first commit
This commit is contained in:
66
app/Providers/AppServiceProvider.php
Normal file
66
app/Providers/AppServiceProvider.php
Normal file
@@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
namespace App\Providers;
|
||||
|
||||
use App\Support\PasswordPolicy;
|
||||
use Carbon\CarbonImmutable;
|
||||
use Illuminate\Cache\RateLimiting\Limit;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Date;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\RateLimiter;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Illuminate\Validation\Rules\Password;
|
||||
|
||||
class AppServiceProvider extends ServiceProvider
|
||||
{
|
||||
/**
|
||||
* Register any application services.
|
||||
*/
|
||||
public function register(): void
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
/**
|
||||
* Bootstrap any application services.
|
||||
*/
|
||||
public function boot(): void
|
||||
{
|
||||
$this->configureDefaults();
|
||||
$this->configureRateLimiting();
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure default behaviors for production-ready applications.
|
||||
*/
|
||||
protected function configureDefaults(): void
|
||||
{
|
||||
Date::use(CarbonImmutable::class);
|
||||
|
||||
DB::prohibitDestructiveCommands(
|
||||
app()->isProduction(),
|
||||
);
|
||||
|
||||
// Единая парольная политика приложения (мера ИАФ.3).
|
||||
Password::defaults(fn (): Password => PasswordPolicy::rule());
|
||||
}
|
||||
|
||||
/**
|
||||
* Ограничение частоты обращений (меры ИАФ.6, УПД.6, защита от перебора).
|
||||
*/
|
||||
protected function configureRateLimiting(): void
|
||||
{
|
||||
RateLimiter::for('login', function (Request $request) {
|
||||
$max = (int) config('security.lockout.max_attempts');
|
||||
$decay = (int) config('security.lockout.decay_minutes');
|
||||
|
||||
return Limit::perMinutes($decay, $max)
|
||||
->by(mb_strtolower((string) $request->input('email')).'|'.$request->ip());
|
||||
});
|
||||
|
||||
RateLimiter::for('api', fn (Request $request) => Limit::perMinute(60)->by(
|
||||
optional($request->user())->id ?: $request->ip()
|
||||
));
|
||||
}
|
||||
}
|
||||
53
app/Providers/SecurityServiceProvider.php
Normal file
53
app/Providers/SecurityServiceProvider.php
Normal file
@@ -0,0 +1,53 @@
|
||||
<?php
|
||||
|
||||
namespace App\Providers;
|
||||
|
||||
use App\Listeners\AuthEventSubscriber;
|
||||
use App\Models\PersonalData;
|
||||
use App\Policies\PersonalDataPolicy;
|
||||
use App\Services\Audit\AuditService;
|
||||
use App\Services\Crypto\GostCipher;
|
||||
use App\Services\Crypto\LaravelAesCipher;
|
||||
use App\Services\Crypto\PdnCipher;
|
||||
use Illuminate\Contracts\Encryption\Encrypter;
|
||||
use Illuminate\Support\Facades\Event;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use PragmaRX\Google2FA\Google2FA;
|
||||
|
||||
/**
|
||||
* Регистрация мер защиты информации (ФСТЭК №21).
|
||||
*
|
||||
* Связывает реализацию криптографического драйвера, сервис аудита, движок MFA,
|
||||
* политики доступа и подписчиков событий аутентификации.
|
||||
*/
|
||||
class SecurityServiceProvider extends ServiceProvider
|
||||
{
|
||||
public function register(): void
|
||||
{
|
||||
// Драйвер шифрования ПДн (ЗНИ): AES Laravel или ГОСТ-заглушка.
|
||||
$this->app->singleton(PdnCipher::class, function ($app): PdnCipher {
|
||||
$driver = (string) config('security.encryption.driver', 'laravel');
|
||||
|
||||
return match ($driver) {
|
||||
'gost' => new GostCipher([
|
||||
'binary' => config('security.encryption.gost.binary'),
|
||||
'container' => config('security.encryption.gost.container'),
|
||||
]),
|
||||
default => new LaravelAesCipher($app->make(Encrypter::class)),
|
||||
};
|
||||
});
|
||||
|
||||
$this->app->singleton(AuditService::class);
|
||||
$this->app->singleton(Google2FA::class);
|
||||
}
|
||||
|
||||
public function boot(): void
|
||||
{
|
||||
// Разграничение доступа к объектам ПДн (УПД.2).
|
||||
Gate::policy(PersonalData::class, PersonalDataPolicy::class);
|
||||
|
||||
// Регистрация событий аутентификации в журнале (РСБ.2).
|
||||
Event::subscribe(AuthEventSubscriber::class);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user