Security - v2.0.2
Usage
The package exposes its functionality through five layers — sanitization helpers, escaping helpers, validation rules, middleware, and Content Security Policy — plus a set of Artisan commands for auditing and CSP management.
Topics
- Input validation + sanitization —
sanitizeEmail,sanitizeText,sanitizeInt,sanitizeArray,kses(),NoHtml/SecureUrlrules - Security headers —
security.headersmiddleware, configured headers, custom headers - Content Security Policy (CSP) — nonce generator, policy builder, presets, violation reporting, dashboard
- Rate limiting — named limiters, per-route
api.rate_limit - Session security — encrypted sessions, validation, hijacking detection
- API security —
api.securitymiddleware, token validation, API-specific headers - Artisan commands — full command reference (security:* and csp:*)
Quick reference
use ArtisanPackUI\Security\Facades\Security;
// Sanitize (input)
$email = Security::sanitizeEmail($request->input('email'));
$body = Security::kses($request->input('body'));
// Or use the helper functions
$email = sanitizeEmail($request->input('email'));
$body = kses($request->input('body'));
// Escape (output)
echo escHtml($user->bio);
echo escAttr($formAction);
echo escJs($payload);
{{-- CSP nonce on inline scripts --}}
<script @csp_nonce>
// ...
</script>
{{-- Validation rules --}}
'comment' => ['required', new NoHtml],
'website' => ['nullable', new SecureUrl],
// Middleware
Route::middleware(['csp', 'security.headers', 'xss.protection'])->group(...);
Route::middleware('api.rate_limit:api')->group(...);
# Artisan
php artisan security:audit
php artisan security:scan
php artisan security:test-headers
php artisan csp:generate