nawasara/auth-primitives
Low-level auth primitives for Nawasara packages: sudo mode (session window, Livewire attribute, route middleware), built to live below the application shell so domain packages can depend on it without dragging in core.
9
| Install | |
|---|---|
composer require nawasara/auth-primitives |
|
| Latest Version: | v0.1.0 |
| PHP: | ^8.1 |
| License: | MIT |
| Last Updated: | May 25, 2026 |
| Links: | GitHub · Packagist |
Maintainer: nawasara
nawasara/auth-primitives
Low-level auth primitives for Nawasara
packages. Lives below the application shell (nawasara/core) so any
domain package can depend on it without pulling in the rest of Nawasara.
What's in the box
| Primitive | Purpose |
|---|---|
Nawasara\AuthPrimitives\Auth\Sudo |
Session window — single source of truth for "has the user recently re-authenticated?" |
Nawasara\AuthPrimitives\Http\Middleware\EnsureSudo |
Route gate, registered as the sudo middleware alias |
#[Nawasara\AuthPrimitives\Attributes\RequiresSudo] |
Livewire method attribute — gates one action behind sudo |
Nawasara\AuthPrimitives\Traits\WithSudo |
Livewire component trait — handles the step-up redirect |
Nawasara\AuthPrimitives\Exceptions\SudoRequiredException |
Renderable exception (403 or redirect) |
sudo_active(), sudo_remaining_seconds() |
Blade helpers |
What's NOT in here
The OTP step-up itself (IdP redirect, callback, ID-token verification) is
not in this package. It lives in nawasara/core's SudoController,
which calls Sudo::confirm($userId) on a verified step-up. This split
lets domain packages enforce a sudo window without depending on the
integration plumbing.
Usage
Route-level
Route::get('db/drop/{name}', ...)->middleware(['auth', 'sudo']);
The sudo alias is registered automatically by
AuthPrimitivesServiceProvider.
Livewire action-level
use Livewire\Component;
use Nawasara\AuthPrimitives\Attributes\RequiresSudo;
use Nawasara\AuthPrimitives\Traits\WithSudo;
class DangerousThings extends Component
{
use WithSudo;
#[RequiresSudo(reason: 'menghapus database')]
public function dropDatabase(string $name): void
{
// …only runs inside an active sudo window
}
}
Blade display
@if (sudo_active())
<button wire:click="dropDatabase">Hapus</button>
@else
<button wire:click="$dispatch('sudo-required')">Hapus (butuh konfirmasi)</button>
@endif
Config
Defaults are bundled. Publish to override:
php artisan vendor:publish --tag=auth-primitives:config
// config/auth-primitives.php
return [
'sudo' => [
'window_minutes' => env('NAWASARA_SUDO_WINDOW_MINUTES', 15),
'acr' => env('NAWASARA_SUDO_ACR', 'sudo'),
],
];
License
MIT.