httpsnader1 / database-controllers
A secure database management dashboard for Laravel with backup and restore functionality.
Maintainers
Package info
github.com/httpsnader1/database-controllers
pkg:composer/httpsnader1/database-controllers
Requires
- php: ^8.1
- illuminate/console: ^10.0|^11.0|^12.0|^13.0
- illuminate/database: ^10.0|^11.0|^12.0|^13.0
- illuminate/filesystem: ^10.0|^11.0|^12.0|^13.0
- illuminate/http: ^10.0|^11.0|^12.0|^13.0
- illuminate/routing: ^10.0|^11.0|^12.0|^13.0
- illuminate/support: ^10.0|^11.0|^12.0|^13.0
- symfony/process: ^6.0|^7.0|^8.0
Requires (Dev)
- orchestra/testbench: ^8.0|^9.0
- phpunit/phpunit: ^10.0|^11.0
README
A secure, production-ready database management dashboard for Laravel 10–13 with full backup and restore functionality.
Composer Package: httpsnader1/database-controllers
Features
| Feature | Detail |
|---|---|
| 🔐 Custom auth | Session-based password system, independent of Laravel auth |
| ⚡ Rate limiting | Configurable login-attempt throttling |
| 🌐 IP whitelist | Optional per-IP access control |
| 📊 Dashboard | DB stats, table counts, storage info |
| ⊞ Table browser | Paginated, sortable, searchable table records |
| ✎ CRUD | Insert, update, delete records via modal UI |
| 🔍 Schema viewer | Columns, types, indexes, constraints |
| 💾 Backup | mysqldump/pg_dump with pure-PHP fallback |
| ↺ Restore | Upload .sql, chunked execution, error report |
| ⚙ Artisan | install, backup, restore {file} commands |
| 🎨 Vue 3 SPA | Router, composables, toast notifications |
| 🛡 Query safety | Blocks DROP/TRUNCATE/ALTER by default |
| 🐬 MySQL + 🐘 PgSQL | Full driver support (SQLite too) |
Installation
1 — Require the package
composer require httpsnader1/database-controllers
Auto-discovery registers the service provider automatically.
2 — Run the install command
php artisan database-controllers:install
This will:
- Publish
config/database-controllers.php - Create
storage/app/database-controllers/backup directory - Publish frontend assets to
public/vendor/database-controllers/
3 — Set your dashboard password
Add to your .env:
DB_CONTROLLERS_PASSWORD=your-very-strong-password
⚠ The dashboard is inaccessible until this is set.
4 — Visit the dashboard
https://your-app.test/database-controllers/login
Configuration
Publish and edit the config file:
php artisan vendor:publish --tag=database-controllers-config
File: config/database-controllers.php
| Key | Default | Description |
|---|---|---|
password |
env(DB_CONTROLLERS_PASSWORD) |
Dashboard login password |
route_prefix |
database-controllers |
URL prefix |
middleware |
['web'] |
Base middleware stack |
ip_whitelist |
[] |
Allowed IPs (empty = all) |
backup_path |
database-controllers |
Backup dir inside storage/app |
allow_dangerous_queries |
false |
Allow DROP/TRUNCATE etc. |
login_max_attempts |
5 |
Failed login throttle limit |
login_decay_minutes |
10 |
Throttle window (minutes) |
records_per_page |
25 |
Table viewer pagination |
mysqldump_path |
null |
Path to mysqldump binary |
pg_dump_path |
null |
Path to pg_dump binary |
Routes
All routes are automatically registered under the configured prefix.
