Download the PHP package mcbanks/mcbankslaravel without Composer

MCBANKS Laravel

A Laravel starter template with role-based authentication, Livewire components, and a modern UI. Perfect for building web applications with user management and permission systems.

🚀 Features

• Laravel 12 - Latest Laravel framework
• Livewire 4.1 - Dynamic components without writing JavaScript
• Spatie Laravel Permission - Role and permission system
• Role-Based Authentication - Admin, Host, Guest roles with permissions
• Email Verification - Required for secure account access
• Multi-Step Registration - Wizard-style form with validation
• Modern UI - Tailwind CSS, Glass Morphism, Gradients
• Password Strength Indicator
• Responsive Design
• Geographical Data - Complete countries, states, cities with currencies
• Kenyan Administrative Data - All 47 counties with constituencies and wards
• User Profiles - Complete profile management system
• Avatar Upload - Image processing with thumbnails and cropping
• Privacy Settings - Granular privacy controls
• Profile Completion - Progress tracking and indicators
• Social Authentication - OAuth login with Google, GitHub
• Account Linking - Connect multiple social accounts
• Account Merging - Smart conflict resolution

🔒 Security Features

• Two-Factor Authentication - TOTP support with recovery codes
• Granular Rate Limiting - Endpoint-specific rate limiting rules
• User Activity Audit Logging - Comprehensive security monitoring
• IP Blacklisting - Automatic blocking of suspicious IPs
• Suspicious Activity Detection - AI-driven anomaly detection
• Security Event Tracking - Real-time security monitoring

📚 Documentation

• Comprehensive API Documentation - Complete REST API reference
• Developer Setup Guide - Step-by-step development instructions
• Production Deployment Guide - Multiple deployment strategies
• Security Best Practices - Enterprise-grade security guidelines

📦 Installation

Quick Start

The setup script automatically:

• ✅ Installs all PHP dependencies with optimized autoloader
• ✅ Creates .env file from example
• ✅ Generates application key
• ✅ Runs database migrations
• ✅ Seeds database with geographical data, profiles, and sample social accounts
• ✅ Installs Node.js dependencies
• ✅ Builds frontend assets

Manual Setup

1. Clone the repository

2. Install dependencies

3. Environment setup

4. Configure database

• Edit .env with your database credentials

5. Run migrations

6. Build assets

7. Start development server

🎯 Quick Setup Script

Use the built-in composer script for automated setup:

This script will:

• Install PHP dependencies (composer install)
• Copy .env.example to .env if it doesn't exist
• Generate application key (php artisan key:generate)
• Run database migrations (php artisan migrate --force)
• Install Node.js dependencies (npm install)
• Build frontend assets (npm run build)

🔧 Development

Development server with all services:

This command runs multiple services concurrently:

• Laravel development server (PHP artisan serve)
• Queue worker (php artisan queue:listen)
• Log viewer (php artisan pail)
• Vite frontend build (npm run dev)

Run tests:

The test command clears configuration cache before running tests for consistent results.

� Geographical Data Included

This package comes with comprehensive geographical data that's automatically seeded during installation:

🌐 International Data

• Countries - 250+ countries with complete information:

  • Name, ISO codes (ISO2, ISO3)
  • Capital cities, currencies, currency symbols
  • Phone codes, top-level domains
  • Regions, subregions, timezones
  • Latitude/longitude coordinates
  • Emoji flags and WikiData IDs

• States/Provinces - 5,000+ states and provinces worldwide

  • Linked to countries with proper relationships
  • ISO codes, FIPS codes, coordinates
• Cities - 150,000+ cities globally
  • Linked to states and countries
  • Geographic coordinates
  • Country and state codes

🇰🇪 Kenyan Administrative Data

• Counties - All 47 Kenyan counties

  • Complete county names and relationships
• Sub-Counties - Comprehensive administrative structure:
  • Constituencies - 290+ constituencies across all counties
  • Wards - 1,450+ wards nationwide
  • Proper relationships between counties, constituencies, and wards

💰 Currency Information

• Integrated currency data for all countries
• Currency symbols and codes included
• Perfect for financial applications

📊 Database Schema

🔧 Usage Examples

��️ Authentication System

Registration (RegistrationForm)

• Multi-step wizard
• Optional role selection (default member)
• Conditional validation for profile fields

• Role-specific profile creation:

