Steps to implement Basic Auth (on top of the FilamentUser contract)?
I'd like to double-lock-down my application with "implements FilamentUser" as well as Basic Auth.
I already have the former in place. How can I add Basic Auth on top of that for all Filament-related URLs/resources?
Thank you!
10 Replies
Can you explain more. I don’t see where basic auth plays into server side routing.
I have some minimal PII in this environment. I would feel better having a Basic Auth speedbump in front of the normal filament login. In simple PHP applications I'd use .htaccess/.htpasswd. I see there is middleware in Laravel (https://laravel.com/docs/10.x/authentication#http-basic-authentication) but I wasn't sure if I could apply this somehow to filament paths without causing issues.
I only have 2 users in my Users table, and I do have canAccessPanel() implemented to only allow a very specific email address pattern. I imagine it's quite secure as-is... just looking for that extra peace of mind.
That’s weird to me, but hey. Through it in and see what happens. I think it’s unnecessary personally.
Yeah, you are probably right.
Probably would be better to spend my time looking into 2FA, huh
Do you really need auth on top of auth and and actual login is going to be more secure.
Well, I'll certainly give it more thought.
I appreciate your time.
Solution
2FA would definitely be better that basic auth.
I agree. That would give me peace of mind. I will likely persue that.
I see there is already at least one plugin. https://github.com/webbingbrasil/filament-2fa
I'll give this a look on Monday. Thank you again!
GitHub
GitHub - webbingbrasil/filament-2fa: A Two Factor Authentication pa...
A Two Factor Authentication package for Filament Admin - GitHub - webbingbrasil/filament-2fa: A Two Factor Authentication package for Filament Admin
The Filament-Breezy plugin also has 2FA, along with a bunch of other things.