francescomalatesta / Laravel Api Boilerplate Jwt

Laravel API Boilerplate (JWT Edition) for Laravel 5.8

Laravel API Boilerplate is a "starter kit" you can use to build your first API in seconds. As you can easily imagine, it is built on top of the awesome Laravel Framework. This version is built on Laravel 5.8!

It is built on top of three big guys:

• JWT-Auth - tymondesigns/jwt-auth
• Dingo API - dingo/api
• Laravel-CORS barryvdh/laravel-cors

What I made is really simple: an integration of these three packages and a setup of some authentication and credentials recovery methods.

Installation

1. run composer create-project francescomalatesta/laravel-api-boilerplate-jwt myNextProject;
2. have a coffee, nothing to do here;

Once the project creation procedure will be completed, run the php artisan migrate command to install the required tables.

Usage

I wrote a couple of articles on this project that explain how to write an entire sample application with this boilerplate. They cover the older version of this boilerplate, but all the concepts are the same. You can find them on Sitepoint:

Just be aware that some options in the config/boilerplate.php file are changed, so take a look to it.

• How to Build an API-Only JWT-Powered Laravel App
• How to Consume Laravel API with AngularJS

WARNING: the articles are old and Laravel 5.1 related. Just use them as "inspiration". Even without updated tutorials, they should be enough.

Main Features

Ready-To-Use Authentication Controllers

You don't have to worry about authentication and password recovery anymore. I created four controllers you can find in the App\Api\V1\Controllers for those operations.

For each controller there's an already setup route in routes/api.php file:

• POST api/auth/login, to do the login and get your access token;
• POST api/auth/refresh, to refresh an existent access token by getting a new one;
• POST api/auth/signup, to create a new user into your application;
• POST api/auth/recovery, to recover your credentials;
• POST api/auth/reset, to reset your password after the recovery;
• POST api/auth/logout, to log out the user by invalidating the passed token;
• GET api/auth/me, to get current user data;

Separate File for Routes

All the API routes can be found in the routes/api.php file. This also follow the Laravel 5.5 convention.

Secrets Generation

Every time you create a new project starting from this repository, the php artisan jwt:generate command will be executed.

Configuration

You can find all the boilerplate specific settings in the config/boilerplate.php config file.

<?php

return [

    // these options are related to the sign-up procedure
    'sign_up' => [
        
        // this option must be set to true if you want to release a token
        // when your user successfully terminates the sign-in procedure
        'release_token' => env('SIGN_UP_RELEASE_TOKEN', false),
        
        // here you can specify some validation rules for your sign-in request
        'validation_rules' => [
            'name' => 'required',
            'email' => 'required|email',
            'password' => 'required'
        ]
    ],

    // these options are related to the login procedure
    'login' => [
        
        // here you can specify some validation rules for your login request
        'validation_rules' => [
            'email' => 'required|email',
            'password' => 'required'
        ]
    ],

    // these options are related to the password recovery procedure
    'forgot_password' => [
        
        // here you can specify some validation rules for your password recovery procedure
        'validation_rules' => [
            'email' => 'required|email'
        ]
    ],

    // these options are related to the password recovery procedure
    'reset_password' => [
        
        // this option must be set to true if you want to release a token
        // when your user successfully terminates the password reset procedure
        'release_token' => env('PASSWORD_RESET_RELEASE_TOKEN', false),
        
        // here you can specify some validation rules for your password recovery procedure
        'validation_rules' => [
            'token' => 'required',
            'email' => 'required|email',
            'password' => 'required|confirmed'
        ]
    ]

];

As I already said before, this boilerplate is based on dingo/api and tymondesigns/jwt-auth packages. So, you can find many informations about configuration here and here.

However, there are some extra options that I placed in a config/boilerplate.php file:

• sign_up.release_token: set it to true if you want your app release the token right after the sign up process;
• reset_password.release_token: set it to true if you want your app release the token right after the password reset process;

There are also the validation rules for every action (login, sign up, recovery and reset). Feel free to customize it for your needs.

Creating Endpoints

You can create endpoints in the same way you could to with using the single dingo/api package. You can read its documentation for details. After all, that's just a boilerplate! :)

However, I added some example routes to the routes/api.php file to give you immediately an idea.

Cross Origin Resource Sharing

If you want to enable CORS for a specific route or routes group, you just have to use the cors middleware on them.

Thanks to the barryvdh/laravel-cors package, you can handle CORS easily. Just check the docs at this page for more info.

Tests

If you want to contribute to this project, feel free to do it and open a PR. However, make sure you have tests for what you implement.

In order to run tests:

• be sure to have the PDO sqlite extension installed in your environment;
• run php vendor/bin/phpunit;

Feedback

I currently made this project for personal purposes. I decided to share it here to help anyone with the same needs. If you have any feedback to improve it, feel free to make a suggestion, or open a PR!