Low-level auth primitives for Nawasara
packages. Lives below the application shell (nawasara/core) so any
domain package can depend on it without pulling in the rest of Nawasara.
| Primitive | Purpose |
|---|---|
Nawasara\AuthPrimitives\Auth\Sudo |
Session window — single source of truth for "has the user recently re-authenticated?" |
Nawasara\AuthPrimitives\Http\Middleware\EnsureSudo |
Route gate, registered as the sudo middleware alias |
#[Nawasara\AuthPrimitives\Attributes\RequiresSudo] |
Livewire method attribute — gates one action behind sudo |
Nawasara\AuthPrimitives\Traits\WithSudo |
Livewire component trait — handles the step-up redirect |
Nawasara\AuthPrimitives\Exceptions\SudoRequiredException |
Renderable exception (403 or redirect) |
sudo_active(), sudo_remaining_seconds() |
Blade helpers |
The OTP step-up itself (IdP redirect, callback, ID-token verification) is
not in this package. It lives in nawasara/core's SudoController,
which calls Sudo::confirm($userId) on a verified step-up. This split
lets domain packages enforce a sudo window without depending on the
integration plumbing.
Route::get('db/drop/{name}', ...)->middleware(['auth', 'sudo']);The sudo alias is registered automatically by
AuthPrimitivesServiceProvider.
use Livewire\Component;
use Nawasara\AuthPrimitives\Attributes\RequiresSudo;
use Nawasara\AuthPrimitives\Traits\WithSudo;
class DangerousThings extends Component
{
use WithSudo;
#[RequiresSudo(reason: 'menghapus database')]
public function dropDatabase(string $name): void
{
// …only runs inside an active sudo window
}
}@if (sudo_active())
<button wire:click="dropDatabase">Hapus</button>
@else
<button wire:click="$dispatch('sudo-required')">Hapus (butuh konfirmasi)</button>
@endifDefaults are bundled. Publish to override:
php artisan vendor:publish --tag=auth-primitives:config// config/auth-primitives.php
return [
'sudo' => [
'window_minutes' => env('NAWASARA_SUDO_WINDOW_MINUTES', 15),
'acr' => env('NAWASARA_SUDO_ACR', 'sudo'),
],
];MIT.