A comprehensive Laravel API application with robust authentication, authorization, and business logic for managing users, merchants, articles, stocks, orders, and payments.
- Laravel 12 - Latest version with modern features
- API Authentication - Laravel Sanctum with Bearer tokens
- Application Security - API key and secret validation middleware
- Role-Based Access Control - Comprehensive privilege system
- Google 2FA - Two-factor authentication support
- Swagger Documentation - Complete API documentation with L5-Swagger
- Soft Deletes - All models support soft deletion
- Comprehensive Testing - Unit and feature tests
- Database Relationships - Well-structured relational database design
The application includes the following main entities:
- Users - System users with roles and 2FA support
- Roles & Privileges - Fine-grained permission system
- Merchants - Business entities with hierarchical structure
- Articles - Products/items managed by merchants
- Stocks - Inventory management with history tracking
- Orders - Order management with multiple statuses
- Carts - Shopping cart functionality
- Payments - Payment processing with partner integration
-
Clone the repository
git clone <repository-url> cd NOYA_WEB
-
Install dependencies
composer install
-
Environment setup
cp .env.example .env php artisan key:generate
-
Configure environment variables
# Database DB_CONNECTION=sqlite # Or use MySQL/PostgreSQL # Sanctum Configuration SANCTUM_STATEFUL_DOMAINS=localhost,127.0.0.1 SANCTUM_GUARD=web
-
Run migrations and seeders
php artisan migrate php artisan db:seed --class=RolesAndPrivilegesSeeder
-
Generate Swagger documentation
php artisan l5-swagger:generate
-
Start the development server
php artisan serve
Access the interactive API documentation at: http://localhost:8000/api/documentation
Protected endpoints require a Bearer token:
Authorization: Bearer {token}
- Email: admin@noyaweb.com
- Password: password123
POST /api/v1/auth/login- User loginPOST /api/v1/auth/register- User registrationPOST /api/v1/auth/logout- User logoutGET /api/v1/auth/profile- Get user profilePUT /api/v1/auth/profile- Update user profile
POST /api/v1/auth/setup-2fa- Generate 2FA QR codePOST /api/v1/auth/confirm-2fa- Confirm 2FA setupPOST /api/v1/auth/verify-2fa- Verify 2FA during login
GET /api/v1/users- List usersPOST /api/v1/users- Create userGET /api/v1/users/{id}- Get userPUT /api/v1/users/{id}- Update userDELETE /api/v1/users/{id}- Delete user
GET /api/v1/roles- List rolesPOST /api/v1/roles- Create roleGET /api/v1/roles/{id}- Get rolePUT /api/v1/roles/{id}- Update roleDELETE /api/v1/roles/{id}- Delete rolePOST /api/v1/roles/{id}/privileges- Attach privilegesDELETE /api/v1/roles/{id}/privileges- Detach privileges
GET /api/v1/privileges- List privilegesPOST /api/v1/privileges- Create privilegeGET /api/v1/privileges/{id}- Get privilegePUT /api/v1/privileges/{id}- Update privilegeDELETE /api/v1/privileges/{id}- Delete privilege
The application uses a comprehensive privilege-based authorization system:
users.view- View usersusers.create- Create usersusers.update- Update usersusers.delete- Delete usersusers.manage_roles- Manage user rolesusers.change_status- Change user status
roles.view- View rolesroles.create- Create rolesroles.update- Update rolesroles.delete- Delete rolesroles.manage_privileges- Manage role privileges
merchants.view- View merchantsmerchants.create- Create merchantsmerchants.update- Update merchantsmerchants.delete- Delete merchantsmerchants.manage_users- Manage merchant usersmerchants.change_status- Change merchant status
Run the test suite:
php artisan testRun specific test classes:
php artisan test --filter=AuthTest
php artisan test --filter=UserTest- BaseController - Uniform API response formatting
- API/V1 Controllers - Versioned API controllers with Swagger annotations
- Middleware - API credentials validation and privilege checking
- Eloquent Models - With relationships and business logic
- Soft Deletes - All models support soft deletion
- Scopes - Query scopes for common filters
- API Resources - Consistent data transformation
- Resource Collections - Paginated responses
- Model Policies - Authorization logic based on privileges
- Middleware - Automatic privilege checking
- API Key Authentication - Application-level security
- Bearer Token Authentication - User-level security with Sanctum
- Role-Based Access Control - Fine-grained permissions
- Google 2FA - Two-factor authentication
- Input Validation - Comprehensive request validation
- SQL Injection Protection - Eloquent ORM protection
- CORS Protection - Cross-origin request security
- Soft Deletes - All tables support soft deletion
- UnsignedBigInteger - Proper foreign key types
- Indexes - Optimized query performance
- Constraints - Data integrity enforcement
- Enums - Predefined value sets for status fields
- Users ↔ Roles - Many-to-one relationship
- Roles ↔ Privileges - Many-to-many relationship
- Users ↔ Merchants - Many-to-many relationship
- Merchants - Self-referencing hierarchy
- Articles ↔ Merchants - Many-to-one relationship
- Stocks - Composite relationships with history tracking
- Orders ↔ Carts - One-to-many relationship
- Orders ↔ Payments - One-to-many relationship
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
This project is proprietary software. All rights reserved.
For support and questions, please contact the development team.