{"id":26085270,"url":"https://github.com/codezero-be/laravel-stagefront","last_synced_at":"2025-04-12T02:01:33.379Z","repository":{"id":55477381,"uuid":"106342202","full_name":"codezero-be/laravel-stagefront","owner":"codezero-be","description":"⭐️ Quickly add some password protection to a staging site.","archived":false,"fork":false,"pushed_at":"2024-04-08T13:46:19.000Z","size":247,"stargazers_count":17,"open_issues_count":5,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-25T21:47:12.133Z","etag":null,"topics":["laravel","password","php","protection","staging"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codezero-be.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"ko_fi":"ivanvermeyen","custom":"https://paypal.me/ivanvermeyen"}},"created_at":"2017-10-09T22:34:08.000Z","updated_at":"2025-02-11T16:04:17.000Z","dependencies_parsed_at":"2024-03-28T16:49:13.523Z","dependency_job_id":"bf53ef7e-55dd-4a14-b87c-174156f9d86e","html_url":"https://github.com/codezero-be/laravel-stagefront","commit_stats":{"total_commits":79,"total_committers":4,"mean_commits":19.75,"dds":0.03797468354430378,"last_synced_commit":"5c91fe65b5c0bc306af1942c3d12e72771af20cc"},"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codezero-be%2Flaravel-stagefront","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codezero-be%2Flaravel-stagefront/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codezero-be%2Flaravel-stagefront/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codezero-be%2Flaravel-stagefront/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codezero-be","download_url":"https://codeload.github.com/codezero-be/laravel-stagefront/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248505862,"owners_count":21115354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["laravel","password","php","protection","staging"],"created_at":"2025-03-09T05:58:05.944Z","updated_at":"2025-04-12T02:01:33.348Z","avatar_url":"https://github.com/codezero-be.png","language":"PHP","funding_links":["https://ko-fi.com/ivanvermeyen","https://paypal.me/ivanvermeyen","https://ko-fi.com/R6R3UQ8V"],"categories":[],"sub_categories":[],"readme":"# Laravel StageFront\n\n[![GitHub release](https://img.shields.io/github/release/codezero-be/laravel-stagefront.svg?style=flat-square)](https://github.com/codezero-be/laravel-stagefront/releases)\n[![Laravel](https://img.shields.io/badge/laravel-11-red?style=flat-square\u0026logo=laravel\u0026logoColor=white)](https://laravel.com)\n[![License](https://img.shields.io/packagist/l/codezero/laravel-stagefront.svg?style=flat-square)](LICENSE.md)\n[![Build Status](https://img.shields.io/github/actions/workflow/status/codezero-be/laravel-stagefront/run-tests.yml?style=flat-square\u0026logo=github\u0026logoColor=white\u0026label=tests)](https://github.com/codezero-be/laravel-stagefront/actions)\n[![Code Quality](https://img.shields.io/codacy/grade/a5db8a1321664e67900c96eadc575ece/master?style=flat-square)](https://app.codacy.com/gh/codezero-be/laravel-stagefront)\n[![Total Downloads](https://img.shields.io/packagist/dt/codezero/laravel-stagefront.svg?style=flat-square)](https://packagist.org/packages/codezero/laravel-stagefront)\n\n[![ko-fi](https://www.ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/R6R3UQ8V)\n\n#### Quickly add password protection to a staging site.\n\nShielding a staging or demo website from the public usually involves setting op authentication separate from the actual project. This isn't always easy or is cumbersome at the least.\n\nIt doesn't have to be!\n\nBy installing StageFront with composer, adding the middleware and setting 3 variables in your `.env` file you are ready to go. As you will discover below, you also have a bunch more options available.\n\n![Login Screen](screenshots/screenshot-login.png)\n\n## ✅ Requirements\n\n-   PHP ^7.1 | ^8.0\n-   [Laravel](https://laravel.com/) \u003e= 5.7\n\n## 📦 Installation\n\n#### ☑️ Require the package via Composer:\n\n```bash\ncomposer require codezero/laravel-stagefront\n```\nLaravel will automatically register the [ServiceProvider](https://github.com/codezero-be/laravel-stagefront/blob/master/src/StageFrontServiceProvider.php) and routes.\n\nWhen StageFront is disabled, its routes will not be registered.\n\n#### ☑️ Install Middleware\n\nTo activate the middleware, add it to the `web` middleware group in `app/Http/Kernel.php`, **right after the `StartSession` middleware**:\n\n```php\nprotected $middlewareGroups = [\n    'web' =\u003e [\n        \\Illuminate\\Session\\Middleware\\StartSession::class, // \u003c= after this\n        \\CodeZero\\StageFront\\Middleware\\RedirectIfStageFrontIsEnabled::class,\n        //...