承接 calips-labs/craft-cloudflare-access 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

calips-labs/craft-cloudflare-access

Composer 安装命令:

composer require calips-labs/craft-cloudflare-access

包简介

Cloudflare Access integration for Craft CMS.

README 文档

README

Cloudflare Access integration for Craft CMS.

This plugin makes it very easy to integrate Cloudflare Access with Craft CMS. Cloudflare Access is a modern, zero trust solution to protect applications or websites. You can use it to protect the control panel of a Craft website, or even the complete website.

This plugin adds automatic logging in to either the control panel, the frontend or both using the identity provided by Cloudflare. Cloudflare Access makes it easy to integrate various identity providers, like Okta, Microsoft Azure AD, Google Workspace or social media accounts like Facebook, GitHub or Google accounts. Cloudflare Access is free up to 50 users. It requires your sites traffic to be proxied through Cloudflare.

How does this work?

Each application protected by Cloudflare access is protected by a Cloudflare login page. This can be set for a full domain or a part of it (e.g. only /admin/).

Cloudflare injects a JWT header which contains a signature, expiry information, and the user's identity. This plugin decodes the JWT, attempts to find a matching user in Craft CMS, and automatically signs in that user when the user is not suspended or deactivated.

This way you enable single sign-on for your users, which reduces friction, relieves them from saving another password, and you increase security when you rely on 2FA from external identity providers.

You may choose to enable this feature for control panel URLs, frontend URLs, or both. This plugin does not create new users if they do not exist in Craft.

Limitations

This plugin has currently the following limitations:

  • Logging out from the control panel does not log a user out from Cloudflare Access, effectively logging them in again immediately.
  • Users must exist in Craft CMS. They are not created automatically.
  • A user will still needs his password for elevated access in the control panel. This is a Craft CMS limitation.
  • Users which are not logged in automatically, will see the normal login screen. They can login using any account.

Requirements

This plugin requires Craft CMS 4.3.5 or later, and PHP 8.0.2 or later.

It also requires a Cloudflare Access application to be configured. See below for configuration instructions.

Installation

You can install this plugin from the Plugin Store or with Composer.

From the Plugin Store

Go to the Plugin Store in your project’s Control Panel and search for “Cloudflare Access”. Then press “Install”.

With Composer

Open your terminal and run the following commands:

# go to the project directory
cd /path/to/my-project.test

# tell Composer to load the plugin
composer require calips-labs/craft-cloudflare-access

# tell Craft to install the plugin
./craft plugin/install cloudflare-access

Configuring Cloudflare Access

  1. Go to the Cloudflare Zero Trust dashboard.
  2. Go to Access → Applications and click Add an application.
  3. Pick Self-hosted.
  4. Enter a name and set the domain, subdomain and optionally the path. If you want to protect the control panel only, enter /admin/.
  5. Application appearance is only relevant for Cloudflare's app launcher.
  6. Select which identity providers you accept. The default is to enable all identity providers. For testing, One-time PIN could be useful (you enter an e-mail address and then have to enter the PIN code sent to it).
  7. Click Next.
  8. You'll now have to create a policy. Enter a name and configure rules below. For testing, you might select Everyone which would allow everyone to log in. Better rules might check for the domain part of an e-mail address, or Azure Group ID's.
  9. Click Next.
  10. The CORS settings, Cookie settings and additional settings can be left unchanged. Click Add application.
  11. In the applications overview, a new application is added. Click Edit.
  12. Click Overview. Copy the Application Audiance (AUD) Tag.
  13. Install the Cloudflare Access plugin to Craft, enable it and go to the plugin settings.
  14. Enter the AUD tag.
  15. You'll also have to enter the Team Domain. You can find this in the Cloudflare control panel under Settings → General. Copy the team domain including the last part containing .cloudflareaccess.com.
  16. In the plugin settings, enable auto login for either the control panel and/or frontend.
  17. Verify that your token is working as expected in Craft through Utilities → Cloudflare Access. It should show your Cloudflare login.

Note: You can logout from Cloudflare Access using the following URL: https://<team>.cloudflareaccess.com/cdn-cgi/access/logout
This can be useful during testing.

calips-labs/craft-cloudflare-access 适用场景与选型建议

calips-labs/craft-cloudflare-access 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 4.61k 次下载、GitHub Stars 达 1, 最近一次更新时间为 2023 年 01 月 02 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 calips-labs/craft-cloudflare-access 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 calips-labs/craft-cloudflare-access 我们能提供哪些服务?
定制开发 / 二次开发

基于 calips-labs/craft-cloudflare-access 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 4.61k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 1
  • 点击次数: 2
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 1
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: proprietary
  • 更新时间: 2023-01-02