# تثبيت الحزمة
composer require salehye/laravel-security
# نشر الملفات
php artisan vendor:publish --provider="Salehye\LaravelSecurity\SecurityServiceProvider"
<?php
namespace App\Http\Controllers;
use Salehye\LaravelSecurity\Facades\Security;
use Salehye\LaravelSecurity\Traits\SecurityHelpers;
class UserController extends Controller
{
use SecurityHelpers;
public function store(Request $request)
{
// التحقق من التهديدات
$threats = detect_threats($request);
if (array_filter($threats)) {
Security::logThreat('input_threats', $threats);
abort(403, 'تم كشف محاولة اختراق');
}
// تنظيف المدخلات
$validated = $request->validate([
'username' => ['required', 'string', new NoSqlInjectionRule()],
'email' => ['required', 'email'],
'password' => ['required', new PasswordStrengthRule()],
]);
// تسجيل الحدث
Security::audit(auth()->user(), 'user_created', $validated);
return response()->json(['success' => true]);
}
}
<?php
namespace App\Http\Controllers\Api;
use Salehye\LaravelSecurity\Facades\Security;
class ApiController extends Controller
{
public function __construct()
{
// التحقق من توقيع الطلب
if (!Security::verifySignature(request())) {
abort(401, 'توقيع غير صالح');
}
// التحقق من الصلاحيات
if (!Security::verifyScopes(request(), ['read', 'write'])) {
abort(403, 'غير مصرح');
}
}
public function getData()
{
return response()->json([
'data' => $this->fetchData(),
'timestamp' => time(),
]);
}
}
<?php
namespace App\Http\Middleware;
use Closure;
use Salehye\LaravelSecurity\Facades\Security;
class RequireReauthentication
{
public function handle(Request $request, Closure $next)
{
if (!Security::requireReauthentication($request, 'sensitive_action')) {
return redirect()->route('auth.reauth')
->with('reauth_required', true);
}
return $next($request);
}
}
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Salehye\LaravelSecurity\Traits\Auditable;
class Setting extends Model
{
use Auditable;
protected array $auditExclude = ['secret_key'];
protected static function booted()
{
static::updated(function ($setting) {
Security::logSensitiveAction(
'setting_updated',
auth()->user(),
[
'setting' => $setting->key,
'old_value' => $setting->getOriginal('value'),
'new_value' => $setting->value,
]
);
});
}
}
<?php
namespace App\Listeners;
use Salehye\LaravelSecurity\Events\LoginAttemptFailed;
use Salehye\LaravelSecurity\Facades\Security;
class HandleFailedLogin
{
public function handle(LoginAttemptFailed $event): void
{
// إرسال إشعار
if ($this->isSuspicious($event)) {
Security::blockIp($event->ipAddress, 'محاولات دخول مشبوهة');
// إرسال إشعار للمسؤول
Mail::to('admin@example.com')
->send(new SuspiciousActivityAlert($event));
}
}
private function isSuspicious(LoginAttemptFailed $event): bool
{
// أكثر من 10 محاولات فاشلة
return cache()->get('failed_login_' . $event->ipAddress, 0) >= 10;
}
}
<?php
namespace App\Console\Commands;
use Illuminate\Console\Command;
use Salehye\LaravelSecurity\Facades\Security;
class SecurityCleanupCommand extends Command
{
protected $signature = 'security:cleanup';
protected $description = 'تنظيف السجلات الأمنية القديمة';
public function handle(): int
{
$deleted = Security::cleanOldLogs(30);
$this->info("تم حذف {$deleted} سجل قديم");
return 0;
}
}
<?php
namespace App\Http\Middleware;
use Closure;
use Salehye\LaravelSecurity\Facades\Security;
class SessionSecurity
{
public function handle(Request $request, Closure $next)
{
// التحقق من أمان الجلسة
if (!Security::validateSession($request)) {
auth()->logout();
return redirect()->route('login')
->with('error', 'انتهت الجلسة لأسباب أمنية');
}
// كشف الدخول المشبوه
if (auth()->check()) {
$suspicious = Security::detectSuspiciousLogin(
$request,
auth()->user()
);
if ($suspicious['suspicious']) {
return redirect()->route('2fa.verify')
->with('suspicious', true);
}
}
return $next($request);
}
}
<?php
namespace App\Http\Controllers;
use Salehye\LaravelSecurity\Services\RateLimitService;
class SearchController extends Controller
{
public function __construct(
private RateLimitService $rateLimit
) {}
public function search(Request $request)
{
// Rate Limiting مخصص
if ($this->rateLimit->isRateLimited($request)) {
return response()->json([
'error' => 'Too many requests',
'retry_after' => $this->rateLimit->retryAfter($request),
], 429);
}
$this->rateLimit->hit($request);
return response()->json([
'results' => $this->performSearch($request),
]);
}
}
// في أي مكان بالتطبيق
// تنظيف البيانات
$clean = sanitize($request->all());
// الحصول على IP العميل
$ip = get_client_ip();
// التحقق من Bot
if (is_bot()) {
// تعامل مع البوتات
}
// إخفاء البيانات الحساسة
$maskedEmail = mask_email($user->email); // a***d@example.com
$maskedPhone = mask_phone($user->phone); // *******1234
// توليد توكن آمن
$token = secure_random_token(64);
// التحقق من HTTPS
if (!is_secure_request()) {
abort(403, 'HTTPS required');
}
use Salehye\LaravelSecurity\Facades\Security;
// Audit logging
Security::audit(auth()->user(), 'action_name', ['key' => 'value']);
// Block IP
Security::blockIp('1.2.3.4', 'Reason', 24); // 24 hours
// Detect threats
$threats = Security::detectThreats($request);
// Sanitize input
$clean = Security::sanitize($request->all());
// API Request Signing
$signed = Security::signRequest($data, $apiKey);
// Session Management
Security::terminateAllOtherSessions($request);
$sessions = Security::getActiveSessions($userId);
// Rate Limiting
if (Security::isRateLimited($request)) {
abort(429);
}
How can I help you explore Laravel packages today?