Installation Run the package installer:
composer require moox/security
php artisan mooxsecurity:install
This handles migrations, config publishing, and service provider registration.
First Use Case Secure a route with basic authentication:
use Moox\Security\Facades\Security;
Route::get('/admin', function () {
return 'Admin Dashboard';
})->middleware(Security::class);
Verify the config/security.php for available middleware options.
Where to Look First
config/security.php (published via vendor:publish).app/Http/Middleware/ for auto-generated middleware.database/migrations/ for security-related tables (e.g., users, roles, or permissions).Role-Based Access Control (RBAC) Define roles and assign permissions in migrations or seeders:
use Moox\Security\Models\Role;
Role::create(['name' => 'admin', 'permissions' => ['create_user', 'delete_user']]);
Enforce in controllers:
public function __construct() {
$this->middleware('can:delete_user')->only(['destroy']);
}
API Token Authentication Generate and validate tokens via facade:
// Generate token for user
$token = Security::generateToken(auth()->user());
// Validate token in API
$user = Security::validateToken($token);
Rate Limiting Apply rate limits to routes:
Route::middleware(['throttle:60,1'])->group(function () {
// Rate-limited endpoints
});
User Registration Flow
Security::register() to create users with hashed passwords.Security::assignRole($user, 'admin').Password Reset
Security::sendPasswordResetLink($email).$user = Security::validateResetToken($token);
Audit Logging
Enable logging in config/security.php:
'logging' => [
'enabled' => true,
'model' => \Moox\Security\Models\AuditLog::class,
],
Log actions automatically:
Security::log('user.created', ['user_id' => $user->id]);
moox/security for hybrid auth:
use Moox\Security\Facades\Security;
use Laravel\Fortify\Fortify;
Fortify::authenticate(function () {
Security::checkPermission('edit_content');
});
// Store token in localStorage after login
localStorage.setItem('auth_token', response.token);
// Attach to API requests
axios.defaults.headers.common['Authorization'] = `Bearer ${localStorage.getItem('auth_token')}`;
Middleware Caching Clear cached routes after adding new middleware:
php artisan route:clear
Or disable caching in config/security.php:
'middleware' => [
'cache' => false,
],
Permission Caching Avoid stale permission checks by clearing cache:
php artisan cache:clear
Or use Security::refreshPermissions() in critical paths.
Token Expiry Default token TTL is 1 hour. Customize in config:
'tokens' => [
'ttl' => 24 * 60, // 24 hours
],
failed_jobs table for throttled requests.'debug' => env('APP_DEBUG', false),
storage/logs/laravel.log.Default Guard
Override the default guard in config/auth.php:
'defaults' => [
'guard' => 'moox',
],
Ensure moox guard is defined:
'guards' => [
'moox' => [
'driver' => 'session',
'provider' => 'users',
],
],
Custom Models
Extend default models in config/security.php:
'models' => [
'user' => \App\Models\CustomUser::class,
'role' => \App\Models\CustomRole::class,
],
Run php artisan mooxsecurity:publish to update stubs.
Custom Policies
Create policies in app/Policies/ and bind them:
use Moox\Security\Facades\Security;
Security::extendPolicy('post', \App\Policies\PostPolicy::class);
Event Listeners
Listen for security events (e.g., user.logged_in):
use Moox\Security\Events\UserLoggedIn;
UserLoggedIn::listen(function ($event) {
// Send welcome email
});
API Resources
Extend Moox\Security\Http\Resources\UserResource for custom fields:
namespace App\Http\Resources;
use Moox\Security\Http\Resources\UserResource as BaseUserResource;
class UserResource extends BaseUserResource {
public function toArray($request) {
$array = parent::toArray($request);
$array['custom_field'] = $this->custom_field;
return $array;
}
}
How can I help you explore Laravel packages today?