https://github.com/py-package/masonite-security
Secure masonite apps from spamming Bots, IP's and SQL injections.
https://github.com/py-package/masonite-security
Last synced: about 1 year ago
JSON representation
Secure masonite apps from spamming Bots, IP's and SQL injections.
- Host: GitHub
- URL: https://github.com/py-package/masonite-security
- Owner: py-package
- License: mit
- Created: 2022-07-14T08:06:28.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2024-02-05T01:07:20.000Z (over 2 years ago)
- Last Synced: 2025-04-23T14:14:36.557Z (about 1 year ago)
- Language: Python
- Homepage:
- Size: 91.8 KB
- Stars: 8
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Masonite Security
Secure masonite apps from spamming Bots, IP's and SQL injections.
## Features
- [x] Block IP's
- [x] Block Bots
- [x] Throttle Requests
- [ ] Block SQL Injections
## Installation
```bash
pip install masonite-security
```
## Configuration
Add SecurityProvider to your project in `config/providers.py`:
```python
# config/providers.py
# ...
from security import SecurityProvider
# ...
PROVIDERS = [
# ...
# Third Party Providers
SecurityProvider,
# ...
]
```
Then you can publish the package resources by doing:
```bash
python craft package:publish security
```
## Register Middleware.
You can setup the security middleware globally or per route basis.
**Global Setup**
Open `Kernal.py` file and add `SecurityMiddleware` in "route_middleware" section:
```python
route_middleware = {
"web": [SessionMiddleware, LoadUserMiddleware, VerifyCsrfToken, SecurityMiddleware],
"auth": [AuthenticationMiddleware],
}
```
**Per Route Setup**
In your routes add `protect` middleware like this:
```python
Route.get("/", "WelcomeController@show").middleware("protect")
```
## Configure Security Config
Update your `config/security.py` file based on your needs:
```python
# config/security.py
# ...
BLOCK_IP = True
BLOCK_BOTS = True
THROTTLE_REQUESTS = True
MAX_REQUESTS = 20 # Max requests per IP (default: 20)
IP_BLOCK_DURATION = 60 # seconds (default: 60)
# list of IP addresses to block (default: [])
BLOCKED_IPS = [
#...
]
# list of Bot Agents to block
BLOCKED_BOTS = [
#...
]
# ...
```
## Contributing
Please read the [Contributing Documentation](CONTRIBUTING.md) here.
## Maintainers
- [x] [Yubaraj Shrestha](https://www.github.com/py-package)
## License
security is open-sourced software licensed under the [MIT license](LICENSE).