Steps to implement Basic Auth (on top of the FilamentUser contract)?

I'd like to double-lock-down my application with "implements FilamentUser" as well as Basic Auth.
I already have the former in place. How can I add Basic Auth on top of that for all Filament-related URLs/resources?
Thank you!

Solution

2FA would definitely be better that basic auth.

Jump to solution

awcodes•1/6/24, 12:52 AM

Can you explain more. I don’t see where basic auth plays into server side routing.

agileadamOP•1/6/24, 12:57 AM

I have some minimal PII in this environment. I would feel better having a Basic Auth speedbump in front of the normal filament login. In simple PHP applications I'd use .htaccess/.htpasswd. I see there is middleware in Laravel (https://laravel.com/docs/10.x/authentication#http-basic-authentication) but I wasn't sure if I could apply this somehow to filament paths without causing issues.

agileadamOP•1/6/24, 1:01 AM

I only have 2 users in my Users table, and I do have canAccessPanel() implemented to only allow a very specific email address pattern. I imagine it's quite secure as-is... just looking for that extra peace of mind.

awcodes•1/6/24, 1:01 AM

That’s weird to me, but hey. Through it in and see what happens. I think it’s unnecessary personally.

agileadamOP•1/6/24, 1:01 AM

Yeah, you are probably right.

agileadamOP•1/6/24, 1:01 AM

Probably would be better to spend my time looking into 2FA, huh

awcodes•1/6/24, 1:01 AM

Do you really need auth on top of auth and and actual login is going to be more secure.

agileadamOP•1/6/24, 1:02 AM

Well, I'll certainly give it more thought.

agileadamOP•1/6/24, 1:02 AM

I appreciate your time.

Solution

awcodes•1/6/24, 1:02 AM

2FA would definitely be better that basic auth.

agileadamOP•1/6/24, 1:03 AM

I agree. That would give me peace of mind. I will likely persue that.

agileadamOP•1/6/24, 1:03 AM

I see there is already at least one plugin. https://github.com/webbingbrasil/filament-2fa

I'll give this a look on Monday. Thank you again!

GitHub

GitHub - webbingbrasil/filament-2fa: A Two Factor Authentication pa...

A Two Factor Authentication package for Filament Admin - GitHub - webbingbrasil/filament-2fa: A Two Factor Authentication package for Filament Admin

DrByte•1/6/24, 4:31 AM

The Filament-Breezy plugin also has 2FA, along with a bunch of other things.

Steps to implement Basic Auth (on top of the FilamentUser contract)?

Similar Threads

Similar Threads

Similar Threads