Stetzon/laravel-spa-api

Example Laravel API backend configured with Fortify and Sanctum

Purpose

I have created this repo as a baseline working example of a Laravel application set up to be used as a backend API for a single page application. Laravel Sanctum and Fortify have made this process much simpler; however, there are still some common setup and configuration difficulties that I have personally run into, and that I see everywhere on Stack Overflow and Laracasts. Too many hours have been wasted troubleshooting CORS or 419 token mismatch errors, so hopefully this example allows people to get up and running without all the headache.

Changes from default Laravel installation

• Includes Sanctum for session-based API Authentication for your SPA
• Includes Fortify to generate the default Auth Controllers and fucntionality
• Includes Sail to quickly get up and running on any OS
• Strip out included frontend functionality (mix, package.json, blade, js, css, etc)
• Updated session, cors, and sanctum configuration
  • Set default session driver to cookie
  • Set appropriate env variables
  • Add credential support to cors
• Add intial auth routes
• Add initial test user
• Update redirect from RedirectIfAuthenticated middleware - return JSON message
• Add fix for VerifyCsrfToken middleware to work with REST clients. This appears to be because of the base64 encoded value for the XSRF-TOKEN cookie sometimes having rouge characters appended to the end. It seems like when sending requests from the browser the application can handle appropriately, but when sending from a REST client like Insomnia or Postman, this would cause token mismatches or DecryptExceptions. The fix is to read in the value of the token, strip out the extra characters at the end, then continue processing. If anyone has better insight in to how to fix this, please do open an issue or PR! More info here:
  • Changes made
  • https://laracasts.com/discuss/channels/laravel/xsrf-decryptexception-the-payload-is-invalid
  • https://stackoverflow.com/questions/44652194/laravel-decryptexception-the-payload-is-invalid
• Include sample export configuration for an Insomnia Request Collection to quickly be able to test out the provided API endpoints.
• Include sample authentication feature tests

Installation

1. Clone the repo

$ git clone git@github.com:Stetzon/laravel-spa-api.git
$ cd laravel-spa-api

2. Install dependencies

composer install

3. Run the application

$ vendor/bin/sail up

4. Test away

License

MIT license.