\n    ],\n];\n```\n\nIn Laravel 6+ you need to add the middleware to the `$middlewarePriority` array in `app/Http/Kernel.php`, **right after the `StartSession` middleware**. \n\n```php\nprotected $middlewarePriority = [\n    \\Illuminate\\Session\\Middleware\\StartSession::class, // \u003c= after this\n    \\CodeZero\\StageFront\\Middleware\\RedirectIfStageFrontIsEnabled::class,\n    //...\n];\n```\n\nNow you just need to set some `.env` variables and you are up and running!\n\n## ⌨️ Quick Setup\n\nSet some options in your `.env` file or publish the [configuration file](#-publish-configuration-file).\n\nSee an [example .env file](https://github.com/codezero-be/laravel-stagefront/blob/master/.env.example).\n\nEnable StageFront and choose a login and password:\n\n| Option                 | Type     | Default      |\n| ---------------------- | -------- | ------------ |\n| `STAGEFRONT_ENABLED`   | `bool`   | `false`      |\n| `STAGEFRONT_LOGIN`     | `string` | `stagefront` |\n| `STAGEFRONT_PASSWORD`  | `string` | `stagefront` |\n| `STAGEFRONT_ENCRYPTED` | `bool`   | `false`      |\n\nBy default StageFront is disabled and uses a plain text password when it's enabled. If you set `STAGEFRONT_ENCRYPTED` to `true` the password should be a hashed value. You can generate this using Laravel's `\\Hash::make('your password')` function.\n\n##### Artisan Commands for Quick Setup\n\nYou can also update the credentials in the `.env` file with our `artisan` command:\n\n```bash\nphp artisan stagefront:credentials \u003cusername\u003e \u003cpassword\u003e --encrypt\n```\n\nIf you don't enter a username or password, the command will ask for your input step by step:\n\n```bash\nphp artisan stagefront:credentials\n```\n\nNext, you can enable or disable StageFront:\n\n```bash\nphp artisan stagefront:enable\nphp artisan stagefront:disable\n```\n\n## 👥 Database Logins\n\nIf you have existing users in the database and want to use those credentials, you can set `STAGEFRONT_DATABASE` to `true`.\nThe above login and password settings will then be ignored.\n\n| Option                               | Type     | Default    |\n| ------------------------------------ | -------- | ---------- |\n| `STAGEFRONT_DATABASE`                | `bool`   | `false`    |\n| `STAGEFRONT_DATABASE_WHITELIST`      | `string` | `null`     |\n| `STAGEFRONT_DATABASE_TABLE`          | `string` | `users`    |\n| `STAGEFRONT_DATABASE_LOGIN_FIELD`    | `string` | `email`    |\n| `STAGEFRONT_DATABASE_PASSWORD_FIELD` | `string` | `password` |\n\nIf you want to grant access to just a few of those users, you can whitelist them by setting `STAGEFRONT_DATABASE_WHITELIST` to a comma separated string: `'john@doe.io,jane@doe.io'`.\nIn the config file itself you can also use an array of e-mail addresses.\n\nBy default the `users` table is used with the `email` and `password` field names. But you can change this if you are using some other table or fields.\n\n## 🔖 IP Whitelist\n\nYou can add a comma separated list of IP's to grant these users easier or exclusive access to your staging site.\nFor example: `'1.2.3.4,1.2.3.4'`. In the config file itself you can also use an array of IP's.\n\n| Option                                  | Type     | Default    |\n| --------------------------------------- | -------- | ---------- |\n| `STAGEFRONT_IP_WHITELIST`               | `string` | `null`     |\n| `STAGEFRONT_IP_WHITELIST_ONLY`          | `bool`   | `false`    |\n| `STAGEFRONT_IP_WHITELIST_REQUIRE_LOGIN` | `bool`   | `false`    |\n\nWhen you add IP's to your whitelist, the default behavior is that these users will have instant access to the site,\nwhile someone with another IP will be presented with the normal login form. \n\nTo exclusively allow whitelisted IP's to access your site, set `STAGEFRONT_IP_WHITELIST_ONLY` to `true`.\nUsers from other IP's will now get a `403 - Forbidden` error.\n\nTo crank up security, you may also require whitelisted IP's to go through the login form.\nSet `STAGEFRONT_IP_WHITELIST_REQUIRE_LOGIN` to `true` to set this up.\n\n## ⚙️ Other Options\n\n#### ☑️ Change Route URL\n\nBy default a `GET` and `POST` route will be registered with the `/stagefront` URL.\n\nYou can change the URL by setting this option:\n\n| Option           | Type     | Default      |\n| ---------------- | -------- | ------------ |\n| `STAGEFRONT_URL` | `string` | `stagefront` |\n\nIt runs under the `web` middleware since it uses the session to keep you logged in. \n\nYou can change the middleware if needed in the [configuration file](#-publish-configuration-file).