  • Member → Member and optionally MemberAccount
  • Customer → Customer profile
  • Manager → Manager profile
  • Admin → only role assignment
• Email verification for members
• Auto-login on successful registration

Blade integration:

Login (LoginForm)

• Email/password login
• Remember me support

• Role-based redirection:

  • Admin → /admin
  • Member → /member (must verify email)
  • Customer/Manager → / (default)
• Error handling and validation

Blade integration:

🛠️ Role Setup (Critical)

1. Create Roles Before Registering Users

Use the provided Artisan command to create roles:

Command Features:

• Duplicate Prevention: Won't create roles that already exist
• Case Normalization: Automatically converts to lowercase
• Error Handling: Clear success/error messages
• Validation: Ensures role name is valid

This uses the CreateRole console command in app/Console/Commands/CreateRole.php.

2. Super Admin Feature

• is_superadmin boolean field on users table
• Overrides role-based permissions (not a Spatie role)
• Can bypass all role restrictions
• Set this field manually in the database or via seeder

3. Assign Roles Manually

4. Adding New Roles

• Create role via the Artisan command: php artisan role:create new_role
• Update LoginForm.php redirection logic to handle the new role:

5. Role-Based Redirection Logic

The login system redirects users based on their roles:

• Admin → /admin
• Host → /host
• Guest → /guest
• Fallback → /

🔒 Two-Factor Authentication

Overview

Enterprise-grade two-factor authentication system using TOTP (Time-based One-Time Password) with comprehensive recovery options.

Features

TOTP Authentication

• Google Authenticator Support - Compatible with any TOTP app
• QR Code Setup - Easy setup with QR code scanning
• Manual Key Entry - Backup option for QR code issues
• Secure Key Generation - Cryptographically secure secret keys

Recovery System

• 8 Recovery Codes - Backup codes for account recovery
• Single-Use Codes - Each code can only be used once
• Code Regeneration - Generate new recovery codes anytime
• Downloadable Codes - Export codes for secure storage

Security Features

• Rate Limiting - 5 attempts per 15 minutes
• Session Management - Secure 2FA verification tracking
• Challenge Middleware - Automatic 2FA verification for protected routes
• Email Notifications - Alerts for 2FA enable/disable and recovery code usage

User Interface

• Livewire Components - Modern reactive UI components
• Setup Wizard - Step-by-step 2FA setup process
• Status Indicators - Clear 2FA status display
• Recovery Management - Track remaining recovery codes

Configuration

Environment Variables

Dependencies

Usage Examples

Enable Two-Factor Authentication

Verify Two-Factor Authentication

Disable Two-Factor Authentication

Blade Integration

Routes

Security Considerations

• Store recovery codes securely offline
• Enable 2FA on all admin accounts
• Monitor 2FA failed attempts in audit logs
• Regularly regenerate recovery codes

⚡ Rate Limiting System

Overview

Advanced rate limiting system with endpoint-specific rules, IP blacklisting, and suspicious activity detection.

Features

Granular Rate Limits

• Authentication Endpoints - 5 attempts per 15 minutes
• Registration - 3 attempts per hour
• Password Reset - 3 attempts per hour
• Two-Factor - 5 attempts per 15 minutes
• API Requests - 1000/hour (authenticated), 100/hour (anonymous)
• Profile Updates - 10 attempts per hour
• Avatar Uploads - 5 attempts per hour

Security Protection

• IP Blacklisting - Automatic blocking of malicious IPs
• Suspicious Activity Detection - AI-driven anomaly detection
• Rate Limit Headers - Standard HTTP rate limit headers
• User-Based Limits - Different limits for authenticated vs anonymous users

Monitoring & Statistics

• Real-time Statistics - Rate limiting analytics
• Most Common Violations - Track frequent abusers
• IP Activity Tracking - Monitor IP patterns
• Performance Optimized - Redis-based caching for performance

Configuration

Middleware Registration

Environment Variables

Usage Examples

Check Rate Limits

Get Rate Limit Status

IP Blacklisting

Log Suspicious Activity

Rate Limiting Rules

Authentication Endpoints

API Endpoints

Profile Management

Response Headers

All rate limited responses include:

• X-RateLimit-Limit - Maximum requests allowed
• X-RateLimit-Remaining - Requests remaining
• X-RateLimit-Reset - Time when limit resets

Security Benefits

• Prevents Brute Force - Limits login attempts
• API Protection - Prevents API abuse
• Resource Conservation - Protects server resources
• DDoS Mitigation - Helps mitigate denial of service attacks

� User Activity Audit Logging

Overview

Comprehensive audit logging system that tracks all user activities, security events, and system changes for compliance and security monitoring.

