Giter VIP home page Giter VIP logo

laravel-demo-mode's Introduction

A middleware to protect your work in progress from prying eyes

Latest Version on Packagist Software License Total Downloads

Imagine you are working on a new app. Your client wants to see the progress that you've made. However your site isn't ready for prime time yet. Sure, you could create some login functionality and display the site only to logged in users. But why bother creating users when there is a more pragmatic approach?

This package provides a route middleware to protected routes from prying eyes. All users that visit a protected route will be redirect to a configurable url (e.g. /under-construction). This is also the case when a user attempts to access an unknown route. To view the content of the routes a visitor must first visit a url that grants access (e.g. /demo).

A word to the wise: do not use this package to restrict access to sensitive data or to protect an admin section. For those cases you should use proper authentication.

Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

Notice

If you're on Laravel 8 or higher, use Laravel's built in php artisan down command to activate demo mode. You don't need this package for that.

Support us

We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.

Installation

You can install the package via composer:

composer require spatie/laravel-demo-mode

The Spatie\DemoMode\DemoModeServiceProvider::class service provider will be auto registered.

The \Spatie\DemoMode\DemoMode::class-middleware must be registered in the kernel:

//app/Http/Kernel.php

protected $routeMiddleware = [
  ...
  'demoMode' => \Spatie\DemoMode\DemoMode::class,
];

Naming the route middleware DemoMode is just a suggestion. You can give it any name you'd like.

You must publish the config file:

php artisan vendor:publish --provider="Spatie\DemoMode\DemoModeServiceProvider"

This is the content of the published config file demo-mode.php:

return [

    /*
     * This is the master switch to enable demo mode.
     */
    'enabled' => env('DEMO_MODE_ENABLED', true),

    /*
     * Visitors browsing a protected url will be redirected to this path.
     */
    'redirect_unauthorized_users_to_url' => '/under-construction',

    /*
     * After having gained access, visitors will be redirected to this path.
     */
    'redirect_authorized_users_to_url' => '/',

    /*
     * The following IP's will automatically gain access to the
     * app without having to visit the `demoAccess` route.
     */
    'authorized_ips' => [
        //
    ],

    /*
     * When strict mode is enabled, only IP's listed in `authorized_ips` will gain access.
     * Visitors won't be able to gain access by visiting the `demoAccess` route anymore.
     */
    'strict_mode' => false,
];

If you want to use the demoAccess route you must call the demoAccess route macro in your routes file.

Route::demoAccess('/demo');

Visiting /demo will grant access to the pages protected by demo mode. Of course you can choose any url you'd like.

If you want to automatically authorize certain IP addresses you can add them in the authorized_ips array in the demo-mode.php config file.

To disable the demoAccess route and only allow access to the authorized_ips you can enable strict_mode in the demo-mode.php config file.

Usage

You can protect some routes by using the demoMode-middleware on them.

//only users who have previously visited "/demo" will be able to see these pages.

Route::group(['middleware' => 'demoMode'], function () {
    Route::get('/secret-route', function() {
        echo 'Hi!';
    });
});

Unless you visit the url used by the demoAccess route macro first or from an authorized IP address, visiting these routes will result in a redirect in to the url specified in the redirect_unauthorized_users_to_url-key of the config file.

An authenticated user has access to all protected routes too.

Because it uses session to verify the user, both demoAccess route and protected routes must have the web middleware, or having the \Illuminate\Session\Middleware\StartSession middleware to be able to authorize a user that is either not authenticated or not visiting from an authorized IP.

Changelog

Please see CHANGELOG for more information what has changed recently.

Testing

composer test

Contributing

Please see CONTRIBUTING for details.

Security

If you've found a bug regarding security please mail [email protected] instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

laravel-demo-mode's People

Contributors

adrianmrn avatar akoepcke avatar alexvanderbist avatar brendt avatar dmfj avatar freekmurze avatar geshan avatar juukie avatar laravel-shift avatar m-bosch avatar m1guelpf avatar marceauka avatar mercuryseries avatar mrk-j avatar sebastiandedeyne avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

laravel-demo-mode's Issues

Auto-Registering Middleware?

Is there an specific reason why you tell your users to register the middleware when you can use aliasMiddleware() in the service provider?

Redundant method

Hi guys,

I'm a little bit confused here. What's the purpose of this method protectedByDemoMode() here if it's always going to return true irrespective of what has been passed to it as a parameter?

Regards.

Request: Option to not allow authenticated users access

Unless I'm missing something it looks like authenticated users are allowed access to the demomode protected pages even when they didn't visit the demoAccess url. Would be nice to prevent that somehow. I have new functionality in my web app where users can login already that I only want a few people to be able to test.

Support for Laravel 9

When trying out Laravel 9 on a fresh install, I get the following error message. Given the usefulness and continued value of this page, I hope it is possible to resolve this problem.

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - spatie/laravel-demo-mode 2.7.1 requires illuminate/support ^7.0|^8.0 -> found illuminate/support[v7.0.0, ..., 7.x-dev, v8.0.0, ..., 8.x-dev] but these were not loaded, likely because it conflicts with another require.
    - Root composer.json requires spatie/laravel-demo-mode ^2.7 -> satisfiable by spatie/laravel-demo-mode[2.7.0, 2.7.1].

PHP 8 support

Hi there,

Currently this package doesnt support PHP8. It would be awesome if it does. I dont know if it is fulled compatible and only the composer file should be updated and thats why i submit this issue.

Too many redirect error

Laravel 5.6
When the demo mode is enabled, It's redirecting to /under-construction and then display this error
screenshot 10

Add support for IP addresses

This package should also work on IP address basis.

Let's add two config values:

  • auto_allow_ips: can be set to an array of IP address which automatically should have access to the app.
  • strict_mode: only the IP addresses in auto_allow_ips are allow to view the site. Access via url should be disabled.

Maybe we can find better names for these new config values.

Of course the new functionality should have tests.

Demo url Accessable by logged in user

Hi,
This might not be an issue but i'm a bit confused.
When a user is logged in he can access the URL which has demoMode middleware.
Isn't the middleware was suppose to restrict the URL to be accessible by anyone (Except the IP's given in config array)

image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.