Search by 
myboilerplate / core-api
DDD Auth core for Laravel APIs — register, login, JWT, profile, password reset out of the box.
Maintainers
dev-main
2026-02-28 01:01 UTC
Requires
- php: ^8.2
- laravel/framework: ^12.0
- ramsey/uuid: ^4.7
- tymon/jwt-auth: ^2.2
Requires (Dev)
- fakerphp/faker: ^1.23
- larastan/larastan: ^3.0
- laravel/pint: ^1.0
- orchestra/testbench: ^10.0
- phpunit/phpunit: ^11.0
This package is not auto-updated.
Last update: 2026-04-11 22:50:01 UTC
README
Laravel package providing a complete DDD-based authentication core:
- User registration & login (JWT)
- Token refresh & logout
- Profile update (name + password)
- Password reset via email
- Rate limiting, security headers, CORS
Requirements
- PHP 8.2+
- Laravel 12+
tymon/jwt-auth^2.2
Installation
1. Require the package
composer require myboilerplate/core-api
The service provider is auto-discovered — no manual registration needed.
2. Publish migrations and run them
php artisan vendor:publish --tag=core-api-migrations
php artisan migrate
4. Generate JWT secret
php artisan jwt:secret
5. Add environment variables
JWT_SECRET=<generated above>
JWT_TTL=60
JWT_REFRESH_TTL=20160
JWT_BLACKLIST_ENABLED=true
CORS_ALLOWED_ORIGINS=http://localhost:3000
API Endpoints
All endpoints are prefixed with /api/v1 by default.
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| GET | /api/v1/health | No | Health check |
| POST | /api/v1/auth/register | No | Register a new user |
| POST | /api/v1/auth/login | No | Log in, receive JWT |
| POST | /api/v1/auth/logout | Bearer token | Invalidate token |
| POST | /api/v1/auth/refresh | Bearer token | Refresh token |
| GET | /api/v1/auth/me | Bearer token | Current user info |
| PATCH | /api/v1/auth/me | Bearer token | Update profile (name / password) |
| POST | /api/v1/auth/forgot-password | No | Request password reset email |
| POST | /api/v1/auth/reset-password | No | Reset password with token |
Customisation
Change the route prefix
CORE_API_PREFIX=api/v2
Disable built-in routes (to define your own)
php artisan vendor:publish --tag=core-api-routes
Then set CORE_API_ROUTES=false in .env and load/customise routes/core-api.php yourself.
Override rate limits
CORE_API_RL_LOGIN=5
CORE_API_RL_REGISTER=10
CORE_API_RL_FORGOT=3
CORE_API_RL_RESET=5
Or publish the config for full control:
php artisan vendor:publish --tag=core-api-config
Running Package Tests
composer install
vendor/bin/phpunit
Or with specific suites:
vendor/bin/phpunit --testsuite Domain
vendor/bin/phpunit --testsuite Application
vendor/bin/phpunit --testsuite Infrastructure
vendor/bin/phpunit --testsuite Feature