first commit

This commit is contained in:
brusnitsyn
2026-06-24 17:20:43 +09:00
commit 43499acf1c
165 changed files with 25929 additions and 0 deletions

View File

@@ -0,0 +1,66 @@
<?php
namespace App\Providers;
use App\Support\PasswordPolicy;
use Carbon\CarbonImmutable;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Date;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\ServiceProvider;
use Illuminate\Validation\Rules\Password;
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
//
}
/**
* Bootstrap any application services.
*/
public function boot(): void
{
$this->configureDefaults();
$this->configureRateLimiting();
}
/**
* Configure default behaviors for production-ready applications.
*/
protected function configureDefaults(): void
{
Date::use(CarbonImmutable::class);
DB::prohibitDestructiveCommands(
app()->isProduction(),
);
// Единая парольная политика приложения (мера ИАФ.3).
Password::defaults(fn (): Password => PasswordPolicy::rule());
}
/**
* Ограничение частоты обращений (меры ИАФ.6, УПД.6, защита от перебора).
*/
protected function configureRateLimiting(): void
{
RateLimiter::for('login', function (Request $request) {
$max = (int) config('security.lockout.max_attempts');
$decay = (int) config('security.lockout.decay_minutes');
return Limit::perMinutes($decay, $max)
->by(mb_strtolower((string) $request->input('email')).'|'.$request->ip());
});
RateLimiter::for('api', fn (Request $request) => Limit::perMinute(60)->by(
optional($request->user())->id ?: $request->ip()
));
}
}

View File

@@ -0,0 +1,53 @@
<?php
namespace App\Providers;
use App\Listeners\AuthEventSubscriber;
use App\Models\PersonalData;
use App\Policies\PersonalDataPolicy;
use App\Services\Audit\AuditService;
use App\Services\Crypto\GostCipher;
use App\Services\Crypto\LaravelAesCipher;
use App\Services\Crypto\PdnCipher;
use Illuminate\Contracts\Encryption\Encrypter;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\ServiceProvider;
use PragmaRX\Google2FA\Google2FA;
/**
* Регистрация мер защиты информации (ФСТЭК №21).
*
* Связывает реализацию криптографического драйвера, сервис аудита, движок MFA,
* политики доступа и подписчиков событий аутентификации.
*/
class SecurityServiceProvider extends ServiceProvider
{
public function register(): void
{
// Драйвер шифрования ПДн (ЗНИ): AES Laravel или ГОСТ-заглушка.
$this->app->singleton(PdnCipher::class, function ($app): PdnCipher {
$driver = (string) config('security.encryption.driver', 'laravel');
return match ($driver) {
'gost' => new GostCipher([
'binary' => config('security.encryption.gost.binary'),
'container' => config('security.encryption.gost.container'),
]),
default => new LaravelAesCipher($app->make(Encrypter::class)),
};
});
$this->app->singleton(AuditService::class);
$this->app->singleton(Google2FA::class);
}
public function boot(): void
{
// Разграничение доступа к объектам ПДн (УПД.2).
Gate::policy(PersonalData::class, PersonalDataPolicy::class);
// Регистрация событий аутентификации в журнале (РСБ.2).
Event::subscribe(AuthEventSubscriber::class);
}
}