PHPackages jurianarie/unauthorised-laravel-endpoints - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. jurianarie/unauthorised-laravel-endpoints ActiveLibrary jurianarie/unauthorised-laravel-endpoints ========================================= Detect unauthorised endpoints in your Laravel application v1.0.2(1y ago)025MITPHPPHP ^7.4|^8.0.2 Since Jun 2Pushed 1y ago1 watchersCompare [ Source](https://github.com/JurianArie/unauthorised-laravel-endpoints)[ Packagist](https://packagist.org/packages/jurianarie/unauthorised-laravel-endpoints)[ Docs](https://github.com/JurianArie/unauthorised-laravel-endpoints)[ RSS](/packages/jurianarie-unauthorised-laravel-endpoints/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (5)Dependencies (5)Versions (6)Used By (0) Detecting unauthorized routes ============================= [](#detecting-unauthorized-routes) [![CI](https://github.com/JurianArie/unauthorised-laravel-endpoints/actions/workflows/ci.yml/badge.svg)](https://github.com/JurianArie/unauthorised-laravel-endpoints/actions/workflows/ci.yml) It's easy to forget authorization. This package is here to help you out! Installation ------------ [](#installation) You can install the package via composer: ``` composer require jurianarie/unauthorised-laravel-endpoints --dev ``` You can publish the config file with: ``` php artisan vendor:publish --tag="unauthorized-detection" ``` How it works ------------ [](#how-it-works) This package looks through all routes defined in your application and tries to find authorization checks. There are a few build in checks: - Authorization via middleware - Authorization via FormRequests - Authorization via source code (This has some [limitations](#limitations).) Usage ----- [](#usage) ``` php artisan unauthorised-endpoints:detect ``` Or exclude vendor routes: ``` php artisan unauthorised-endpoints:detect --except-vendor ``` > Tip: the same arguments are available as with [route:list](https://laravel.com/docs/9.x/routing#the-route-list) Configuration ------------- [](#configuration) ### Specify authentication middleware [](#specify-authentication-middleware) By default, only the `auth` middleware is checked. **Routes without the specified middleware will be ignored.** ``` 'authentication-middleware' => [ 'auth:api', // Only check api. ], ``` ### Specify authorization middleware [](#specify-authorization-middleware) Here you can specify the middleware that is used to authorize the routes. ``` 'authorization-middleware' => [ 'your-custom-middleware', ], ``` ### Specify authorization methods [](#specify-authorization-methods) You can add regular expressions. ``` 'authorization-methods' => [ '/\$this->authorize\(\'(.*)\\)/', '/Gate::authorize\(\'(.*)\\)/', ], ``` ### Ignoring routes [](#ignoring-routes) You can ignore routes the same way as with `Request::is()` and `Request::routeIs()` . Adding custom detection ----------------------- [](#adding-custom-detection) You can add custom detection by adding a class that implements `\JurianArie\UnauthorisedDetection\Detectors\DetectsAuthorization` to the `'authorization-detectors'` array in your config. Limitations ----------- [](#limitations) You might get false positives if your authorization has to be detected in your source code. - Your action doesn't have any source code. - Your authorization happens further down in the call stack. - Your authorization uses structures such as `abort_if($user->cannot(...)`, `if ($user->cannot(...)) {...}` License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. ### Health Score 30 — LowBetter than 64% of packages Maintenance42 Moderate activity, may be stable Popularity6 Limited adoption so far Community7 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~244 days Total 5 Last Release 463d ago Major Versions v0.1.1-beta → v1.0.02025-02-04 ### Community Maintainers ![](https://www.gravatar.com/avatar/f3eb82a3900377ccd578a43dbb89d952341b61de68618c7138a5dfad5cc794ec?d=identicon)[jurianarie](/maintainers/jurianarie) --- Top Contributors [![JurianArie](https://avatars.githubusercontent.com/u/28654085?v=4)](https://github.com/JurianArie "JurianArie (50 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/jurianarie-unauthorised-laravel-endpoints/health.svg) ``` [![Health](https://phpackages.com/badges/jurianarie-unauthorised-laravel-endpoints/health.svg)](https://phpackages.com/packages/jurianarie-unauthorised-laravel-endpoints) ``` ### Alternatives [anourvalar/eloquent-serialize Laravel Query Builder (Eloquent) serialization 11320.2M21](/packages/anourvalar-eloquent-serialize)[namu/wirechat A Laravel Livewire messaging app for teams with private chats and group conversations. 54324.5k](/packages/namu-wirechat)[statamic-rad-pack/runway Eloquently manage your database models in Statamic. 135192.6k5](/packages/statamic-rad-pack-runway) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)