Introducing an Extra Security Layer to Laravel Nova

✨ How It Works

The package works by adding a middleware to Nova's routing system. When a request is made to access the admin panel, the middleware checks if the provided secret key matches the one set in the .env file. If the secret key matches, the request is allowed, and the admin panel is accessible. Otherwise, a 404 page is displayed, indicating that access is restricted.

📦 Installation

To get started, you'll need to install the "Nova Access Secret" package via Composer. Open your terminal and run the following command:

1composer require dasundev/nova-access-secret

composer require dasundev/nova-access-secret

If you wish to customize the configuration options, you can publish the package's config file using the following command:

1php artisan vendor:publish --tag="nova-access-secret-config"

php artisan vendor:publish --tag="nova-access-secret-config"

👩‍💻 Usage

Once you've installed the package, open your .env file and add the following key-value pair:

1NOVA_ACCESS_SECRET_KEY=secret

NOVA_ACCESS_SECRET_KEY=secret

Replace secret with the desired secret key you want to use. This secret key will serve as the access token to Nova.

To access Nova, you need to append the secret key to the Nova URL. Here's an example:

1https://my-website.com/nova/secret

https://my-website.com/nova/secret

By including the secret key in the URL, you ensure that only users who have the correct access token can access the Nova admin panel.

🚫 Disabling Secret Access

If you want to disable the secret access temporarily or permanently, you have two options:

Keep the NOVA_ACCESS_SECRET_KEY value empty in your .env file.
Delete the NOVA_ACCESS_SECRET_KEY key from the .env file.

Either of these options will disable the secret access requirement, allowing anyone to access the Nova admin panel without providing a secret key.

😀 Conclusion

Adding an access secret to your Nova installation provides an additional layer of security, ensuring that only authorized users can access the admin panel. With the "Nova Access Secret" package, you can easily require a secret key in the URL to secure your Nova access. By following the installation and usage instructions outlined in this blog post, you can enhance the security of your Nova-powered application and protect sensitive data.

Remember, security is crucial, and taking proactive steps to safeguard your admin panel is a wise decision.

Stay secure and enjoy using Nova! 💛