Features

Comprehensive Logging

• Authentication Events - Login, logout, failed attempts
• Profile Changes - Profile updates, avatar uploads
• Two-Factor Events - 2FA enable/disable, verification attempts
• Social Authentication - Social account connections/disconnections
• Security Events - Suspicious activities, rate limiting violations
• API Access - API requests, errors, unauthorized access

Data Tracking

• Before/After Values - Track data changes
• Metadata Capture - IP addresses, user agents, request details
• Model Relationships - Track changes to specific models
• Context Information - Additional context for events

Search & Analysis

• Advanced Filtering - Filter by user, action, date range, level
• Security Event Tracking - Special handling for security events
• Anomaly Detection - Automatic detection of suspicious patterns
• Export Capabilities - CSV export for compliance reporting

Configuration

Database Migration

Middleware Registration

Usage Examples

Manual Logging

Query Audit Logs

Model Logging

Audit Log Events

Authentication Events

Two-Factor Events

Profile Events

Social Authentication Events

Database Schema

Audit Logs Table

Advanced Features

Statistics & Analytics

Suspicious Activity Detection

Security Anomaly Detection

Export & Compliance

Performance Considerations

Database Indexes

• user_id, created_at - User activity queries
• action, created_at - Action-based queries
• model_type, model_id - Model relationship queries
• ip_address - IP-based queries
• level, created_at - Security event queries

Caching Strategy

• Statistics cached for 5 minutes
• Rate limit counters use Redis
• Automatic cache invalidation on new logs

Data Retention

• Automatic cleanup of old logs (default 90 days)
• Configurable retention period
• Efficient bulk deletion operations

Compliance & Security

GDPR Compliance

• User activity tracking for audit purposes
• Data export capabilities for user requests
• Configurable data retention policies

Security Monitoring

• Real-time security event tracking
• Automatic anomaly detection
• Integration with rate limiting system
• Alert system for critical events

Privacy Protection

• Sensitive data filtering in logs
• User consent tracking
• Data minimization principles

Overview

The package includes a complete user profile management system with avatar uploads, privacy controls, and profile completion tracking.

Features

Profile Management (ProfileEditor)

• Bio - Rich text biography (500 chars max)
• Contact Information - Phone number and website
• Location - Country, state, city, and address using geographical data
• Privacy Settings - Granular controls for profile visibility
• Profile Completion - Real-time progress tracking

Avatar System (AvatarUpload)

• Image Processing - Automatic cropping and resizing to squares
• Multiple Sizes - 300x300 avatar + 100x100 thumbnail
• File Validation - Support for JPG, PNG, GIF, WebP (max 5MB)
• Storage Management - Organized file storage with automatic cleanup

Privacy Controls

• Profile Visibility - Public/private profile toggle
• Field Visibility - Control which fields appear publicly
• Message Settings - Allow/disallow user messages
• Email Privacy - Hide/show email address

Usage Examples

Accessing Profile Data

Profile Completion Tracking

Privacy Settings

Blade Integration

Profile Editor

Avatar Upload

Display User Avatar

Routes

Profile Management

• GET /profile - View own profile
• GET /profile/edit - Edit profile form
• GET /users/{user} - View public profile (if allowed)

API Endpoints

• GET /api/profile/states/{country} - Get states for country
• GET /api/profile/cities/{state} - Get cities for state

Database Schema

Profiles Table

Avatars Table

File Storage

• Avatars: storage/app/public/avatars/
• Thumbnails: storage/app/public/avatars/thumbnails/
• Public URL: /storage/avatars/

Image Processing

• Automatic Cropping - Centers and crops to square format
• Resizing - 300x300 for avatars, 100x100 for thumbnails
• Quality - JPEG compression at 90% quality
• Formats - Converts all uploads to JPEG for consistency

� Social Authentication System

Overview

The package includes a comprehensive social authentication system using Laravel Socialite, supporting OAuth login with Google, GitHub, and Twitter. Features include account linking, smart conflict resolution, and seamless integration with the existing user profile system.

