- Add both packages to composer.json suggest section
- Document usage, installation and attention points in README
- Add to Features list and Credits section
* feat: add email verification endpoints and tests
Add comprehensive CI/CD pipeline using GitHub Actions
- Run Pest tests on PHP 8.3 and 8.4 with MySQL 8.0
- Automated code style checks with Pint
- Static analysis with Larastan/PHPStan
- Parallel job execution for faster builds
- Composer dependency caching
- MySQL service container with health checks
* feat: implement password reset flow with secure tokens , add forgot password and reset password functionality
- Created password_reset_tokens table migration
- Added POST /api/v1/forgot-password endpoint
- Added POST /api/v1/reset-password endpoint
- Both endpoints rate-limited to 6 requests per minute
- Integrated with Laravel's Password facade for secure token management
- Revokes all user tokens upon successful password reset
- Created ForgotPasswordRequest and ResetPasswordRequest with validation
- Added comprehensive test suite (6 test cases)
Password reset uses signed, time-limited tokens stored in the database.
All user sessions are invalidated after successful reset for security.
* feat: add reusable API middleware examples , Implement three production-ready middleware patterns for APIs
ForceJsonResponse:
- Ensures all API responses are JSON formatted
- Sets Accept: application/json header automatically
- Handles non-JSON responses gracefully
LogApiRequests:
- Logs API requests with timestamp, method, URL, IP, user ID, status
- Tracks and logs response time in milliseconds
- Adds X-Response-Time header to all responses
- Configurable via APP_LOG_API_REQUESTS env variable
EnsureEmailVerified:
- Protects routes requiring verified emails
- Returns 403 with descriptive message for unverified users
- Works with MustVerifyEmail contract
All middleware registered as aliases in bootstrap/app.php:
'force.json', 'log.api', 'verified'
These provide common API patterns that developers can apply to routes as needed.
* docs: update README with new API endpoints , Update API endpoints table with email verification and password reset routes
- Added 4 new endpoint rows to API documentation
- Updated rate limits for protected routes (60/min -> 120/min)
- Documented email verification endpoints
- Documented password reset endpoints
- All new endpoints properly documented with auth requirements"
* Update 0001_01_01_000000_create_users_table.php
* Fix test suite configuration and update route names to standard Laravel conventions
* style: fix code formatting per Laravel Pint standards
* refactor: revert password_reset_tokens back to users create_users migration
* Update 0001_01_01_000000_create_users_table.php
* fix: resolve all code style and type safety issues
Pint fixes:
- Fixed concat_space issues
- Removed unused imports (MustVerifyEmail from EnsureEmailVerified)
- Fixed not_operator_with_successor_space formatting
Rector fixes:
- Applied EncapsedStringsToSprintfRector for better type safety
- All code quality improvements applied
PHPStan fixes:
- Changed all middleware return types from Response to mixed (Laravel standard)
- Added Response type guard in LogApiRequests before accessing methods
- Removed redundant instanceof MustVerifyEmail check (User always implements it)
- Update composer.json to require grazulex/laravel-apiroute ^2.0
- Add versions config to config/apiroute.php
- Create routes/api/v1.php with version 1 routes
- Update routes/api.php to remove imperative version declarations
- Update README.md with new v2.x documentation
BREAKING CHANGE: API versions are now declared in config/apiroute.php
instead of routes/api.php
- Update composer.json to require PHP ^8.3 (required by grazulex/laravel-apiroute ^1.2)
- Add rate limiting to routes using laravel-apiroute's rateLimit() and Laravel's throttle middleware
- Public routes (login/register): throttle:auth (5/min for brute force protection)
- Protected routes: throttle:authenticated (120/min)
- Global version rate limit: 60 req/min via ->rateLimit(60)
- Remove unused import in routes/web.php (fixes Pint style issue)
- Update composer.lock with synchronized dependencies
This commit resolves the version mismatch for 'grazulex/laravel-apiroute' by regenerating the lock file. Additionally, it upgrades 'pestphp/pest' and 'pestphp/pest-plugin-laravel' to v4 to ensure compatibility with Laravel 12 and PHPUnit 12, fixing dependency conflicts.
The lock file was out of sync with composer.json, causing installation failures. Upgrading to Pest v4 is necessary as Pest v3 conflicts with PHPUnit 12, which is required by Laravel 12.
- Laravel 12 with Sanctum authentication
- API versioning with grazulex/laravel-apiroute
- spatie/laravel-query-builder for filtering/sorting
- spatie/laravel-data for DTOs
- dedoc/scramble for auto API documentation
- Pest PHP testing framework
- Docker development environment
- Standardized JSON API responses
- Rate limiting and CORS configuration
- Comprehensive README documentation