Laravel Lockout v6.0.0

🎉 Major Release - Complete Maintenance Mode Solution

We're excited to announce Laravel Lockout v6.0, a major update that transforms this package from a simple read-only mode tool into a comprehensive maintenance and access control solution.

🚀 What's New

Laravel 11 & 12 Support

• Full compatibility with Laravel 11.x and Laravel 12.x
• Updated all dependencies to latest versions
• Requires PHP 8.2+

✨ 10 Powerful New Features

1. IP Whitelist & Blacklist

Control access at the IP level with support for individual IPs and CIDR notation.

'ip_whitelist_array' => [
    '127.0.0.1',
    '192.168.1.0/24',
],

2. Role-Based Exceptions

Allow specific user roles to bypass lockout. Supports Laravel Bouncer, Spatie Permission, and custom role implementations.

'allowed_roles' => ['admin', 'super-admin'],

3. Custom Response Types

Choose how blocked requests are handled: abort, json, or view responses.

4. Route Patterns & Names

Whitelist entire route groups or specific named routes using patterns or route names.

'route_patterns' => ['api/*', 'admin/*'],
'route_names' => ['health.check'],

5. API-Specific Handling

Automatic API detection with dedicated JSON responses for API requests.

6. Health Check Endpoint

Built-in /health endpoint for monitoring systems (configurable path).

7. Cache Integration

Configurable caching for improved performance with customizable TTL.

8. Event System

Listen to lockout events: LockoutEnabled, LockoutDisabled, RequestBlocked.

9. Artisan Commands

Manage lockout from the command line:

• php artisan lockout:enable
• php artisan lockout:disable
• php artisan lockout:status

10. Graceful Degradation

Beautiful maintenance view included out of the box (customizable).

📋 Changes

Added

• IP whitelist/blacklist support with CIDR notation
• Role-based access exceptions
• Custom response types (abort, json, view)
• Route pattern and route name whitelisting
• API-specific response handling
• Health check endpoint (/health)
• Cache integration for performance
• Event system (LockoutEnabled, LockoutDisabled, RequestBlocked)
• Artisan commands (enable, disable, status)
• Maintenance view template
• Comprehensive test suite (77 tests, 138 assertions)

Changed

• BREAKING: Minimum PHP version increased to 8.2
• BREAKING: Minimum Laravel version increased to 11.0
• Updated PHPUnit to v11
• Improved middleware logic and performance
• Enhanced code quality with type hints

Fixed

• Fixed middleware logic bug where allow_login check was inside locked_types loop
• Fixed method case sensitivity issues in whitelist and locked_types handling
• Fixed pages array validation to handle non-array values gracefully
• Improved error handling and edge case coverage

🔄 Migration Guide

From v5.0 to v6.0

1. Update Dependencies:

   composer update rappasoft/lockout

2. Update PHP Version:
   Ensure you're running PHP 8.2 or higher.

3. Update Laravel:
   Ensure you're running Laravel 11.x or 12.x.

4. Publish Updated Config:

   php artisan vendor:publish --provider="Rappasoft\Lockout\LockoutServiceProvider" --tag=config --force

5. Review Configuration:
   Check config/lockout.php for new options. All existing configuration remains backward compatible.

6. Clear Cache (Optional):

   php artisan config:clear
   php artisan cache:clear

📚 Documentation

• Installation Guide
• Configuration Reference
• Usage Examples

🧪 Testing

This release includes comprehensive test coverage:

• 77 tests covering all features
• 138 assertions ensuring reliability
• Edge case coverage for IP handling, roles, routes, and more

Run tests:

composer test

🙏 Credits

Thank you to all contributors and users who provided feedback and suggestions for this release.

📦 Installation

composer require rappasoft/lockout

🔗 Links

• GitHub Repository
• Documentation
• Issue Tracker

Full Changelog: v5.0.0...v6.0.0