\n\n#### ☑️ Throttle Login Attempts\n\nTo prevent malicious users from brute forcing passwords, login attempts will be throttled unless you disable it. You can change the number of failed attempts per minute to allow, and the delay (in minutes) that users have to wait after reaching the maximum failed attempts.\n\n| Option                      | Type      | Default          |\n| --------------------------- | --------- | ---------------- |\n| `STAGEFRONT_THROTTLE`       | `bool`    | `true`           |\n| `STAGEFRONT_THROTTLE_TRIES` | `integer` | `3` (per minute) |\n| `STAGEFRONT_THROTTLE_DELAY` | `integer` | `5` (minutes)    |\n\nWhen you tried to login too many times, Laravel's 429 error page will be shown. You can easily modify this by creating a `429.blade.php` view in `resources/views/errors`. To save you a little time, I have included a localized template you can include in that page:\n\n```blade\n@include('stagefront::429')\n```\n\nIf you want to include a different partial for other throttled pages, you can check the request:\n\n```blade\n@if (request()-\u003eis(config('stagefront.url')))\n    @include('stagefront::429')\n@else\n    @include('your.partial.view')\n@endif\n```\n\nText in this view can be changed via the [translation files](#-translations-and-views).\n\n![Throttle Screen](screenshots/screenshot-throttled.png)\n\n#### ☑️ Ignore URLs\n\nIf for any reason you wish to disable StageFront on specific routes, you can add these to the `ignore_urls` array in the [configuration file](#-publish-configuration-file). You can use wildcards if needed. You can't set this in the `.env` file.\n\nFor example:\n\n```php\n'ignore_urls' =\u003e [\n    // ignores /john, but noting under /john\n    '/john',\n    // ignores everyting under /jane, but not /jane itself\n    '/jane/*',\n],\n```\n\n#### ☑️ Ignore Domains\n\nIf for any reason you wish to disable StageFront on specific doamins, you can add these to the `ignore_udomains` array in the [configuration file](#-publish-configuration-file). You can't set this in the `.env` file.\n\nFor example:\n\n```php\n'ignore_domains' =\u003e [\n    'admin.domain.com',\n],\n```\n\n#### ☑️ Link Live Site\n\nIf you set the URL to your live site, a link will be shown underneath the login form.\n\n| Option                 | Type     | Default |\n| ---------------------- | -------- | ------- |\n| `STAGEFRONT_LIVE_SITE` | `string` | `null`  |\n\nMake sure you enter the full URL, including `https://`.\n\n#### ☑️ Change App Name\n\nBy default, the app name that is configured in `config/app.php` is shown as a title on the login and throttle page. You can use a different title by setting this option:\n\n| Option                | Type     | Default              |\n| --------------------- | -------- | -------------------- |\n| `STAGEFRONT_APP_NAME` | `string` | `config('app.name')` |\n\n## 📇 Publish Configuration File\n\nYou can also publish the configuration file.\n\n```bash\nphp artisan vendor:publish --provider=\"CodeZero\\StageFront\\StageFrontServiceProvider\" --tag=\"config\"\n```\n\nEach option is documented.\n\n## 📑 Translations and Views\n\nYou can publish the translations to quickly adjust the text on the login screen and the errors.\n\n```bash\nphp artisan vendor:publish --provider=\"CodeZero\\StageFront\\StageFrontServiceProvider\" --tag=\"lang\"\n```\n\nIf you want to customize the login page entirely, you can also publish the view.\n\n```bash\nphp artisan vendor:publish --provider=\"CodeZero\\StageFront\\StageFrontServiceProvider\" --tag=\"views\"\n```\n\n\u003e Extra translations are always welcome. :)\n\n## 📏 Laravel Debugbar\n\nLaravel Debugbar will be disabled on the StageFront routes automatically if you use it in your project. This will hide any potential sensitive data from the public, if by accident Debugbar is running on your staging site. You can disable this feature by editing the `middleware` option in the [configuration file](#-publish-configuration-file).\n\n## 🚧 Testing\n\n```bash\ncomposer test\n```\n\n## ☕️ Credits\n\n- [Ivan Vermeyen](https://byterider.io/)\n- [All contributors](../../contributors)\n\n## 🔓 Security\n\nIf you discover any security related issues, please [e-mail me](mailto:ivan@codezero.be) instead of using the issue tracker.\n\n## 📑 Changelog\n\nA complete list of all notable changes to this package can be found on the\n[releases page](https://github.com/codezero-be/laravel-stagefront/releases).\n\n## 📜 License\n\nThe MIT License (MIT). Please see [License File](LICENSE.md) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodezero-be%2Flaravel-stagefront","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodezero-be%2Flaravel-stagefront","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodezero-be%2Flaravel-stagefront/lists"}