41man/login-gate-bundle
Symfony bundle that detects brute-force login attacks and temporarily blocks offending clients. Configurable max attempts, ban timeout and watch period, with ORM/session/MongoDB storage options and an event to hook custom handlers. Includes a checker service for allow/deny and clearing attempts.
canLogin() check can be wrapped in middleware to block requests before authentication.BruteForceChecker as a singleton, replacing Symfony’s DI.EventDispatcher, Security component, and ORM (Doctrine). Porting requires abstracting these or using Laravel equivalents (e.g., Illuminate\Events, Illuminate\Auth).laravel-bruteforce-protector) that reduce dependency on Symfony?security.brute_force_attempt) map cleanly to Laravel’s event system? If not, how will custom handlers be implemented?// app/Http/Middleware/BruteForceMiddleware.php
public function handle($request, Closure $next) {
if (!$this->bruteForceChecker->canLogin($request)) {
abort(429, 'Too many attempts. Try again later.');
}
return $next($request);
}
AppServiceProvider:
$this->app->singleton(BruteForceChecker::class, function ($app) {
return new BruteForceChecker(
new OrmStorage(), // Laravel Eloquent adapter
config('login_gate.max_count_attempts'),
config('login_gate.timeout')
);
});
failed_attempts table.OrmStorage adapter using Eloquent.EventDispatcher with Laravel’s Events facade.StorageInterface) to decouple from Symfony-specific code.config.yml to Laravel’s config/login_gate.php:
return [
'storages' => ['orm'], // or ['cache']
'max_count_attempts' => 3,
'timeout' => 600,
'watch_period' => 3600,
];
app/Http/Kernel.php.canLogin() checks into Laravel’s AuthenticatesUsers trait or custom login logic.scheduler to purge old attempts).EXPIRE commands).monolog) to track attacks and false positives.watch_period to balance accuracy and database load.max_count_attempts or timeout → Lockouts or insufficient protection. Validate config on startup.INCR).How can I help you explore Laravel packages today?