Outils pour utilisateurs

Outils du site


informatique:php:laravel

Laravel

Laravel The PHP Framework For Web Artisans.

Voir aussi Lumen une version micro-framework de Laravel 5.

Documentation

Handbooks & Cheats sheets

Tutoriels/Tutorials

Tutoriels:

Exemples:

  • bestmomo/laravel5-3-example with: Home page ; Custom error pages 403, 404 and 503 ; Authentication (registration, login, logout, password reset, mail confirmation, throttle) ; Users roles : administrator (all access), redactor (create and edit post, upload and use medias in personnal directory), and user (create comment in blog) ; Blog with comments ; Search in posts ; Tags on posts ; Contact us page ; Admin dashboard with messages, users, posts, roles and comments ; Users admin (roles filter, show, edit, delete, create, blog report) ; Posts admin (list with dynamic order, show, edit, delete, create) ; Multi users medias gestion ; Localization ; Application tests ; Use of new notifications to send emails and notify redactors for new comments

Tutorials:

Fait avec ou pour Laravel

Packages:

  • Packalyst is a directory of Packages for your Laravel projects

Starters:

CMS on top of Laravel

Validation

Voir aussi model validation

CSRF, XSS, SQL ...

Excluding Routes from the CSRF Middleware in Laravel 5.1

Dans la documentation: routing csrf-excluding-uris

It's now super easy to exclude specific routes from your CSRF middleware:
source: https://mattstauffer.co/blog/excluding-routes-from-the-csrf-middleware-in-laravel-5.1

Plus d'information : Excluding Routes from the CSRF Middleware

// app/Http/Middleware/VerifyCsrfToken
protected $except = [
 'webhook/*'
];

Data, ORM, Eloquent

Model validation

On client side (javascript)

Utiliser côté client les règles de validation et messages d'erreurs définis pour les Models.

Autres

ModelForm, Laravel implementation of Django Forms, is a PHP Form Abstraction for Laravel based on Django Forms and Formset.

versions des données

Gérer les versions des données

Divers

Nested tree

Gestion d'arborescence (Nested tree structure, Nested category) :

import/export & bulk

Doctrine

Doctrine avec Laravel: http://www.laraveldoctrine.org - Problème: à cause de la forte dépendance de Laravel avec Eloquent, les packages externes continueront d'utiliser Eloquent.

Authentification

Multi-Auth

Laravel 5.2, you may define additional authentication drivers as well define multiple authenticatable models or user tables, and control their authentication process separately from each other. For example, if your application has one database table for “admin” users and one database table for “student” users, you may now use the Auth methods to authenticate against each of these tables separately.

Authentication Scaffolding

Laravel 5.2: This command will generate plain, Bootstrap compatible views for user login, registration, and password reset. The command will also update your routes file with the appropriate routes.

Note: This feature is only meant to be used on new applications, not during application upgrades.

php artisan make:auth

OAuth

Passing parameters to Middleware

source: https://mattstauffer.co/blog/passing-parameters-to-middleware-in-laravel-5.1

Using parameterized middleware in the route defintion. When you're adding middleware to a route definition, you'd normally set it like this:

Route::get('company', ['middleware' => 'auth', function () {
    return view('company.admin');
}]);

So, let's add in our parameter to show that the user must have the owner role:

Route::get('company', ['middleware' => 'auth:owner', function () {
    return view('company.admin');
}]);

Note that you can also pass multiple parameters as a comma-separated list:

Route::get('company', ['middleware' => 'auth:owner,view', function () {
    return view('company.admin');
}]);

How to disable remember me token ?

Simply overload some methods:

class User extends BaseModel implements UserInterface, RemindableInterface
{
  ...
  public function getRememberToken(){
    return null; // not supported
  }
 
  public function setRememberToken($value){
    // not supported
  }
 
  public function getRememberTokenName(){
    return null; // not supported
  }
 
  /**
   * Overrides the method to ignore the remember token.
   */
  public function setAttribute($key, $value)
  {
    $isRememberTokenAttribute = $key == $this->getRememberTokenName();
    if (!$isRememberTokenAttribute)
    {
      parent::setAttribute($key, $value);
    }
  }
  ...

Sentinel

https://cartalyst.com/manual/sentinel

A modern and framework agnostic authorization and authentication package featuring:

  • roles, permissions,
  • custom hashing algorithms and additional security features.

The package follows the FIG standard PSR-4 (Autoloader) to ensure a high level of interoperability between shared PHP code.

The package requires PHP 5.4+ and comes bundled with a Laravel 5 Facade and a Service Provider to simplify the optional framework integration.

