Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Littlegatekeeper
Assessments

Laravel Littlegatekeeper Laravel Package

spatie/laravel-littlegatekeeper

Laravel middleware to password-protect your app with a single, universal username/password set in config. Quickly gate staging, previews, or temporary launches without building a full auth system; publish config and enable the provider to lock down pages.

View on GitHub
Deep Wiki
Context7

Getting Started

Minimal Setup

  1. Installation:

    composer require spatie/laravel-littlegatekeeper

    Publish the config file:

    php artisan vendor:publish --provider="Spatie\Littlegatekeeper\LittlegatekeeperServiceProvider"

  2. Configure: Edit .env or config/littlegatekeeper.php:

    LITTLEGATEKEEPER_USERNAME=admin
LITTLEGATEKEEPER_PASSWORD=securepassword

  3. First Use Case: Protect a route or controller method:

    use Spatie\Littlegatekeeper\Middleware\CheckLittlegatekeeper;

Route::get('/admin', function () {
    return 'Admin Dashboard';
})->middleware(CheckLittlegatekeeper::class);

Implementation Patterns

Core Workflows

  1. Route Protection: Apply middleware to routes, controllers, or groups:

    Route::middleware([CheckLittlegatekeeper::class])->group(function () {
    Route::get('/secret', 'SecretController@index');
});

  2. Dynamic Credentials: Override credentials per request (e.g., API keys):

    Littlegatekeeper::setCredentials('api_user', 'api_key');

  3. Custom Views: Extend the default 403 view by publishing assets:

    php artisan vendor:publish --tag=littlegatekeeper-views

    Then customize resources/views/vendor/littlegatekeeper/403.blade.php.

Integration Tips

  • APIs: Useful for admin APIs or internal endpoints.
  • Laravel Sanctum/Passport: Combine with auth middleware for layered security: 
    Route::middleware([CheckLittlegatekeeper::class, 'auth:sanctum'])->get('/api/admin');
  • Environment-Specific: Disable in production via config: 
    'enabled' => env('APP_ENV') !== 'production',

Gotchas and Tips

Pitfalls

  1. Middleware Order: Place CheckLittlegatekeeper before other auth middleware (e.g., auth) to avoid bypassing it.

  2. Password Hashing: The package does not hash passwords by default. Store plaintext credentials securely (e.g., .env or secrets manager).

  3. Caching: Credentials are not cached. Repeated failed attempts may log multiple entries.

Debugging

  • Failed Logins: Check Laravel logs for Littlegatekeeper errors.
  • Middleware Not Triggering: Verify the middleware is registered in app/Http/Kernel.php under $routeMiddleware.

Extension Points

  1. Custom Logic: Override the CheckCredentials contract to add logic (e.g., IP whitelisting):

    Littlegatekeeper::setCredentialsChecker(function ($username, $password) {
    return $username === 'admin' && $password === 'secure' && request()->ip() === '192.168.1.1';
});

  2. Rate Limiting: Combine with Laravel’s throttle middleware to limit login attempts:

    Route::middleware([CheckLittlegatekeeper::class, 'throttle:5,1'])->get('/login');

  3. Multi-Tenant: Use the setCredentials method dynamically per tenant:

    Littlegatekeeper::setCredentials(Tenant::current()->admin_username, Tenant::current()->admin_password);
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport