zephyrphp / framework
ZephyrPHP - A lightweight, fast & secure PHP framework. Light as a breeze, fast as the wind.
Installs: 6
Dependents: 6
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/zephyrphp/framework
Requires
- php: >=8.2
- php-di/php-di: ^7.0
- psr/log: ^3.0
- twig/twig: ^3.17
- vlucas/phpdotenv: ^5.6
Requires (Dev)
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^11.5
README
Light as a breeze. Fast as the wind.
A lightweight, fast, and secure PHP framework for building modern web applications.
Features
- Lightweight - Minimal footprint, only what you need
- Fast - Optimized for performance with template caching
- Secure - Built-in CSRF protection, input sanitization, security headers
- MVC Architecture - Clean separation of concerns
- Twig Templating - Powerful and secure template engine with auto-escaping
- Dependency Injection - Built-in PHP-DI container support
- Routing - Flexible routing with middleware support
- Validation - Fluent validation with custom rules
- File Upload - Secure file upload handling with MIME validation
- CLI Tools - Craftsman CLI for code generation
Requirements
- PHP >= 8.2
- Composer
Installation
composer require zephyrphp/framework
Or create a new project:
composer create-project zephyrphp/starter my-app
cd my-app
php craftsman serve
Quick Start
Define Routes
// routes/web.php use Zephyr\Router\Route; use App\Controllers\HomeController; Route::get('/', [new HomeController(), 'index']); Route::get('/users/{id}', [new UserController(), 'show']); Route::post('/users', [new UserController(), 'store']); // Route groups with prefix Route::group('/api', function() { Route::get('/users', [new ApiController(), 'users']); });
Create Controllers
// app/Controllers/HomeController.php namespace App\Controllers; use Zephyr\Core\Controllers\Controller; class HomeController extends Controller { public function index() { return $this->render('home', [ 'title' => 'Welcome to ZephyrPHP' ]); } public function store() { // CSRF validation if (!$this->validateCSRF()) { return; // Returns 403 automatically } // Get sanitized input $email = $this->request->sanitized('email', 'email'); $name = $this->request->sanitized('name', 'string'); // Your logic here return $this->json(['success' => true]); } }
Validation
use Zephyr\Validation\Validator; $validator = Validator::make($request->all(), [ 'name' => 'required|min:3|max:255', 'email' => 'required|email', 'password' => 'required|min:8|confirmed', 'age' => 'nullable|integer|between:18,120', ]); if ($validator->fails()) { return $this->json(['errors' => $validator->errors()], 422); } $validated = $validator->validated();
Secure File Upload
use Zephyr\Security\FileUpload; $uploader = FileUpload::forImages() ->setMaxFileSize(5 * 1024 * 1024) // 5MB ->setUploadDir(BASE_PATH . '/storage/uploads'); $file = $this->request->file('avatar'); if ($filename = $uploader->upload($file)) { // File uploaded successfully } else { $error = $uploader->getLastError(); }
CSRF Protection
// In your Twig template <form method="POST" action="/submit"> {{ csrf_field() | raw }} <!-- or --> <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"> </form> // In controller if (!$this->validateCSRF()) { return; // Automatically returns 403 }
Input Sanitization
use Zephyr\Security\Sanitizer; $email = Sanitizer::email($input); $slug = Sanitizer::slug($input); $clean = Sanitizer::string($input); $number = Sanitizer::int($input); // Or via Request $email = $this->request->sanitized('email', 'email');
Security Features
Built-in Security Headers
ZephyrPHP automatically applies security headers:
X-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockReferrer-Policy: strict-origin-when-cross-originPermissions-PolicyContent-Security-Policy(customizable)
Environment-based Configuration
// Production mode disables: // - Debug output // - Error display // - Twig debug extension // And enables: // - Template caching // - Strict error logging // - HSTS headers (with HTTPS)
CLI Commands
# Start development server php craftsman serve # Start on custom host/port php craftsman serve 0.0.0.0 3000 # Create a new controller php craftsman make:controller UserController # Create a new model php craftsman make:model User # Create a new middleware php craftsman make:middleware AuthMiddleware # Create a new migration php craftsman make:migration create_users_table # Run database migrations php craftsman db:create # List all routes php craftsman route:list # Clear cache php craftsman cache:clear # Generate application key php craftsman key:generate
Directory Structure
project/
├── app/
│ ├── Controllers/
│ ├── Models/
│ └── Views/
├── config/
├── pages/ # Twig templates
├── public/
│ ├── index.php # Entry point
│ ├── .htaccess # Security rules
│ └── assets/
│ └── .htaccess # Blocks PHP execution
├── routes/
│ ├── web.php
│ └── api.php # Optional
├── storage/
│ ├── compiled/ # Template cache
│ ├── logs/
│ ├── uploads/
│ └── .htaccess # Blocks all access
├── .env
├── .env.example
├── composer.json
└── craftsman
Configuration
Environment variables via .env:
APP_NAME=ZephyrPHP APP_DEBUG=false # Disable in production! ENV=production # dev, staging, production VIEWS_PATH=/pages APP_KEY= # Generate: php craftsman key:generate
Documentation
Full documentation coming soon at zephyrphp.com
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
The ZephyrPHP framework is open-sourced software licensed under the MIT license.
Author
Techwonia
- ZephyrPHP: zephyrphp.com
- Company: techwonia.com
- Email: opensource@techwonia.com
- GitHub: @Techwonia