BFFS is a simple project built with Laravel that implements the backend for frontend pattern to help you build a security shield in front of your APIs and Microservices.
Here are some key points about BFFS:
- Implements the backend for frontend pattern to separate the concerns of the frontend and backend and improve security.
- Includes advanced request validation features, such as E.164 international phone number standard, password NIST standards, email RFC and DNS validation, email spoofing detection, and scanning uploaded files with Cisco ClamAV.
- Uses Redis for rate limiting requests to improve security and reduce the risk of DDoS attacks.
- Utilizes Swoole to speed up response time and improve overall performance.
- Built using Laravel, a popular PHP web application framework, making it easy to integrate with existing systems.
- Uptime Monitor
- SSL Certificate Expiry
- Email notification
- Slack notification
- Running on Octane (Swoole or Roadrunner)
- API Aggregation
- Response Caching with Redis
- Trusted Hosts
- Add Cloudflare IPs to Trusted Proxies
- CORS Handling
- Rate Limiting with Redis
- Restricting Access by GeoIP2 (MaxMind DB)
- Bot: Bad Bot Detection
- RFI: Remote File Inclusion
- XSS: Cross Site Scripting
- SQLi: SQL Injection
- Scanning uploaded files with Cisco ClamAV
- Email RFC compliance
- Email domain DNS
- Email disposable/throwaway domains
- Email spoofing detection
- Email deliverability check
- Password NIST standards
- HaveIBeenPwned password check
- Phone country prefix checking and E.164 standard
- Phone number type: mobile, landline, etc
- Phone number verification
To get started with BFFS, you will need to have a basic understanding of Laravel and its dependencies.
- Install the package via composer:
composer create-project moh8med/bffs
- Run the migrations:
php artisan migrate
-
Configure your environment variables in the .env file.
-
Update the databases:
# update the disposable domains list
php artisan disposable:update
# retrieves and cache Cloudflare's IP blocks
php artisan cloudflare:reload
# register for a license key at www.maxmind.com
# set your MAXMIND_LICENSE_KEY in .env file
# and update the geoip database
php artisan geoip:update
- Create your first uptime monitor:
# create your first monitor
php artisan monitor:create https://example.com/
# check the uptime of all sites
php artisan monitor:check-uptime
- You will need Cisco ClamAV installed to scan uploaded files against malwares:
docker run \
--interactive \
--publish 13310:3310 \
--publish 7357 \
--tty \
--rm \
--name "clam_container_01" \
clamav/clamav:unstable
Then set CLAMAV_SKIP_VALIDATION=false
in the .env
file.
Once the server is running, you can start making requests to the endpoints that are protected by the BFFS shield.
- Start the server:
php artisan octane:start --port=8001 --watch
- Test your BFFS server:
curl http://127.0.0.1:8001/todos | jq
If you would like to contribute to the project, please feel free to open a pull request with your changes.
This project is licensed under the MIT License.