Supported Providers

• Google - Google OAuth 2.0 authentication
• GitHub - GitHub OAuth authentication
• Twitter - Twitter OAuth 2.0 authentication

Features

Social Login (SocialLogin)

• Multiple Providers - Support for Google, GitHub, Twitter
• Account Creation - Automatic user creation from social data
• Account Linking - Link social accounts to existing users
• Smart Merging - Intelligent conflict resolution
• Token Management - OAuth token storage and refresh

Account Management (SocialAccountManager)

• Connected Accounts - View all linked social accounts
• Account Status - Token validity and connection status
• Disconnect Accounts - Safe removal with validation
• Security Controls - Prevent locking out users

Account Linking System

• Email Matching - Automatic linking for matching emails
• Manual Linking - Users can manually link accounts
• Conflict Prevention - Prevent duplicate account linking
• Profile Integration - Sync social data with user profiles

Configuration

Environment Variables

Add these to your .env file:

OAuth App Setup

Google:

1. Go to Google Cloud Console
2. Create new project or select existing
3. Enable Google+ API
4. Create OAuth 2.0 credentials
5. Add authorized redirect URI

GitHub:

1. Go to GitHub Developer Settings
2. Create new OAuth App
3. Set authorization callback URL
4. Copy Client ID and Secret

Twitter:

1. Go to Twitter Developer Portal
2. Create new project and app
3. Enable OAuth 2.0
4. Set callback URL
5. Generate Client ID and Secret

Usage Examples

Social Login Button

Account Management

Programmatic Social Login

Social Account Data

Routes

Authentication Routes

• GET /auth/{provider} - Redirect to OAuth provider
• GET /auth/{provider}/callback - Handle OAuth callback
• POST /auth/{provider}/disconnect - Disconnect social account
• GET /auth/{provider}/link - Link social account to existing user
• GET /auth/{provider}/link/callback - Handle linking callback
• GET /api/social/providers - Get available providers

Database Schema

Social Accounts Table

Security Features

Token Management

• Secure Storage - Tokens encrypted in database
• Expiration Handling - Automatic token refresh
• Revocation - Safe token invalidation
• Scope Limitation - Minimal required permissions

Account Protection

• Conflict Resolution - Smart email matching
• Duplicate Prevention - Multiple account safeguards
• Disconnect Validation - Prevent account lockout
• Privacy Controls - Granular data sharing settings

Session Security

• State Verification - CSRF protection
• Redirect Validation - Safe URL redirection
• Session Binding - Secure session handling
• Rate Limiting - Prevent abuse

Integration with User Profiles

Profile Sync

• Avatar Import - Import social avatars
• Name Sync - Sync display names
• Bio Updates - Update profile bio with social data
• Location Data - Import location information

Privacy Integration

• Field Visibility - Respect privacy settings
• Public Profiles - Social account display options
• Data Control - User control over shared data

Error Handling

Common Scenarios

• Provider Errors - Graceful OAuth failure handling
• Network Issues - Retry mechanisms
• Invalid Tokens - Automatic token refresh
• Account Conflicts - User-friendly resolution

User Feedback

• Clear Messages - Informative error messages
• Recovery Options - Alternative login methods
• Status Indicators - Connection status display
• Help Links - Support documentation

� Available Commands

Composer Scripts

• composer run setup - Complete project setup with optimized dependencies and database seeding
• composer run dev - Development server with all services
• composer run test - Run test suite

Artisan Commands

• php artisan role:create {name} - Create a new role with validation and duplicate prevention
• php artisan serve - Start development server
• php artisan migrate - Run database migrations
• php artisan db:seed - Seed database with sample data
• php artisan queue:work - Start queue worker
• php artisan pail - View real-time logs

Role Creation Examples

Database Seeding

The project includes comprehensive data seeders:

• Geographical Data:
  • CountriesTableSeeder - 250+ countries
  • StatesTableSeeder - 5,000+ states/provinces
  • CitiesTableChunk*Seeder - 150,000+ cities (split into 5 chunks)
  • CountySeeder - Kenyan counties
  • SubCountySeeder - Kenyan constituencies and wards
• User Data:
  • ProfileSeeder - Creates profiles for existing users with sample data
  • SocialAccountSeeder - Adds sample social accounts for testing OAuth functionality

Run individual seeders:

