Feature (#16)
* feat: add email verification endpoints and tests Add comprehensive CI/CD pipeline using GitHub Actions - Run Pest tests on PHP 8.3 and 8.4 with MySQL 8.0 - Automated code style checks with Pint - Static analysis with Larastan/PHPStan - Parallel job execution for faster builds - Composer dependency caching - MySQL service container with health checks * feat: implement password reset flow with secure tokens , add forgot password and reset password functionality - Created password_reset_tokens table migration - Added POST /api/v1/forgot-password endpoint - Added POST /api/v1/reset-password endpoint - Both endpoints rate-limited to 6 requests per minute - Integrated with Laravel's Password facade for secure token management - Revokes all user tokens upon successful password reset - Created ForgotPasswordRequest and ResetPasswordRequest with validation - Added comprehensive test suite (6 test cases) Password reset uses signed, time-limited tokens stored in the database. All user sessions are invalidated after successful reset for security. * feat: add reusable API middleware examples , Implement three production-ready middleware patterns for APIs ForceJsonResponse: - Ensures all API responses are JSON formatted - Sets Accept: application/json header automatically - Handles non-JSON responses gracefully LogApiRequests: - Logs API requests with timestamp, method, URL, IP, user ID, status - Tracks and logs response time in milliseconds - Adds X-Response-Time header to all responses - Configurable via APP_LOG_API_REQUESTS env variable EnsureEmailVerified: - Protects routes requiring verified emails - Returns 403 with descriptive message for unverified users - Works with MustVerifyEmail contract All middleware registered as aliases in bootstrap/app.php: 'force.json', 'log.api', 'verified' These provide common API patterns that developers can apply to routes as needed. * docs: update README with new API endpoints , Update API endpoints table with email verification and password reset routes - Added 4 new endpoint rows to API documentation - Updated rate limits for protected routes (60/min -> 120/min) - Documented email verification endpoints - Documented password reset endpoints - All new endpoints properly documented with auth requirements" * Update 0001_01_01_000000_create_users_table.php * Fix test suite configuration and update route names to standard Laravel conventions * style: fix code formatting per Laravel Pint standards * refactor: revert password_reset_tokens back to users create_users migration * Update 0001_01_01_000000_create_users_table.php * fix: resolve all code style and type safety issues Pint fixes: - Fixed concat_space issues - Removed unused imports (MustVerifyEmail from EnsureEmailVerified) - Fixed not_operator_with_successor_space formatting Rector fixes: - Applied EncapsedStringsToSprintfRector for better type safety - All code quality improvements applied PHPStan fixes: - Changed all middleware return types from Response to mixed (Laravel standard) - Added Response type guard in LogApiRequests before accessing methods - Removed redundant instanceof MustVerifyEmail check (User always implements it)
This commit is contained in:
49
app/Http/Middleware/LogApiRequests.php
Normal file
49
app/Http/Middleware/LogApiRequests.php
Normal file
@@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
|
||||
final class LogApiRequests
|
||||
{
|
||||
/**
|
||||
* Log API requests for debugging and monitoring.
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): mixed
|
||||
{
|
||||
$startTime = microtime(true);
|
||||
|
||||
$response = $next($request);
|
||||
|
||||
// Ensure we have a Response object
|
||||
if (! $response instanceof Response) {
|
||||
return $response;
|
||||
}
|
||||
|
||||
$duration = round((microtime(true) - $startTime) * 1000, 2);
|
||||
|
||||
// Only log if enabled via config
|
||||
if (config('app.log_api_requests', false)) {
|
||||
Log::info('API Request', [
|
||||
'timestamp' => now()->toIso8601String(),
|
||||
'method' => $request->method(),
|
||||
'url' => $request->fullUrl(),
|
||||
'ip' => $request->ip(),
|
||||
'user_id' => $request->user()?->id,
|
||||
'status' => $response->getStatusCode(),
|
||||
'duration_ms' => $duration,
|
||||
'user_agent' => $request->userAgent(),
|
||||
]);
|
||||
}
|
||||
|
||||
// Add performance header
|
||||
$response->headers->set('X-Response-Time', $duration.'ms');
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user