,

Protect Your Masonite Apps with Masonite Security

Lake Davenberg Avatar
Lake Davenberg

·

Protect Your Masonite Apps with Masonite Security

Masonite Security

Masonite is a modern and developer-friendly Python web framework that allows you to quickly build web applications. However, as with any web application, it’s important to ensure the security of your Masonite apps. One way to achieve this is by implementing Masonite Security, a package specifically designed to protect your Masonite apps from spamming Bots, IP’s, and SQL injections.

Features

  1. Block IP’s
  2. Block Bots
  3. Throttle Requests

Installation

To get started with Masonite Security, you can easily install it using pip:

bash
pip install masonite-security

Configuration

After installation, you need to configure Masonite Security in your project. The first step is to add the SecurityProvider to your project’s provider configuration file (config/providers.py):

python
# config/providers.py
# ...
from security import SecurityProvider

# ...
PROVIDERS = [
    # ...
    # Third Party Providers
    SecurityProvider,
    # ...
]

Next, you can publish the package resources by running the following command:

bash
python craft package:publish security

Register Middleware

You have two options for setting up the security middleware: globally or on a per-route basis.

Global Setup: To set up the security middleware globally, open the Kernal.py file and add SecurityMiddleware to the “route_middleware” section:

python
route_middleware = {
    "web": [SessionMiddleware, LoadUserMiddleware, VerifyCsrfToken, SecurityMiddleware],
    "auth": [AuthenticationMiddleware],
}

Per Route Setup: If you want to set up the security middleware on a per-route basis, simply add the protect middleware to the desired routes:

python
Route.get("/", "WelcomeController@show").middleware("protect")

Configure Security Config

To customize the behavior of Masonite Security, you can update the config/security.py file based on your needs. Here are some of the available configuration options:

python
# config/security.py
# ...
BLOCK_IP = True
BLOCK_BOTS = True
THROTTLE_REQUESTS = True

MAX_REQUESTS = 20  # Max requests per IP (default: 20)
IP_BLOCK_DURATION = 60  # seconds (default: 60)

# list of IP addresses to block (default: [])
BLOCKED_IPS = [
  #...
]

# list of Bot Agents to block
BLOCKED_BOTS = [
    #...
]
# ...

Contributing

If you’d like to contribute to Masonite Security, please read the Contributing Documentation for guidelines on how to get started.

Maintainers

Masonite Security is maintained by Yubaraj Shrestha.

License

Masonite Security is open-sourced software licensed under the MIT license.

In this article, we discussed how to enhance the security of your Masonite apps by implementing Masonite Security. We explored the features of Masonite Security, including the ability to block IP’s, block Bots, and throttle requests. We also learned about the installation and configuration process, as well as how to customize the security behavior using the security configuration file. By following these steps, you can ensure that your Masonite apps are protected from spamming Bots, IP’s, and SQL injections.

Category: Web Development, Security
Tags: Python, Masonite, Masonite Security, Web Development, Security

Leave a Reply

Your email address will not be published. Required fields are marked *