Enlightn: Boost your Laravel App's Performance & Security

Published on by

Enlightn: Boost your Laravel App's Performance & Security image

Enlightn is an amazing tool that helps you boost your Laravel application's performance and security. It has 120 automated checks that scan your application code, hit your routes, and check your server configurations to provide recommendations on improving performance, security, and code reliability.

Using Enlightn

Enlightn has two versions: open source (with 60 checks) and a Pro version (with 120 checks).

You can install the open source version through Composer. To install the Pro version, you can checkout the Enlightn documentation.

composer require enlightn/enlightn

After that, all you need to do is run the enlightn Artisan command:

php artisan enlightn

With this command, Enlightn, being the awesome consultant that it is, starts its analysis on your application.

TIP: To get the most out of Enlightn, we found it's best to run Enlightn on your production setup. Many of Enlightn's checks are environment-specific, so they may only be triggered when your app environment is in production.

Features

With 120 automated checks, Enlightn covers almost every aspect of performance, security, and code reliability that you can think of!

Performance Checks

Enlightn has 34 automated performance checks. Some of our favorite ones include:

  • Route caching
  • Detection of N+1, slow, and duplicate queries
  • Checking for compression and cache headers
  • Middleware bloat detection

Security Checks

Enlightn has 45 automated security checks. Enlightn automatically detects vulnerabilities in your application. The vulnerabilities it scans for include:

  • Insecure PHP configurations
  • SQL injection vulnerabilities
  • Injection and phishing attacks
  • Unrestricted file uploads

Code Reliability Checks

Enlightn has 41 automated reliability checks including:

  • Dead route and dead code detection
  • Detecting misconfigurations
  • Bug detection
  • Health checks

Query Optimizations

Enlightn can scan your app's code and detect possible query optimizations. Consider the code below:

namespace App\Models;
 
use Illuminate\Database\Eloquent\Model;
 
class Client extends Model
{
public function countTeamMembers()
{
return $this->teamMembers->count();
}
}

In the example above, we are first firing a query to get all the team members of a client model, and then performing a count on the resulting collection.

Enlightn can automagically detect this and alert you. The query can be optimized by performing the count at the query level like so:

public function countTeamMembers()
{
return $this->teamMembers()->count();
}

Performance Tuning

Enlightn doesn't just scan your application code. It can also detect opportunities to tune server configurations.

Some of these opportunities can make a huge impact on performance. For instance, by setting the right compression headers on your web server, you can reduce your asset file size by 80%!

In the example application above, we missed configuring compression headers and Enlightn helps flag them. Not only that, but it also points to detailed documentation where you can learn how to configure these headers on Apache, Nginx or even your CDN!

N+1 Query Detection

Enlightn also integrates with Laravel Telescope to detect N+1 queries in your code. It highlights the files and line numbers responsible for the N+1 queries to make it easy for you to identify them in your code.

Consider the blade template below:

@foreach ($posts as $post)
<x-post :data="$post" :comments="$post->comments" />
@endforeach

In our PostController, if we forget to eager load the post comments and each page has 25 posts, it would result in 26 queries instead of 1.

For static analyzers, N+1 query detection is almost impossible, especially for a loosely typed language like PHP. But Enlightn combines dynamic analysis with static analysis to make this possible.

Dependency Vulnerabilities Scanner

Enlightn has a dependency vulnerabilities scanner built-in that checks your package dependencies on both your frontend and backend and alerts you if any packages are missing security updates.

Laravel recently released a security fix and the example application below wasn't updated with the security fix. Enlightn immediately flagged this for us!

SQL Injection

Enlightn can detect a wide variety of SQL injection vulnerabilities for Laravel applications.

Consider the following code:

namespace App\Http\Controllers;
 
use Illuminate\Http\Request;
use Illuminate\Validation\Rule;
 
class ProfileController extends Controller
{
public function validateEmail(Request $request)
{
$this->validate($request, [
'email' => [
'required',
Rule::unique('users')->ignore($request->input('id')),
]
]);
}
}

This may look like normal validation but actually is vulnerable to SQL injection attacks. In fact, the Laravel documentation warns against it. Sometimes, it's not possible to always stay up-to-date with the Laravel documentation.

