PHPackages robrogers3/laracastle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. robrogers3/laracastle ActiveLibrary[API Development](/categories/api) robrogers3/laracastle ===================== A Castle.io integration package for Laravel 1.0.1(6y ago)38MITPHP Since Jan 3Pushed 6y ago1 watchersCompare [ Source](https://github.com/robrogers3/Laracastle)[ Packagist](https://packagist.org/packages/robrogers3/laracastle)[ Docs](https://github.com/robrogers3/laracastle)[ RSS](/packages/robrogers3-laracastle/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (7)Versions (3)Used By (0) Laracastle ========== [](#laracastle) [![Latest Version on Packagist](https://camo.githubusercontent.com/e6aa8c8c54793f3a053ccb125c44a8097cfc2a38ca7d4bce44f4ebd93421ed4f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f726f62726f67657273332f4c617261636173746c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/robrogers3/Laracastle)[![Total Downloads](https://camo.githubusercontent.com/ec5c43d79b87208022233dde94145221e748d38db64081a8d0c9384cb1db4303/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f726f62726f67657273332f4c617261636173746c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/robrogers3/Laracastle)[![Build Status](https://camo.githubusercontent.com/4a9e9e627e697fd48c831cf7edbca91b3dfd43d7a95860db43f3811f7ad6c942/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f726f62726f67657273332f4c617261636173746c652f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/robrogers3/Laracastle) Laracastle is a package that automates the installation and configuration of [castle.io](https::castle.io) for your Laravel site. What's Castle.io ---------------- [](#whats-castleio) [Castle.io](https:/castle.io) proactively protects your users from account hacking. When you subscribe to their service, they make intelligent decisions when users attempt to login to your site or access protected resources. For more information, I recommend checking out their [site](https://castle.io). Why Laracastle? --------------- [](#why-laracastle) [Castle.io](https:/castle.io) is not difficult to integrate, but it does take some work. With this package, you can integrate [castle.io's](https:/castle.io) services within minutes instead of hours or even days. Installation ------------ [](#installation) Via Composer ``` $ composer require robrogers3/laracastle ``` Configuration ------------- [](#configuration) ### Requirements [](#requirements) Laracastle pretty much depends on the [Laravel Auth](https://laravel.com/docs/6.x/authentication) package. On Laravel 6, Auth is a separate package. So first install it. Without the Auth package you will have A LOT of work to do. ``` composer require laravel/ui --dev ``` Then do one of these: ``` php artisan ui bootstrap --auth # or php artisan ui vue --auth # or php artisan ui react --auth ``` And, then of course run this: ``` php artisan migrate ``` *Also if you plan to use Email Verification to protect important routes, which is recommended, you will need to configure the mail driver.* ### Initial Configuration [](#initial-configuration) After you have required the package via composer, run: ``` php artisan vendor:publish --provider='robrogers3\laracastle\LaracastleServiceProvider' ``` Next, set up castle.io. *If you don't know your castle.io APP\_ID or SECRET, then you need to sign up for [castle.io](https:/castle.io).* Then, update update your .env files, like so: ``` CASTLE_SECRET=YOUR_CASTLE_SECRET CASTLE_APP_ID=YOUR_CASTLE_APP_ID CASTLE_MODE=[evaluation|production] HOME_ROUTE='/home' ``` *When you are just starting out, set the CASTLE\_MODE to 'evaluation'. Once you are ready to take action, change the CASTLE\_MODE to 'production.'* *Also, castle requires a HOME\_ROUTE, which defaults to 'home', you can change this if your 'home' route changes.* ### Run the Automatic Install [](#run-the-automatic-install) To have Castle.io integrated in minutes just run this command: **NOTE: this will CLOBBER your User class and your AppServiceProvider.** ``` php artisan laracastle:install ``` ### Or, Install it Manually [](#or-install-it-manually) Add this line to your main layouts blade file (e.g. app.blade.php) in the head section: ``` @include('vendor/robrogers3/headscript/laracastle') ``` ### (Highly) Recommended Configuration Changes [](#highly-recommended-configuration-changes) Use "Email Verification" to protected your routes to greatly reduce your headaches! By default, if [castle.io](https://castle.io) challenges a login attempt then Laracastle will ask your user to login again, which can be a pain. A better alternative is to ensure users have verified their email address via the MustVerifyEmail interface. To start, first learn about [Laravel's Email Verification](https://laravel.com/docs/master/verification). Next update your Auth routes in routes/web.php like so: ``` Auth::routes(['verify' => true]); ``` Then **make sure** your user implements 'MustVerifyEmail' and 'Laracastle\\UserInterface'. You will also need to add these two traits to your user model: - ResetsAccounts, and - ChecksVerification Your User class will look like this: ``` use robrogers3\Laracastle\UserInterface; use robrogers3\Laracastle\Traits\ChecksVerification; use robrogers3\Laracastle\Traits\ResetsAccount; use Illuminate\Contracts\Auth\MustVerifyEmail; use Illuminate\Foundation\Auth\User as Authenticatable; use Illuminate\Notifications\Notifiable; class User extends Authenticatable implements MustVerifyEmail, UserInterface { use Notifiable, ResetsAccount, ChecksVerification; //... } ``` Lastly, protected routes that should be verified by email. Like so: ``` Route::get('home', function () { // Only verified users may enter... })->middleware('verified'); // verified middleware is the key! ``` Optional but Recommended: Add this to your AppServiceProvider ``` //... use App\User; use robrogers3\Laracastle\UserInterface; //... public function boot() { $this->app->bind(UserInterface::class, function ($app) { return User::class; }); } ``` ### When you are ready to go live. [](#when-you-are-ready-to-go-live) **First** head over to [Web Hooks on your Castle.io Dashboard](https://dashboard.castle.io/settings/webhooks). And set two webhook end points: 1. For the '$incident.confirmed' event add this endpoint: ``` https://your-base-url.com/laracastle/compromised-webhook ``` 2. For the '$review.opened' event add this endpoint: ``` https://your-base-url.com/laracastle/review-webhook ``` Do NOT select **Subscribe to All Events** for either endpoint. [![review device](webhook.png)](webhook.png) *Note the second webhook is recommended but optional.