Route

Implicit Model Binding

Laravel 5.2: Implicit Model Binding

use AppUser; 
Route::get('/user/{user}', function (User $user) {
    return $user;
});

REST API

Simple but usefull RestControllerTrait

Dingo https://github.com/dingo/api/

  • A RESTful API package for the Laravel and Lumen frameworks.

JWT-auth provides a simple means of authentication within Laravel using JSON Web Tokens

Views

Components

Laravel Collective

  • StydeNet is an extension to the Laravel Collective HTML package.
    • Menus, Alert messages, Form fields, Collection of radios and checkboxes

Component Pull

La documentation View Composers présente l'insertion automatique de données dans des vues que je vois comme du “Component Push”. Ça manque d'exemple, notamment le paradigm du “Component Pull” : Exprimer l'insertion d'un composant depuis une vue.

Appeler le “composant” depuis une vue Blade:

 @inject('navstage', 'NavStage')
 {{ echo $navstage->render() }}.

L'appel @inject() demande au “Service Container” de trouver l'instance d'un objet référencé sous le nom NavStage. Il faut donc que cet objet ai été créer et référencé:

 // dans App/Providers/AppServiceProvider.php
 public function boot()
 {
  $this->app->singleton('NavStage', function ($app) {
   return new \App\Services\NavStage();
  });
 }

Il faut bien sûr qu'existe la classe \App\Services\NavStage avec une méthode render() (cf. la vue Blade).

Nota bene: l'appel {{ $navstage→render() }} n'imprime pas le résultat de l'appel à render(), il faut donc faire un echo dans la méthode.

Nota bene Dans le cas d'un composant qui n'est pas utilisé dans toutes les requêtes, on va préférer le charger que si besoin : Deferred Providers (aka lazy loading)

Twig template engine with Laravel

Wysiwyg editor

CKeditor laravel package:

Laravel file manager (for CKEditor and TinyMCE) with multi-users support

VUE.js

voir Vue.js

Since many JavaScript frameworks also use “curly” braces to indicate a given expression should be displayed in the browser, you may use the @ symbol to inform the Blade … Blade & JavaScript Frameworks

Divers

  • Menu: The spatie/menu package provides a fluent interface to build menus of any size in your php application. If you're building your app with Laravel, the spatie/laravel-menu provides some extra treats.

Localization

Messages de validation en 52 langues pour Laravel4/5: https://github.com/caouecs/Laravel-lang

Manage translation in database:

  • hpolthof/laravel-translations-db a Laravel translations from Database;
    • store translations in the database and default load from files, cache translation, comes with a crud-interface and can perform translations via Google Translate.
  • waavi/translation translation management for Laravel with files, database and cache.
  • spatie/laravel-translation-loader offers a driver based way to store and retrieve translations and ships with a default driver that stores translations in the db.

Manage translation files:

  • barryvdh/laravel-translation-manager is a package to manage Laravel translation files. It does not replace the Translation system, only import/export the php files to a database and make them editable through a webinterface.

Translation in Eloquent ORM

Tests & Testing

Others

Security

Throttle

Le middleware Illuminate\Routing\Middleware\ThrottleRequests retourne un code HTTP 429 quand le nombre de requêtes dans un nombre de minutes est dépassé. Il utilise le cache Illuminate\Cache\RateLimiter. Pour identifier le client il utilise la méthode fingerprint() de Illuminate\Http\Request.
Malheureusement cette méthode fingerprint() n'utilise que l'IP comme données du client.
Bien qu'il soit impossible de calculer une empreinte sure, j'ai demandé l'ajout du remote port #12872.

Ce bug n'est-il pas réapparu ? Un test unitaire existe-t-il ?

Laravel cookie forgery, decryption, and RCE MWR, 11 April 2014

Infrastructure & serveur

To make default prefixed route working, like /admin or /foo, while a folder with the same name exists, like public/admin or public/foo, should remove the $uri/ from nginx rewriting:

replace
 location / {
  try_files $uri $uri/ /index.php?$query_string ;
 }
by
 location / {
  try_files $uri /index.php?$query_string ;
 }

Wordpress and Laravel

Charts & graphs

  • Charts is a multi-library chart package to create interactive charts using laravel (chartjs, highcharts, material, morris …).

Admin panel

Not free:

Tools

Laravel Debugbar

Laravel 5 IDE Helper Generator generates correct PHPDocs for all Facade classes, to improve auto-completion.

informatique/php/laravel.txt · Dernière modification: 10/06/2017 08:49 par cyrille