GitHub Workflow Status (branch) PyPI GitHub release (latest by date including pre-releases) License

Masonite Security

Secure masonite apps from spamming Bots, IP's and SQL injections.

Features

[x] Block IP's
[x] Block Bots
[x] Throttle Requests
[ ] Block SQL Injections

Installation

pip install masonite-security

Configuration

Add SecurityProvider to your project in config/providers.py:

# config/providers.py
# ...
from security import SecurityProvider

# ...
PROVIDERS = [
    # ...
    # Third Party Providers
    SecurityProvider,
    # ...
]

Then you can publish the package resources by doing:

python craft package:publish security

Register Middleware.

You can setup the security middleware globally or per route basis.

Global Setup

Open Kernal.py file and add SecurityMiddleware in "route_middleware" section:

route_middleware = {
      "web": [SessionMiddleware, LoadUserMiddleware, VerifyCsrfToken, SecurityMiddleware],
      "auth": [AuthenticationMiddleware],
  }

Per Route Setup

In your routes add protect middleware like this:

Route.get("/", "WelcomeController@show").middleware("protect")

Configure Security Config

Update your config/security.py file based on your needs:

# config/security.py
# ...
BLOCK_IP = True
BLOCK_BOTS = True
THROTTLE_REQUESTS = True

MAX_REQUESTS = 20 # Max requests per IP (default: 20)
IP_BLOCK_DURATION = 60  # seconds (default: 60)

# list of IP addresses to block (default: [])
BLOCKED_IPS = [
  #...
]

# list of Bot Agents to block
BLOCKED_BOTS = [
    #...
]
# ...

Contributing

Please read the Contributing Documentation here.

Maintainers

[x] Yubaraj Shrestha

License

security is open-sourced software licensed under the MIT license.