a2zwebltd / laravel-dev-mode
A lightweight Laravel package that lets developers temporarily bypass Gate authorization for testing and debugging with time-limited, IP-restricted access.
Installs: 13
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/a2zwebltd/laravel-dev-mode
Requires
- php: ^8.3
- laravel/framework: ^12.0
Requires (Dev)
- laravel/pint: ^1.25
- orchestra/testbench: ^10.6
This package is auto-updated.
Last update: 2025-10-05 11:19:13 UTC
README
A lightweight Laravel package to temporarily disable Gate authorization for trusted developers.
This package lets developers temporarily bypass Laravel’s authorization system (Gates) to gain full access for testing or debugging. Access is automatically revoked after a configurable duration (default: 10 minutes). Security is enforced by limiting activation to a specific IP address and user combination.
It is designed for development environments. If you choose to enable it in production, be aware of the security implications. Activation still requires server access, so only privileged users can enable or disable Dev Mode.
Features
- Temporarily bypasses Laravel Gates for a specific user and IP.
- Grants all abilities via a
Gate::before
hook integrated with Laravel’s authorization system. - Access is time-limited through cache TTL (default: 600 seconds).
- Includes simple Artisan commands and a service API for programmatic control.
- Automatically revokes access after expiration.
- Provides IP-based restriction for additional security.
- Ships with an auto-discovered service provider and configurable TTL.
- Intended for development use; can be used in production with caution and proper access control.
How it works
The package registers a Gate::before
callback through its service provider.
When Dev Mode is active, the callback grants all abilities to the specified user if the request originates from the whitelisted IP.
Dev Mode status is stored in Laravel’s cache using keys like dev-mode:{user_id}
, with automatic expiration after the configured TTL.
Requirements
- PHP: ^8.3
- Laravel: ^12.0
Installation
Install via Composer:
composer require a2zwebltd/laravel-dev-mode
Publish the config:
php artisan vendor:publish --provider="A2ZWeb\DevMode\ServiceProvider"
Configuration
- Config file:
config/dev-mode.php
(publishable) - Environment variable:
DEV_MODE_TTL
(defaults to 600 seconds) - Service Provider:
A2ZWeb\DevMode\ServiceProvider
(auto-discovered) - Cache key format:
dev-mode:{user_id}
- Storage driver: uses Laravel’s default cache backend
Example .env
:
DEV_MODE_TTL=600
Usage
Dev Mode temporarily disables authorization checks for the defined user, but only when requests come from the registered IP and while TTL is valid.
Enable Dev Mode
php artisan dev-mode:enable --user=123 --ip=192.168.1.1
This command grants full access for the given user and IP combination for the configured TTL (default: 10 minutes).
Disable Dev Mode
php artisan dev-mode:disable --user=123
Tip: You can include this command as a task inside the deployer
script.
Programmatic usage
use A2ZWeb\DevMode\DevModeService; $devMode = app(DevModeService::class); // Enable for user and IP $devMode->enable($user, '192.168.1.1'); // Check status if ($devMode->isEnabled($user, request()->ip())) { // All abilities granted via Gate::before } // Disable $devMode->disable($user);
Here’s a clean documentation section you can add under Usage or after Programmatic usage in your README.md:
Conditional developer tools access
You can use the DevModeService
check to conditionally enable developer tools such as Laravel Debugbar, Telescope, or any custom admin utilities for selected developers only.
Example:
use A2ZWeb\DevMode\DevModeService; $devMode = app(DevModeService::class); if ($devMode->isEnabled(auth()->user(), request()->ip())) { // Show or enable developer-only tools \Debugbar::enable(); } else { \Debugbar::disable(); }
This lets you keep production safe while still giving specific developers full diagnostic visibility. You can apply the same logic to any tool or section of your app that should remain hidden for normal users.
Security Vulnerabilities
If you discover a security vulnerability, please report it responsibly through private communication with the maintainers.
License
The MIT License (MIT). Please see License File for more information.
Credits
Developed and maintained by the A2Z WEB crew:
- Amir Yeganemehr
- Dawid Makowski
- Website: https://a2zweb.co/
- GitHub: https://github.com/a2zwebltd/
- X/Twitter: @a2zweb_co