| Method | URL | Description |
|---|---|---|
GET |
/database-controllers/login |
Login page |
POST |
/database-controllers/login |
Submit login |
POST |
/database-controllers/logout |
Logout |
GET |
/database-controllers/dashboard |
Dashboard (SPA) |
GET |
/database-controllers/api/stats |
DB statistics JSON |
GET |
/database-controllers/api/tables |
Tables list JSON |
GET |
/database-controllers/api/table/{name} |
Paginated records |
GET |
/database-controllers/api/table/{name}/schema |
Schema info |
POST |
/database-controllers/api/table/{name}/records |
Insert record |
PUT |
/database-controllers/api/table/{name}/records |
Update record |
DELETE |
/database-controllers/api/table/{name}/records |
Delete record |
GET |
/database-controllers/api/backups |
List backups |
POST |
/database-controllers/api/backups/create |
Create backup |
GET |
/database-controllers/api/backups/download/{file} |
Download backup |
DELETE |
/database-controllers/api/backups/{file} |
Delete backup |
POST |
/database-controllers/api/restore |
Upload & restore SQL |
Artisan Commands
Install
php artisan database-controllers:install
Create a backup
php artisan database-controllers:backup
Output saved to storage/app/database-controllers/backup_YYYY-MM-DD_HH-mm-ss.sql
Restore from backup
# By filename (looks in storage/app/database-controllers/) php artisan database-controllers:restore backup_2024-01-01_12-00-00.sql # By absolute path php artisan database-controllers:restore /var/backups/mydb.sql # Skip confirmation prompt php artisan database-controllers:restore backup.sql --force
Frontend Development (Vue 3 SPA)
Install Node dependencies
cd database-controllers
npm install
Development mode (HMR)
npm run dev
Build for production
npm run build
Built assets output to public/ inside the package and are published to public/vendor/database-controllers/ in the host app.
Security
Password protection
All routes (except login) are guarded by PasswordProtectionMiddleware.
Authentication state is stored in the session under the database_controllers_authenticated key.
Rate limiting
Failed login attempts are rate-limited per IP.
Configure via login_max_attempts and login_decay_minutes.
IP whitelist
DB_CONTROLLERS_IP_WHITELIST=127.0.0.1,10.0.0.5
Leave blank to allow all IPs.
Dangerous query blocking
By default, DROP, TRUNCATE, ALTER, CREATE, RENAME, GRANT, REVOKE are blocked in any SQL execution.
Enable at your own risk:
DB_CONTROLLERS_ALLOW_DANGEROUS=true
CSRF
All forms and AJAX requests are CSRF-protected via Laravel's built-in CSRF middleware and the X-CSRF-TOKEN meta tag.
Backup Mechanism
-
Primary: Uses
mysqldump(MySQL) orpg_dump(PostgreSQL) via Symfony Process.
Looks for the binary automatically viawhich/where, or use the.envvariable. -
Fallback: If no binary is found, a pure-PHP export runs instead.
Handles tables in chunks of 500 rows to avoid memory exhaustion.
Backups are stored in storage/app/database-controllers/ (local disk, not publicly accessible).
File Structure
database-controllers/
├── composer.json
├── package.json
├── vite.config.js
├── tailwind.config.js
├── postcss.config.js
├── .env.example
├── .gitignore
│
├── config/
│ └── database-controllers.php
│
├── routes/
│ └── web.php
│
├── src/
│ ├── DatabaseControllersServiceProvider.php
│ │
│ ├── Http/
│ │ ├── Controllers/
│ │ │ ├── AuthController.php
│ │ │ ├── DashboardController.php
│ │ │ ├── TableController.php
│ │ │ ├── BackupController.php
│ │ │ └── RestoreController.php
│ │ │
│ │ └── Middleware/
│ │ ├── PasswordProtectionMiddleware.php
│ │ └── IpWhitelistMiddleware.php
│ │
│ ├── Services/
│ │ ├── DatabaseInspector.php
│ │ ├── BackupService.php
│ │ └── RestoreService.php
│ │
│ └── Console/Commands/
│ ├── InstallCommand.php
│ ├── BackupCommand.php
│ └── RestoreCommand.php
│
├── resources/
│ ├── css/
│ │ └── app.css
│ ├── views/
│ │ ├── login.blade.php ← Standalone login page
│ │ └── app.blade.php ← SPA shell
│ └── js/
│ ├── app.js ← Vue entry point + router
│ ├── App.vue ← Root component + toast system
│ ├── components/
│ │ ├── AppLayout.vue ← Sidebar layout shell
│ │ ├── Loader.vue ← Spinner component
│ │ └── Modal.vue ← Dialog component
│ └── pages/
│ ├── Dashboard.vue ← Stats & quick actions
│ ├── Tables.vue ← Table list with search
│ ├── TableView.vue ← CRUD + schema viewer
│ └── Backup.vue ← Backup & restore UI
│
└── public/ ← Built assets (after npm run build)
├── app.js
└── app.css
License
MIT © httpsnader1