🎨 UI Components

Auth Layout

• Modern gradient background
• Glass morphism effects
• Smooth animations (GSAP)
• Password strength indicator
• Focus states and transitions
• Loading states

Form Features

• Real-time validation
• Password toggle visibility
• Strength indicator
• Animated transitions
• Mobile responsive

📁 Project Structure

�️ Security

• Email verification for members
• Password strength validation
• Role-based access
• CSRF protection
• Bcrypt password hashing

📚 Customization

Registration Fields

• Modify RegistrationForm.php to add/remove fields:

Login Redirects

• Update LoginForm.php for new roles:

UI Styling

Update resources/views/layouts/auth.blade.php:

🔄 Available Routes

Authentication Routes

Guest Routes (middleware: guest)

• GET /register → registration form
• POST /register → registration submission
• GET /login → login form
• POST /login → login submission
• GET /forgot-password → password reset request form
• POST /forgot-password → send password reset link
• GET /reset-password/{token} → password reset form
• POST /reset-password → password reset submission

Authenticated Routes

• POST /logout → logout

Email Verification Routes (middleware: auth)

• GET /email/verify → verification notice page
• GET /email/verify/{id}/{hash} → verify email (signed)
• POST /email/verification-notification → resend verification link (throttled)

General Routes

• GET / → welcome page

Route Implementation Details

• Uses controller-based routing with Route::controller()
• Email verification includes welcome email functionality
• Password reset uses Laravel's built-in functionality
• All auth routes are properly grouped by middleware

🛠️ Dependencies

• PHP >= 8.2 - Core requirement
• Laravel ^12.0 - Framework
• Livewire ^4.1 - Dynamic components
• Spatie Laravel Permission ^6.24 - Role/permission system
• Laravel Socialite ^5.24 - OAuth authentication
• Tailwind CSS ^4.0 - Styling framework
• Vite ^7.0.7 - Asset bundling
• Node.js & NPM - Frontend build tools
• Intervention Image ^3.8 - Image processing for avatars

Security & Authentication Dependencies

• PragmaRX Google2FA ^2.0 - Two-factor authentication
• Simple QrCode ^4.2 - QR code generation for 2FA

Development Dependencies

• Laravel Pint ^1.24 - Code style
• Laravel Sail ^1.41 - Docker environment
• PHPUnit ^11.5.3 - Testing framework
• Faker ^1.23 - Test data generation
• Concurrently ^9.0.1 - Parallel process running

📝 Environment Variables

Key environment variables in .env:

Email Configuration

The project includes an EmailService for handling welcome emails and notifications. Configure your mail settings in the .env file for email verification to work properly.

🚀 Deployment

1. Copy environment:

2. Migrate database:

3. Optimize assets:

4. Start queue (if needed):

🤝 Contributing

1. Fork the repository
2. Create a feature branch
3. Commit changes
4. Push
5. Open PR

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🆘 Support

If you encounter any issues:

1. Check the documentation
2. Search existing issues
3. Create a new issue with detailed information

🔄 Version History

• v1.3.0 - SECURITY & DOCUMENTATION UPDATE - Added comprehensive security features including Two-Factor Authentication, Granular Rate Limiting, User Activity Audit Logging, complete API documentation, developer setup guide, and production deployment guide
• v1.2.0 - Added comprehensive Social Authentication system with OAuth login, account linking, and smart conflict resolution
• v1.1.0 - Added comprehensive User Profiles system with avatar uploads, privacy settings, and profile completion tracking
• v1.0.2 - Added comprehensive geographical data and enhanced SubCounty model with advanced query methods
• v1.0.1 - Updated documentation and GitHub repository links
• v1.0.0 - Initial release with Laravel 12, Livewire 4.1, Spatie Permission

📊 Project Statistics

• Models: 11 (User, Profile, Avatar, SocialAccount, TwoFactorAuthentication, AuditLog, Country, State, City, County, SubCounty)
• Livewire Components: 7 (RegistrationForm, LoginForm, ProfileEditor, AvatarUpload, SocialLogin, SocialAccountManager, TwoFactorAuthentication)
• Console Commands: 1 (CreateRole)
• Services: 6 (EmailService, AvatarUploadService, SocialAuthService, TwoFactorService, RateLimitingService, AuditService)
• Controllers: Multiple auth controllers including SocialAuthController, TwoFactorController
• Database Seeders: 11 (including 5 chunks for cities data + ProfileSeeder + SocialAccountSeeder)
• Migration Files: 14 (including profiles, avatars, social accounts, two-factor auth, audit logs tables)
• Middleware: 6 (LogUserActivity, RateLimitAuth, RateLimitApi, RateLimitProfile, TwoFactorChallenge)
• Notifications: 3 (TwoFactorEnabled, TwoFactorDisabled, RecoveryCodeUsed)

