PLATFORM

  • Tails

    Create websites with TailwindCSS

  • Blocks

    Design blocks for your website

  • Wave

    Start building the next great SAAS

  • Pines

    Alpine & Tailwind UI Library

  • Auth

    Plug'n Play Authentication for Laravel

  • Designer comingsoon

    Create website designs with AI

  • DevBlog comingsoon

    Blog platform for developers

  • Static

    Build a simple static website

  • SaaS Adventure

    21-day program to build a SAAS

COMMUNITY
MORE
Question By

alex

Unsolved
Back to All Questions

Question about Wave auth / 2fa / securing admin account

alexmorning

Aug 28th, 2023 09:30 PM

Originally I was going to put 2fa on my admin account only, but at least for now that's more than I need. But in my research for that I realized that I could not quite figure out if the Wave auth was built on top of any of the different auth options I keep seeing (Breeze, Jetstream, and Fortify are the 3 main ones) or if it was something else. I looked through the vendors and found JWT Auth Proxy, but in their docs I could not find much else about whether or not it was built no top of any of the aforementioned auth "packages"(?).

Aside from just wanting to know that, I wanted to see if anyone had any suggestions for a specific situation. I am trying to think of a way to just slightly lock down the admin account a bit more, but not as much as 2FA would secure it. Also, I cannot limit to an IP because I have no control over my dynamic IP at the moment or I would just do this.

My first thought was perhaps (if this is possible) to block the main login page from allowing admin login, even with correct credentials (like maybe it would perform a check of the email and whether the credentials are correct or not it will still just saying invalid login, or something). And then have a separate hidden page for admin login only that can only be accessed by knowing the URL (I realize that this is not a top-tier security measure, it is just one thing that would make me feel better).

Is there a simple way to accomplish that (prevent admin login on public login page)? Or is there a better way to achieve the same thing, which is just a slightly more secure admin login flow without adding 2FA?

Thank you!

Report
DigitalOcean Laravel News Genesis
bobbyiliev

Aug 31st, 2023 01:12 AM

Hey Alex,

Yes, you are correct, as Voyager uses different auth system it will not work with Breeze and Jetstream.

What you could try is this package here:

https://github.com/emptynick/voyager-2fa

Though it has not been maintained for a while and it's possible that it might not work out of the box.

On a side note, the Voyager repository has now been transferred over to the DevDojo organization. This means that we will start maintaining the package and we will be planning for a new version upgrade. I'll make sure to add 2FA to the feature list for the new version once we start working on it!

Best,

Bobby

Report
2