Enlightn makes it easy by flagging these errors and linking to detailed documentation on how to stay secure from each of these vulnerabilities.

Unrestricted File Uploads

Unrestricted file uploads is another vulnerability that modern web applications need to be mindful of.

In the application below, we are storing files at a path determined by untrusted user input data. This may result in a vulnerability where users may overwrite critical files such as /etc/passwd or .env on your server.

namespace App\Http\Controllers;
 
use Illuminate\Http\Request;
use Illuminate\Support\Str;
 
class DocumentController extends Controller
{
public function upload(Request $request)
{
$request->file('document')->storeAs(
'docs/'.auth()->id().'/'.$request->input('filename'),
Str::uuid()
);
}
}

It is difficult to keep track of what's dangerous and what's not, especially as both the web landscape and the Laravel framework evolve over time. Enlightn can take care of that for you.

Dead Route Detection

While maintaining applications over a large period of time, sometimes you may remove certain routes, or controller methods due to changing needs, but may forget to remove the registrations.

This makes your code accumulate "technical debt" and also more unreadable.

Enlightn can thankfully detect dead routes (routes that have missing controllers or methods) to help your code stay clean and even detect broken links in your application.

In the example application below, Enlightn detects 2 dead routes in the application.

Detecting Misconfigurations

Enlightn is also pretty efficient in detecting misconfigurations that may cause problems down the road.

For instance, if you set a generic cache prefix and share your cache servers, this can create collision problems. Even if you don't use caching directly in your application, the Laravel Framework uses it for rate limiting, unique job locks, and queueing.

Imagine throttling a user on the first application, only to learn that a user with the same ID on another application that shares cache servers is also getting throttled.

These are the kinds of misconfigurations Enlightn automatically detects.

In Closing

Enlightn looks like an awesome tool and seems to be a first of its kind for Laravel. In this post, we were only able to cover a handful of the 120 automated checks it has to offer.

You should definitely take it for a spin and try it out. You can find the open-source version (with 60 checks) on its Github repository.

You can also grab a license from the Enlightn website to get access to 60 additional checks to make your app perform better and stay secure. We'd say it's worth it!

Eric L. Barnes photo

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Filed in:
Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

image
Paragraph

Manage your Laravel app as if it was a CMS – edit any text on any page or in any email without touching Blade or language files.

Visit Paragraph
Laravel Forge logo

Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Forge
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $7500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
LoadForge logo

LoadForge

Easy, affordable load testing and stress tests for websites, APIs and databases.

LoadForge
Paragraph logo

Paragraph

Manage your Laravel app as if it was a CMS – edit any text on any page or in any email without touching Blade or language files.

Paragraph
Lucky Media logo

Lucky Media

Bespoke software solutions built for your business. We ♥ Laravel

Lucky Media
Lunar: Laravel E-Commerce logo

Lunar: Laravel E-Commerce

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

Lunar: Laravel E-Commerce
Bacancy - Staff Augmentation logo

Bacancy - Staff Augmentation

Leave your web app development hustles to the leading IT Staff Augmentation Service Providers. Choose from an extensive pool of 1050+ developers and give yourself the sigh of success you deserve with Bacancy. Get In Touch Today!

Bacancy - Staff Augmentation
DocuWriter.ai logo

DocuWriter.ai

Save hours of manually writing Code Documentation, Comments & DocBlocks, Test suites and Refactoring.

DocuWriter.ai
Rector logo

Rector

Your partner for seamless Laravel upgrades, cutting costs, and accelerating innovation for successful companies

Rector

The latest

View all →
Add Architecture Tests to Saloon API Integrations with Lawman image

Add Architecture Tests to Saloon API Integrations with Lawman

Read article
Protect Routes with JWT Tokens Using This Package for Laravel image

Protect Routes with JWT Tokens Using This Package for Laravel

Read article
Increment a Rate Limiter by a Custom Amount in Laravel 10.46 image

Increment a Rate Limiter by a Custom Amount in Laravel 10.46

Read article
Add Kanban Boards to Your Laravel App in Seconds image

Add Kanban Boards to Your Laravel App in Seconds

Read article
October CMS v3.6 Ships Today, Full of New Features image

October CMS v3.6 Ships Today, Full of New Features

Read article
Laracon EU Videos are now out image

Laracon EU Videos are now out

Read article