📚 Documentation Files

• docs/API.md - Complete REST API documentation with endpoints, examples, and SDK implementations
• docs/DEVELOPER.md - Comprehensive developer setup guide with IDE configuration and best practices
• docs/DEPLOYMENT.md - Production deployment guide with multiple strategies and security hardening
• docs/IMPROVEMENTS.md - Summary of all security enhancements and new features

🔍 Key Features Deep Dive

Social Authentication System

The social authentication system provides complete OAuth integration:

• Multi-Provider Support - Google, GitHub, Twitter OAuth login
• Account Linking - Connect multiple social accounts to one user
• Smart Conflict Resolution - Automatic email matching and duplicate prevention
• Token Management - Secure OAuth token storage and refresh
• Security Controls - CSRF protection, rate limiting, and safe disconnection

User Profiles System

The profiles system provides a complete user experience with:

• Profile Management - Edit bio, contact info, location with geographical data integration
• Avatar System - Upload, crop, resize images with automatic thumbnail generation
• Privacy Controls - Granular settings for profile visibility and data sharing
• Completion Tracking - Real-time progress indicator to encourage profile completion

SubCounty Model Advanced Features

The SubCounty model includes specialized query methods for Kenyan administrative data:

• getUniqueConstituencies($countyId) - Get constituencies for a specific county
• getUniqueWards($countyId) - Get all wards in a county
• getWardsByConstituency($countyId, $constituencyName) - Get wards in a specific constituency
• getAllUniqueConstituencies() - Get all constituencies nationwide
• getAllUniqueWards() - Get all wards nationwide
• getByCounty($countyId) - Get sub-counties with county relationship

Email Service Integration

The project includes a dedicated EmailService that handles:

• Welcome emails after successful email verification
• Email notification dispatching
• Centralized email template management

Avatar Upload Service

The AvatarUploadService provides:

• Image processing with Intervention Image
• Automatic square cropping and resizing
• Multiple size generation (avatar + thumbnail)
• File validation and storage management
• Cleanup and organization of uploaded files

Social Auth Service

The SocialAuthService handles:

• OAuth authentication flow management
• Account creation and linking
• Token storage and refresh
• Conflict resolution and error handling
• Provider configuration validation

Security Features

• Role-based access control using Spatie Laravel Permission
• Super admin override capability
• Email verification for secure account access
• Password strength validation
• CSRF protection
• Bcrypt password hashing
• Profile privacy controls
• File upload validation and processing
• OAuth token security and management
• Social account conflict prevention
• Session security and rate limiting
• Two-Factor Authentication - TOTP support with recovery codes
• Granular Rate Limiting - Endpoint-specific rate limiting with IP blacklisting
• User Activity Audit Logging - Comprehensive security monitoring and compliance
• Suspicious Activity Detection - AI-driven anomaly detection and alerting
• Security Event Tracking - Real-time monitoring of security events
• IP Blacklisting - Automatic blocking of malicious IP addresses
• Advanced Threat Protection - Multi-layered security architecture

Enterprise Security Features

• Multi-Factor Authentication - TOTP with QR code setup and recovery codes
• Advanced Rate Limiting - Configurable limits per endpoint with Redis caching
• Comprehensive Audit Trails - Complete user activity logging for compliance
• Anomaly Detection - Automatic detection of suspicious patterns and behaviors
• Security Analytics - Real-time statistics and security monitoring
• Compliance Support - GDPR-compliant data handling and export capabilities
• Performance Optimized - Efficient caching and database indexing for security systems

🚀 Quick Security Setup

Enable Two-Factor Authentication

Configure Rate Limiting

Enable Audit Logging

Security Best Practices

1. Enable 2FA on all admin accounts
2. Monitor audit logs regularly for suspicious activity
3. Configure rate limits appropriately for your use case
4. Set up alerts for security events
5. Regular cleanup of old audit logs (90 days default)
6. Review security statistics and analytics weekly

Built with ❤️ using Laravel