gdebrauwer / laravel-hateoas
Expose the authorization logic of your REST API using HATEOAS links on your Laravel API resources
Installs: 51 894
Dependents: 0
Suggesters: 0
Security: 0
Stars: 162
Watchers: 4
Forks: 11
Open Issues: 3
Requires
- php: ^8.0|^8.1|^8.2|^8.3
- illuminate/routing: ^9.0|^10.0|^11.0
- illuminate/support: ^9.0|^10.0|^11.0
- spatie/once: ^3.0
Requires (Dev)
- adamwojs/php-cs-fixer-phpdoc-force-fqcn: ^2.0
- friendsofphp/php-cs-fixer: ^3.14
- orchestra/testbench: ^7.0|^8.0|^9.0
- phpunit/phpunit: ^9.5|^10.5
- squizlabs/php_codesniffer: ^3.7
README
HATEOAS allows you to expose the authorization logic of your REST API. This package makes it easy to add HATEOAS links to your Laravel API resources.
Each resource has its HATEOAS links, and only the accessible links per resource are returned. If a link is not available on a resource, then the clients of your API can disable functionality linked to that HATEOAS link.
By default an array of links, in the following format, will be added to the JSON of a Laravel API resource:
{
"data": [
{
"id": 1,
"text": "Hello world!",
"_links": [
{
"rel": "self",
"type": "GET",
"href": "http://localhost/message/1"
},
{
"rel": "delete",
"type": "DELETE",
"href": "http://localhost/message/1"
}
]
}
]
}
Installation
You can install the package via composer:
composer require gdebrauwer/laravel-hateoas
Usage
You can create a new HATEOAS class for a model using the following artisan command:
php artisan make:hateoas MessageHateoas --model=Message
In the created class you can define public methods that will be used to generate the links. A method should either return a link or null.
class MessageHateoas { use CreatesLinks; public function self(Message $message) : ?Link { if (! auth()->user()->can('view', $message)) { return; } return $this->link('message.show', ['message' => $message]); } public function delete(Message $message) : ?Link { if (! auth()->user()->can('delete', $message)) { return $this->link('message.archive', ['message' => $message]); } return $this->link('message.destroy', ['message' => $message]); } }
To add the links to an API resource, you have to add the HasLinks trait and use the $this->links() method. The HATEOAS class will be automatically discovered.
class MessageResource extends JsonResource { use HasLinks; public function toArray($request) : array { return [ 'id' => $this->id, 'text' => $this->text, '_links' => $this->links(), ]; } }
Customization
Formatting
You can customize the JSON links formatting by providing a formatter class that implements the Formatter interface to the formatLinksUsing method.
If the code to format the links is pretty small or you don't want to create a separate formatter class for it, you also have the option to provide a formatting callback function to the formatLinksUsing method.
use GDebrauwer\Hateoas\Hateoas; use GDebrauwer\Hateoas\LinkCollection; // Provide your own Formatter class ... Hateoas::formatLinksUsing(CustomFormatter::class); // ... Or provide a callback Hateoas::formatLinksUsing(function (LinkCollection $links) { // return array based on links });
HATEOAS class discovery
By default, the HATEOAS classes of models will be auto-discovered. Specifically, the HATEOAS classes must be in a Hateoas directory below the directory that contains the models. If you would like to provide your own HATEOAS class discovery logic, you can register a custom callback:
use GDebrauwer\Hateoas\Hateoas; Hateoas::guessHateoasClassNameUsing(function (string $class) { // return a HATEOAS class name });
Testing
composer test
Linting
composer lint
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Credits
License
The MIT License (MIT). Please see License File for more information.