vormiaphp / vormiaguardphp
VormiaGuardPHP: Laravel guard/auth package for Vormia ecosystem.
Requires
- php: ^8.2
- laravel/framework: ^12.0
- laravel/sanctum: *
- vormiaphp/vormia: *
Requires (Dev)
- phpunit/phpunit: ^12.2
README
Is a Laravel package providing guard and authentication endpoints, middleware, and utilities for the Vormia ecosystem. It is designed to work with VormiaGuardJS and VormiaQueryJS for full-stack authentication and authorization.
VormiaGuard Packages
VormiaGuardJS (frontend) enables powerful access control and role-based UI logic, but secure authentication and authorization require backend support. VormiaGuardPHP provides the necessary endpoints (/api/user, /api/can-access) and middleware for Laravel, ensuring your frontend and backend work together securely. Use VormiaGuardPHP with VormiaGuardJS for a complete, secure, full-stack solution.
Features
- Guard endpoints for frontend integration
- Role and permission middleware
- Install, update, uninstall artisan commands
- Checks for Sanctum and Vormia dependencies
Installation
composer require vormiaphp/vormiaguardphp php artisan vormiaguard:install
Commands
php artisan vormiaguard:install– Installs VormiaGuardPHP, checks dependenciesphp artisan vormiaguard:update– Updates VormiaGuardPHP setupphp artisan vormiaguard:uninstall– Uninstalls VormiaGuardPHP
Requirements
- Laravel 9+
- vormiaphp/vormia
- laravel/sanctum
Endpoints
/api/user– Returns authenticated user info/api/can-access– Checks if user can access a route (with optional middleware)/login,/logout– Standard Laravel auth endpoints
Middleware
- Role, permission, and guard middleware for route protection
Next Steps
-
Register routes for
/api/userand/api/can-accessin your package's route file (e.g.,routes/api.php):use VormiaGuardPhp\Http\Controllers\UserController; use VormiaGuardPhp\Http\Controllers\AccessController; Route::middleware(['auth:sanctum'])->group(function () { Route::get('/user', [UserController::class, 'show']); Route::get('/can-access', [AccessController::class, 'canAccess']); });
-
Register the middleware in your service provider or via Laravel's middleware aliases (e.g., in
app/Http/Kernel.php):protected $routeMiddleware = [ // ... 'checkrole' => \VormiaGuardPhp\Http\Middleware\CheckRole::class, ];
-
(Optional) Add more middleware for permissions, modules, etc., as needed for your application's requirements.
Laravel Backend: can-access Endpoint Example
Add this route to your Laravel backend to support backend-driven access checks:
// routes/api.php use Illuminate\Http\Request; use Illuminate\Support\Facades\Gate; Route::middleware('auth:sanctum')->get('/can-access', function (Request $request) { $user = $request->user(); $route = $request->query('route'); $middleware = $request->query('middleware'); // Example: check role middleware if ($middleware && str_starts_with($middleware, 'role:')) { $role = explode(':', $middleware)[1]; if (!$user->hasRole($role)) { return response()->json(['allowed' => false], 403); } } // Example: check route access (customize as needed) if ($route && !$user->canAccessRoute($route)) { return response()->json(['allowed' => false], 403); } return response()->json(['allowed' => true]); });
- Adjust the logic to match your app's authorization needs.
- You can check roles, permissions, or any custom logic.
For more, see the examples/ directory for full app samples.
Laravel Backend: VormiaGuardPHP Example
To enable secure backend-driven access control, install and configure VormiaGuardPHP in your Laravel project:
composer require vormiaphp/vormiaguardphp php artisan vormiaguard:install
Then, register the VormiaGuardPHP routes in your routes/api.php:
use VormiaGuardPhp\Http\Controllers\UserController; use VormiaGuardPhp\Http\Controllers\AccessController; Route::middleware(['auth:sanctum'])->group(function () { Route::get('/user', [UserController::class, 'show']); Route::get('/can-access', [AccessController::class, 'canAccess']); });
And register the middleware in your app/Http/Kernel.php:
protected $routeMiddleware = [ // ... 'checkrole' => \VormiaGuardPhp\Http\Middleware\CheckRole::class, ];
VormiaGuardPHP provides the /api/user and /api/can-access endpoints and guard middleware required for VormiaGuardJS to function securely with your Laravel backend.
License
VormiaGuardPHP is open-source and available under the MIT License.