Laravel Logs with simplest HTTP Basic Auth
There’s a cool visual log viewer for Laravel 4/5: rap2hpoutre/laravel-log-viewer. Installation is short and straight-forward but logs shouldn’t be accessible by anyone. That’s why I setup access password. The easier, the better so this time I just used HTTP Basic Auth but without database.
After the Log Viewer is installed I add a new routing:
Route::group(['before' => 'auth.basic'], function() {
Route::get('llogs', '\Rap2hpoutre\LaravelLogViewer\LogViewerController@index');
Route::get('llogs-reset', function() {
$files = new \Illuminate\Filesystem\Filesystem;
foreach ($files->files(storage_path().'/logs') as $file) {
$files->delete($file);
}
});
});
Laravel comes up with auth.basic filter but that’s not what I want since it needs an access to database containing ‘users’ table. Instead, I just change that default filter to a simple custom one in app/filters.php :
Route::filter('auth.basic', function() {
if (!isset($_ENV['SpecialAccessPassword']) || sha1(Request::getPassword()) != $_ENV['SpecialAccessPassword']) {
if (!empty(Request::getPassword())) {
Log::info('Logs: auth.basic bad password: '.Request::getPassword().' / '.Request::getUser());
}
$headers = ['WWW-Authenticate' => 'Basic'];
return Response::make('Invalid credentials.', 401, $headers);
}
});
My password hash (sha1) lies in .env.php file.
In my case .htaccess needed a modification, too. That’s what I got from Laravel’s Security:
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Great! Now my logs are protected by password!