* **Next**, if you're feeling ambitious, style the review device page. [![review device](review-device.png)](review-device.png) You can find it in: ``` ./resources/views/vendor/robrogers3/pages/device.blade.php ``` Congrats **you’re done**. Your users are now protected by [castle.io](https://castle.io). How It (Laracastle) Works? -------------------------- [](#how-it-laracastle-works) ### Protecting Your User Accounts On Login [](#protecting-your-user-accounts-on-login) Laracastle hooks into several events dispatched by Laravel related to the user authentication processes. Like: Logging In, Logging Out, and Resetting Passwords. Most important is the Login Event. When the Login Event is fired, Laracastle makes a realtime request to [castle.io](https:/castle.io) to determine if the request looks 'suspicious' or 'authentic'. And depending on the level of suspiciousness, it can either Allow the login, Challenge the login, or Deny the Login. If the Login is allowed, then Laracastle proceeds as per usual. If the Login is challenged, then we either ask the user to verify their email address, or request that they login again. (See [config](#Configuration) ) If the Login is denied, then we disallow Login, and then Laravel will take over to lock the account for a specified duration. [Learn more about throttling requests](https://laravel.com/docs/6.x/authentication#login-throttling) on Laravel.com. ### Proactively Protecting Your Accounts with Webhooks [](#proactively-protecting-your-accounts-with-webhooks) #### When your account may have been compromised. [](#when-your-account-may-have-been-compromised) If Castle.io determines that an account may have been compromised, it sends a request to a webhook in Laracastle. Laracastle uses this information to reset the user's account password, and then notify them via email that their account may have been compromised and that they need to reset their password before they can access protected resources. [![account reset notification](account-reset-notification.png)](account-reset-notification.png) #### When unusual or suspicious devices access your account. [](#when-unusual-or-suspicious-devices-access-your-account) When castle.io believes there has been unusual or suspicious device activity accessing your account, it sends another webhook to Laracastle. Laracastle uses this information to notify the user of the activity, and asks them review it. [![review device notification](review-device-notification.png)](review-device-notification.png) On clicking 'Review Device' from the notification, they are able to see the details of the activity. The user can either confirm it was valid activity, or report it as invalid. If it is valid, the suspicious activity is resolved, otherwise, the activity is escalated. When escalated the compromised webhook will be run, the account password will be reset, and the user will be notified via email. Change log ---------- [](#change-log) Please see the [changelog](changelog.md) for more information on what has changed recently. Testing ------- [](#testing) ``` $ composer test ``` Contributing ------------ [](#contributing) Please see [contributing.md](contributing.md) for details and a todolist. Security -------- [](#security) If you discover any security related issues, please email author email instead of using the issue tracker. Credits ------- [](#credits) - [Rob Rogers](https://github.com/robrogers3) License ------- [](#license) [MIT License](LICENSE) ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community7 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~10 days Total 2 Last Release 2309d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/ed5d501555b869b634cf8ae93fef690391122bd9e3c2624dafd095cc907cf90a?d=identicon)[robrogers3](/maintainers/robrogers3) --- Top Contributors [![robrogers3](https://avatars.githubusercontent.com/u/2775002?v=4)](https://github.com/robrogers3 "robrogers3 (32 commits)") --- Tags castleintegrationlaravelpackagephplaravelintegrationLaracastleCastle.io ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/robrogers3-laracastle/health.svg) ``` [![Health](https://phpackages.com/badges/robrogers3-laracastle/health.svg)](https://phpackages.com/packages/robrogers3-laracastle) ``` ### Alternatives [mollie/laravel-mollie Mollie API client wrapper for Laravel & Mollie Connect provider for Laravel Socialite 3624.1M28](/packages/mollie-laravel-mollie)[mll-lab/laravel-graphiql Easily integrate GraphiQL into your Laravel project 683.2M9](/packages/mll-lab-laravel-graphiql)[lasserafn/laravel-economic Economic REST wrapper for Laravel 1118.5k](/packages/lasserafn-laravel-economic)[offline-agency/laravel-fatture-in-cloud An integration plugin with Fatture in Cloud Api written in Laravel PHP 101.1k](/packages/offline-agency-laravel-fatture-in-cloud)[surface/laravel-webfinger A Laravel package to create an ActivityPub webfinger. 113.8k](/packages/surface-laravel-webfinger) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)