README

Caronte Client is a Laravel package that provides distributed authentication middlewares and a set of commands for secure self-management in PHP projects. It allows seamless integration of robust authentication, access control, and management of users and roles, all configurable and extensible within the framework.

Main Use Cases

• Secure user authentication using JWT tokens
• Fine-grained permission and role management
• Middleware for session and role validation in Laravel routes
• Helper utilities for user and permission logic
• Facade for easy access to authentication features
• Artisan commands for configuration and environment sync
• Publishing of config, views, assets, and migrations for customization

🏁 Quickstart

Installation

Install Caronte Client via Composer:

composer require ometra/caronte-client:@dev

Configuration

Add the following environment variables to your .env file and adjust them according to your project needs:

Real-world configuration example

CARONTE_URL=http://caronte.test/ CARONTE_ALLOW_HTTP_REQUESTS=false CARONTE_ISSUER_ID=net.example CARONTE_ENFORCE_ISSUER=true CARONTE_APP_ID=net.example CARONTE_APP_SECRET="OgNy19ZMRLXBsuAwTQSbpbzUkpE626N1SUfaeygE" CARONTE_2FA=false CARONTE_ROUTES_PREFIX="" CARONTE_SUCCESS_URL="/" CARONTE_LOGIN_URL="/login" CARONTE_UPDATE_USER=false APP_TIMEZONE=America/Mexico_City CARONTE_TOKEN_TTL=460### Migrations (optional)

If you want to enable user synchronization (CARONTE_UPDATE_USER=true), run the migrations: php artisan migrate---

🛠 Available Commands

This package includes artisan commands (prefix caronte-client) for administration and management directly from the console for the autonomous administration of each system

🟢 Main Entry Point

php artisan caronte-client:management Interactive menu to manage Users and Roles via wizard. From here, operations are divided into two main branches: Role Management and User Management.

🛡 1. Role Management

Manage the definitions of roles within the application scope.

Commands for the CRUD of roles

👥 2. User Management & Workflow

User management allows for full CRUD operations, but strict rules apply to ensure data integrity within the application context.

[!IMPORTANT] ⚠️ Dependency Warning: Link Roles First

To perform specific operations on a user (like updating details or managing their roles), the user MUST be linked to the application first.

The Flow:

1. User exists in the system.

2. Execute caronte-client:attached-roles to link an App Role to the user.

3. Now you can use update-user, delete-roles-user, etc.

Commands for the management users First of all, the user is searched for and selected, then it is managed. Note: It is very important to take into account the aforementioned workflow

Options to revoke roles There are two options: select a specific role to remove or remove all roles associated with the user in the application

Usage Examples

Authenticating Users

use Caronte;
// Retrieve the current JWT token
$token = Caronte::getToken();
// Get the authenticated user object from the token
$user = Caronte::getUser();

Middleware Integration

Add Caronte middleware to your routes for session and role validation:

// In your routes/web.php or routes/api.php
Route::middleware(['Caronte.ValidateSession'])->group(function () {
    Route::get('/dashboard', function () {
        // Only accessible to authenticated users
    });
});

Route::middleware(['Caronte.ValidateRoles:administrator,manager'])->group(function () {
    Route::get('/admin', function () {
        // Only accessible to users with administrator or manager roles (or root)
    });
});

Permission Checks in Code

use Equidna\Caronte\Helpers\PermissionHelper;
// Check if the user has access to the application
if (PermissionHelper::hasApplication()) {
    // User has access
}

// Check if the user has a specific role
if (PermissionHelper::hasRoles(['administrator', 'editor'])) {
    // User has one of the required roles
}