BFFS is a simple project built with Laravel that implements the backend for frontend pattern to help you build a security shield in front of your APIs and Microservices.

Here are some key points about BFFS:

• Implements the backend for frontend pattern to separate the concerns of the frontend and backend and improve security.
• Includes advanced request validation features, such as E.164 international phone number standard, password NIST standards, email RFC and DNS validation, email spoofing detection, and scanning uploaded files with Cisco ClamAV.
• Uses Redis for rate limiting requests to improve security and reduce the risk of DDoS attacks.
• Utilizes Swoole to speed up response time and improve overall performance.
• Built using Laravel, a popular PHP web application framework, making it easy to integrate with existing systems.

• Uptime Monitor
• SSL Certificate Expiry
• Email notification
• Slack notification

• Running on Octane (Swoole or Roadrunner)
• API Aggregation
• Response Caching with Redis

• Trusted Hosts
• Add Cloudflare IPs to Trusted Proxies
• CORS Handling
• Rate Limiting with Redis
• Restricting Access by GeoIP2 (MaxMind DB)

• Bot: Bad Bot Detection
• RFI: Remote File Inclusion
• XSS: Cross Site Scripting
• SQLi: SQL Injection

• Scanning uploaded files with Cisco ClamAV

• Email RFC compliance
• Email domain DNS
• Email disposable/throwaway domains
• Email spoofing detection
• Email deliverability check
• Password NIST standards
• HaveIBeenPwned password check
• Phone country prefix checking and E.164 standard
• Phone number type: mobile, landline, etc
• Phone number verification

To get started with BFFS, you will need to have a basic understanding of Laravel and its dependencies.

1. Install the package via composer:

composer create-project moh8med/bffs

2. Run the migrations:

php artisan migrate

3. Configure your environment variables in the .env file.

4. Update the databases:

# update the disposable domains list
php artisan disposable:update

# retrieves and cache Cloudflare's IP blocks
php artisan cloudflare:reload

# register for a license key at www.maxmind.com
# set your MAXMIND_LICENSE_KEY in .env file
# and update the geoip database
php artisan geoip:update

5. Create your first uptime monitor:

# create your first monitor
php artisan monitor:create https://example.com/

# check the uptime of all sites
php artisan monitor:check-uptime

6. You will need Cisco ClamAV installed to scan uploaded files against malwares:

docker run \
    --interactive \
    --publish 13310:3310 \
    --publish 7357 \
    --tty \
    --rm \
    --name "clam_container_01" \
    clamav/clamav:unstable

Then set CLAMAV_SKIP_VALIDATION=false in the .env file.

Once the server is running, you can start making requests to the endpoints that are protected by the BFFS shield.

1. Start the server:

php artisan octane:start --port=8001 --watch

2. Test your BFFS server:

curl http://127.0.0.1:8001/todos | jq

If you would like to contribute to the project, please feel free to open a pull request with your changes.

This project is licensed under the MIT License.