Anvil
Anvil - The mobile companion for Laravel Forge. Available now. Download for iOS
Rappasoft

Middleware

The package includes middleware to protect routes that require trusted devices.

Require Trusted Device Middleware

Protect sensitive routes by requiring users to be logged in from a trusted device:

1use Illuminate\Support\Facades\Route;
2 
3Route::middleware(['auth', 'device.trusted'])->group(function () {
4    Route::get('/settings/security', [SettingsController::class, 'security']);
5    Route::post('/settings/change-password', [SettingsController::class, 'changePassword']);
6    Route::get('/billing', [BillingController::class, 'index']);
7});

How It Works

The middleware:

  1. Checks if the user is authenticated
  2. Generates a fingerprint for the current device
  3. Verifies the device is marked as trusted
  4. Returns 403 error if device is not trusted

Error Response

If a user tries to access a protected route from an untrusted device, they'll receive a 403 error with the message:

"This action requires a trusted device. Please verify your device in your account settings."

Example: Trust Device Flow

 1// Route to trust current device
 2Route::post('/devices/trust-current', function () {
 3    $user = auth()->user();
 4    $deviceId = \Rappasoft\LaravelAuthenticationLog\Helpers\DeviceFingerprint::generate(request());
 5 
 6    $user->trustDevice($deviceId);
 7 
 8    return redirect()->back()->with('success', 'Device trusted successfully');
 9})->name('devices.trust-current');
10 
11// Protected route
12Route::middleware(['auth', 'device.trusted'])->group(function () {
13    Route::get('/sensitive-action', function () {
14        return view('sensitive-action');
15    });
16});

Customizing Middleware Behavior

You can create your own middleware based on the package middleware:

 1namespace App\Http\Middleware;
 2 
 3use Closure;
 4use Illuminate\Http\Request;
 5use Rappasoft\LaravelAuthenticationLog\Helpers\DeviceFingerprint;
 6 
 7class RequireTrustedDeviceOrVerification
 8{
 9    public function handle(Request $request, Closure $next)
10    {
11        $user = $request->user();
12        $deviceId = DeviceFingerprint::generate($request);
13 
14        // Allow if device is trusted OR user has verified via 2FA
15        if ($user->isDeviceTrusted($deviceId) || $request->session()->has('2fa_verified')) {
16            return $next($request);
17        }
18 
19        // Redirect to verification page instead of 403
20        return redirect()->route('verify-device');
21    }
22}