descom / laravel-auth-spa
Template to generate a Laravel Package
Requires
- php: ^8.2
- laravel/framework: 10.0|^11.0
- laravel/sanctum: ^3.3|^4.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.4
- nunomaduro/larastan: ^2.0
- orchestra/testbench: ^8.0|^9.0
- phpstan/phpstan: ^1.2
- phpunit/phpunit: ^10.5|^11.0
README
This package is an authentication backend implementation for Laravel. Registers the routes and controllers required to implement all Laravel authentication features from a Frontend SPA or SSR, including login, password reset, and more.
Installation
composer require descom/laravel-auth-spa
Configure
Laravel Sanctum
Run:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate
Add Sanctum's middleware to your api middleware group within your application's app/Http/Kernel.php
file:
'api' => [ \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, 'throttle:api', \Illuminate\Routing\Middleware\SubstituteBindings::class, ],
Configure cors, you need edit the file config/cors.php
and change this lines:
'paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout', 'password/forget', 'password/reset'], /// ... 'supports_credentials' => true,
In production define this environment variables:
Local:
SANCTUM_STATEFUL_DOMAINS=localhost:3000 SESSION_DOMAIN=localhost
Production for domain 'www.app.tld':
SANCTUM_STATEFUL_DOMAINS=www.app.tld SESSION_DOMAIN=.app.tld
Package
php artisan vendor:publish --provider="Descom\AuthSpa\AuthSpaServiceProvider" --tag="config"
You can define your frontend in config file config/authspa.php
/// 'frontend' => [ 'url' => env('FRONTEND_URL', 'http://localhost:3000'), 'reset_password_url' => env('FRONTEND_RESET_PASSWORD_URL', '/login/reset'), ], ///
Usage
Login
POST /login { "email": " <email>", "password": "<password>" }
Logout
POST /logout
Get reset password link
POST /password/forgot { "email": " <email>" }
Reset password with link
POST /password/reset { "token": "<token>", "email": " <email>", "password": "<password>", "password_confirmation": "<password>" }
Update password for current user logged
PUT /api/user/password { "current_password": "<current_password>", "password": "<newpassword>", "password_confirmation": "<newpassword>" }
Get user info
GET /api/user
Nuxt.js
Install Nuxt Auth:
yarn add --exact @nuxtjs/auth-next yarn add @nuxtjs/axios
And configure file nuxt.config.js
:
{ modules: [ '@nuxtjs/axios', '@nuxtjs/auth-next' ], auth: { strategies: { laravelSanctum: { provider: 'laravel/sanctum', url: process.env.API_URL || 'http://localhost:8000', }, }, } }
Customize
Defining Default Password Rules
You may find it convenient to specify the default validation rules for passwords in a single location of your application. You can easily accomplish this using the Password::defaults
method, which accepts a closure. The closure given to the defaults method should return the default configuration of the Password rule. Typically, the defaults
rule should be called within the boot
method of one of your application's service providers:
use Illuminate\Validation\Rules\Password; /** * Bootstrap any application services. * * @return void */ public function boot() { Password::defaults(function () { $rule = Password::min(8); return $this->app->isProduction() ? $rule->mixedCase()->uncompromised() : $rule; }); }