/bffs

BFFS is a simple project built with Laravel that implements the backend for frontend pattern to help you build a security shield in front of your APIs and Microservices.

Primary LanguagePHPMIT LicenseMIT

🔰 BFFS - Backend for Frontend Shield

BFFS is a simple project built with Laravel that implements the backend for frontend pattern to help you build a security shield in front of your APIs and Microservices.

Here are some key points about BFFS:

  • Implements the backend for frontend pattern to separate the concerns of the frontend and backend and improve security.
  • Includes advanced request validation features, such as E.164 international phone number standard, password NIST standards, email RFC and DNS validation, email spoofing detection, and scanning uploaded files with Cisco ClamAV.
  • Uses Redis for rate limiting requests to improve security and reduce the risk of DDoS attacks.
  • Utilizes Swoole to speed up response time and improve overall performance.
  • Built using Laravel, a popular PHP web application framework, making it easy to integrate with existing systems.

Features

Monitoring

  • Uptime Monitor
  • SSL Certificate Expiry
  • Email notification
  • Slack notification

Performance Tuning

  • Running on Octane (Swoole or Roadrunner)
  • API Aggregation
  • Response Caching with Redis

Security Hardening

  • Trusted Hosts
  • Add Cloudflare IPs to Trusted Proxies
  • CORS Handling
  • Rate Limiting with Redis
  • Restricting Access by GeoIP2 (MaxMind DB)

Web Application Firewall (WAF)

  • Bot: Bad Bot Detection
  • RFI: Remote File Inclusion
  • XSS: Cross Site Scripting
  • SQLi: SQL Injection

Antivirus and Malware

  • Scanning uploaded files with Cisco ClamAV

Advanced Request Validation

  • Email RFC compliance
  • Email domain DNS
  • Email disposable/throwaway domains
  • Email spoofing detection
  • Email deliverability check
  • Password NIST standards
  • HaveIBeenPwned password check
  • Phone country prefix checking and E.164 standard
  • Phone number type: mobile, landline, etc
  • Phone number verification

Getting Started

To get started with BFFS, you will need to have a basic understanding of Laravel and its dependencies.

Installation

  1. Install the package via composer:
composer create-project moh8med/bffs
  1. Run the migrations:
php artisan migrate
  1. Configure your environment variables in the .env file.

  2. Update the databases:

# update the disposable domains list
php artisan disposable:update

# retrieves and cache Cloudflare's IP blocks
php artisan cloudflare:reload

# register for a license key at www.maxmind.com
# set your MAXMIND_LICENSE_KEY in .env file
# and update the geoip database
php artisan geoip:update
  1. Create your first uptime monitor:
# create your first monitor
php artisan monitor:create https://example.com/

# check the uptime of all sites
php artisan monitor:check-uptime
  1. You will need Cisco ClamAV installed to scan uploaded files against malwares:
docker run \
    --interactive \
    --publish 13310:3310 \
    --publish 7357 \
    --tty \
    --rm \
    --name "clam_container_01" \
    clamav/clamav:unstable

Then set CLAMAV_SKIP_VALIDATION=false in the .env file.

Usage

Once the server is running, you can start making requests to the endpoints that are protected by the BFFS shield.

  1. Start the server:
php artisan octane:start --port=8001 --watch
  1. Test your BFFS server:
curl http://127.0.0.1:8001/todos | jq

Contributions

If you would like to contribute to the project, please feel free to open a pull request with your changes.

License

This project is licensed under the MIT License.