible travel detection
  • Re-authentication - Require password for sensitive operations

🚦 Advanced Rate Limiting

  • Smart Rate Limiting - IP, user, route, or combination-based limiting
  • Progressive Throttling - Increasing penalties for repeat offenders
  • Endpoint-specific Limits - Custom limits per route or endpoint

🔑 API Security

  • Request Signing - HMAC-based request integrity verification
  • Timestamp Verification - Replay attack prevention
  • API Key Management - Scoped API tokens with permissions
  • Nonce-based Protection - One-time request tokens

📊 Audit & Logging

  • Comprehensive Audit Logs - Track all security events
  • Multiple Channels - Database, Log, Slack, SIEM integration
  • Real-time Alerts - Instant notifications for critical events

🌐 Security Headers

  • Content Security Policy (CSP) - Configurable CSP with nonce support
  • HSTS - HTTP Strict Transport Security
  • X-Frame-Options - Clickjacking prevention
  • X-Content-Type-Options - MIME sniffing prevention
  • Referrer-Policy - Referrer information control

Installation

# Install the package
composer require salehye/laravel-security

# Publish configuration and migrations
php artisan vendor:publish --provider="Salehye\LaravelSecurity\SecurityServiceProvider"

Configuration

After publishing, edit config/security.php to customize your security settings:

return [
    // Enable/disable the entire security package
    'enabled' => env('SECURITY_ENABLED', true),
    
    // Input protection settings
    'input_protection' => [
        'enabled' => true,
        'auto_sanitize' => true,
    ],
    
    // Firewall settings
    'firewall' => [
        'enabled' => true,
        'auto_block' => true,
        'threat_threshold' => 70,
    ],
    
    // Rate limiting
    'rate_limiting' => [
        'enabled' => true,
        'progressive' => [
            'enabled' => true,
            'threshold' => 3,
        ],
    ],
    
    // Security headers
    'headers' => [
        'enabled' => true,
        'csp' => [
            'enabled' => true,
        ],
    ],
];

Usage

Middleware

The package automatically applies security middleware when auto_protect is enabled. You can also apply middleware manually:

// In app/Http/Kernel.php or bootstrap/app.php

protected $middlewareAliases = [
    'security.sanitize' => \Salehye\LaravelSecurity\Http\Middleware\SanitizeInputMiddleware::class,
    'security.rate' => \Salehye\LaravelSecurity\Http\Middleware\AdvancedRateLimitMiddleware::class,
    'security.headers' => \Salehye\LaravelSecurity\Http\Middleware\SecurityHeadersMiddleware::class,
    'security.api' => \Salehye\LaravelSecurity\Http\Middleware\ApiKeyMiddleware::class,
];

Facade

Use the Security facade for easy access to security features:

use Salehye\LaravelSecurity\Facades\Security;

// Audit logging
Security::audit(auth()->user(), 'updated_settings', $request->all());

// Block an IP
Security::blockIp('192.168.1.1', 'Brute force attack');

// Check if IP is blocked
if (Security::isBlocked($request->ip())) {
    abort(403, 'Access denied');
}

// Sanitize input
$clean = Security::sanitize($request->all());

// Detect threats
$threats = Security::detectThreats($request);
if (array_filter($threats)) {
    Security::logThreat('multiple_detections', $threats);
}

// Session management
Security::terminateAllOtherSessions($request);

Validation Rules

The package provides custom validation rules:

use Salehye\LaravelSecurity\Rules\NoSqlInjectionRule;
use Salehye\LaravelSecurity\Rules\NoXssRule;
use Salehye\LaravelSecurity\Rules\SensitiveDataRule;
use Salehye\LaravelSecurity\Rules\PasswordStrengthRule;

// In your Form Request
public function rules(): array
{
    return [
        'username' => ['required', 'string', new NoSqlInjectionRule()],
        'comment' => ['required', 'string', new NoXssRule()],
        'data' => [new SensitiveDataRule()],
        'password' => ['required', new PasswordStrengthRule()],
    ];
}

API Protection

Sign your API requests:

use Salehye\LaravelSecurity\Facades\Security;

// Generate API key
$apiKey = Security::generateApiKey();

// Sign a request
$signedRequest = Security::signRequest($data, $apiKey);

// On the server side, verify the signature
if (!Security::verifySignature($request)) {
    abort(401, 'Invalid signature');
}

Audit Logging

use Salehye\LaravelSecurity\Facades\Security;

// Log events
Security::log('user_login', auth()->user(), ['ip' => request()->ip()]);
Security::logFailedLogin($email, ['ip' => request()->ip()]);
Security::logSensitiveAction('password_change', auth()->user());
Security::logThreat('sql_injection', ['payload' => $request->get('search')]);

// Retrieve logs
$logs = Security::getLogs(event: 'login', limit: 100);

// Clean old logs
Security::cleanOldLogs(90); // Keep 90 days

Console Commands

# Run security audit
php artisan security:audit

# Block an IP
php artisan security:block 192.168.1.1 --reason="Brute force" --duration=24

# Unblock an IP
php artisan security:unblock 192.168.1.1

# View security report
php artisan security:report

# Warmup security cache
php artisan security:cache:warmup

# Clean old audit logs
php artisan security:clean-logs --days=90

Events & Listeners

The package fires events for security-related actions:

// Events
\Salehye\LaravelSecurity\Events\SuspiciousActivityDetected::class
\Salehye\LaravelSecurity\Events\UserBlocked::class
\Salehye\LaravelSecurity\Events\LoginAttemptFailed::class
\Salehye\LaravelSecurity\Events\RateLimitExceeded::class
\Salehye\LaravelSecurity\Events\SensitiveActionPerformed::class

Testing

composer test

Documentation

For detailed documentation, visit the Wiki.

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security-related issues, please email security@example.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

Laravel Package Development

This package is built following Laravel package development conventions and is compatible with Laravel 12.x and PHP 8.4+.

salehye/laravel-security 适用场景与选型建议

salehye/laravel-security 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 03 月 27 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「security」 「Authentication」 「firewall」 「laravel」 「csrf」 「xss」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 salehye/laravel-security 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 salehye/laravel-security 我们能提供哪些服务?
定制开发 / 二次开发

基于 salehye/laravel-security 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 48
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-03-27