RequirePin

RequirePin is a Laravel package that provides middleware to enforce PIN confirmation and validation before processing requests to specified routes, adding an extra layer of security to your application.

Table of Contents

• Requirements
• Installation
• Configuration
• Usage
  • Applying Middleware
  • Routes
• Customization
  • Publishing Configuration
  • Publishing Language Files
  • Publishing Views
• Reserved Keys for Payload
• To Display Return Payload Within Blade
• Security Considerations
• Contributing
• License

Requirements

• PHP 7.3 or higher
• Laravel 8 or higher

Installation

To install the package, run the following command:

composer require ikechukwukalu/requirepin

After installation, publish the migration files:

php artisan vendor:publish --tag=rp-migrations

Then, run the migrations:

php artisan migrate

Configure your .env file to use Redis for queue management:

REDIS_CLIENT=predis
QUEUE_CONNECTION=redis

Finally, start the queue worker:

php artisan queue:work

Configuration

RequirePin uses Redis to manage PIN confirmation queues efficiently. Ensure that your Redis server is properly configured and running.

Usage

Applying Middleware

To enforce PIN confirmation on specific routes, apply the require.pin middleware to those routes or route groups. For example:

Route::middleware(['require.pin'])->group(function () {
    // Protected routes
});

Routes

The package provides the following routes:

API Routes:

• POST api/change/pin: Endpoint to change the user's PIN.
• POST api/pin/required/{uuid}: Endpoint to confirm the PIN for a specific request.

Web Routes:

• POST change/pin: Endpoint to change the user's PIN.
• POST pin/required/{uuid}: Endpoint to confirm the PIN for a specific request.
• GET change/pin: Page to display the form for changing the PIN.
• GET pin/required/{uuid?}: Page to display the form for PIN confirmation.

Note: To receive JSON responses, add the 'Accept: application/json' header to your requests.

Reserved Keys for Payload

The following keys are reserved for use within the payload:

• uuid - Unique identifier for the PIN request.
• pin - The PIN value submitted by the user.
• expires - Expiration time for the PIN request.
• signature - Timestamp indicating when the PIN was verified.
• return_payload
• pin_validation

Ensure these keys are not overridden when handling the payload.

To Display Return Payload Within Blade

To display the returned payload values within a Blade template, use:

@if (session('return_payload'))
    @php
        [$status, $status_code, $data] = json_decode(session('return_payload'), true);
    @endphp
    <div class="alert alert-{!! $status === 'fail' ? 'danger' : 'success' !!} m-5 text-center">
        {!! $data['message'] !!}
    </div>
@endif

You can customize this based on your application's needs.

Security Considerations

• PIN Policies: Ensure that your application enforces strong PIN policies, such as minimum length and complexity requirements.
• Rate Limiting: Implement rate limiting on PIN confirmation endpoints to prevent brute-force attacks.
• Secure Storage: Store PINs securely using appropriate hashing algorithms.

Contributing

Contributions are welcome! Please read the contribution guidelines before submitting a pull request.

License

This package is open-sourced software licensed under the MIT license.