Secure masonite apps from spamming Bots, IP's and SQL injections.
- Block IP's
- Block Bots
- Throttle Requests
- Block SQL Injections
pip install masonite-security
Add SecurityProvider to your project in config/providers.py
:
# config/providers.py
# ...
from security import SecurityProvider
# ...
PROVIDERS = [
# ...
# Third Party Providers
SecurityProvider,
# ...
]
Then you can publish the package resources by doing:
python craft package:publish security
You can setup the security middleware globally or per route basis.
Global Setup
Open Kernal.py
file and add SecurityMiddleware
in "route_middleware" section:
route_middleware = {
"web": [SessionMiddleware, LoadUserMiddleware, VerifyCsrfToken, SecurityMiddleware],
"auth": [AuthenticationMiddleware],
}
Per Route Setup
In your routes add protect
middleware like this:
Route.get("/", "WelcomeController@show").middleware("protect")
Update your config/security.py
file based on your needs:
# config/security.py
# ...
BLOCK_IP = True
BLOCK_BOTS = True
THROTTLE_REQUESTS = True
MAX_REQUESTS = 20 # Max requests per IP (default: 20)
IP_BLOCK_DURATION = 60 # seconds (default: 60)
# list of IP addresses to block (default: [])
BLOCKED_IPS = [
#...
]
# list of Bot Agents to block
BLOCKED_BOTS = [
#...
]
# ...
Please read the Contributing Documentation here.
security is open-sourced software licensed under the MIT license.