sirinibin / laravel-5.5-lumen-5.5-with-oauth2 Goto Github PK

PHP 74.86% Vue 0.35% HTML 24.79%

laravel-5.5-lumen-5.5-with-oauth2's Introduction

Laravel 5.5 Lumen 5.5 RESTful API with OAuth2

This is a RESTful API with OAuth2 authentication/security developed using Laravel Lumen 5.5.0. You can use this if you want to quick start developing your own custom RESTful API by skipping 95% of your scratch works. Hopefully this will save lot of your time as this API includes all the basic stuffs you need to get started.

This API also includes a developer dashboard with the API documentation which is developed in Laravel 5.5. This will be useful to manage your developers access to the API documentation.

DEMO

http://developers.nintriva.net/
Login: developer/developer

Official Documentation

Documentation for this RESTful API can be found on the Lumen RESTful API with OAuth2 Documenation.

INSTALLATION

Step1. cd /var/www
git clone -b master https://github.com/sirinibin/laravel-5.5-lumen-5.5-with-OAuth2.git laravel-api

Note:Make sure you have  at least php7.1  or php7.0  or else you may face some issues while installing laravel lumen.

Step2. cd laravel-api
       composer install

Step3.Create a database named "laravel_api" in your mysql or any other database software.

Step4.cp .env.example .env

Step5. vim .env and update the db details

Step6.php artisan key:generate

Step7.php artisan migrate

Step8. cd developers & run composer install then repeat step4,5 & 6.

Step9. Point API end point URL to /var/www/laravel-api/public

      eg: http://laravel-lumen-rest-api.dockerboxes.us

Step10. Point API developers Dashboard URL to /var/www/laravel-api/developers/public

       eg:http://laravel-lumen-rest.dockerboxes.us

Step11. cd /var/www/laravel-api && sudo chmod -R 777 storage

Step12. cd /var/www/laravel-api/developers && sudo chmod -R 777 storage

Step13. vim /var/www/laravel-api/developers/.env

    API_HOST_LOCAL=localhost:8004

    API_HOST_PRODUCTION=laravel-lumen-rest-api.dockerboxes.us

Security Vulnerabilities

If you discover a security vulnerability within this template, please send an e-mail to Sirin k at [email protected]. All security vulnerabilities will be promptly addressed.

License

The Lumen framework is open-sourced software licensed under the MIT license

laravel-5.5-lumen-5.5-with-oauth2's People

Contributors

Stargazers

Watchers

Forkers

nikunjkabariya zaenal gengjunwu travacry chateaufiesta fajarantono ak-alz

laravel-5.5-lumen-5.5-with-oauth2's Issues

php 7.0.3 issue

Problem 1
- Installation request for doctrine/instantiator 1.1.0 -> satisfiable by doctrine/instantiator[1.1.0].
- doctrine/instantiator 1.1.0 requires php ^7.1 -> your PHP version (7.0.23) does not satisfy that requirement.
Problem 2
- doctrine/instantiator 1.1.0 requires php ^7.1 -> your PHP version (7.0.23) does not satisfy that requirement.
- phpunit/phpunit-mock-objects 4.0.4 requires doctrine/instantiator ^1.0.5 -> satisfiable by doctrine/instantiator[1.1.0].
- Installation request for phpunit/phpunit-mock-objects 4.0.4 -> satisfiable by phpunit/phpunit-mock-objects[4.0.4].

[Question] How does password reset work?

Hi,
Lovely API you've set up here.. Just a quick question, how do I reset a user password?

If i use the PUT /users/{id} endpoint, and send all the correct data, when i set the password in the body as differnet to what exists in the database, the hash does not update, and I can still use the old password. Why is the password a requirement in the route to update user info?

Possible security issue

Hi @sirinibin,
I've been poking around your API some more, and I have a suggestion to make. From the other APIs i've worked on, it is standard practice that when a user resets their password, their current access token gets revoked and they have to re-authenticate to obtain a new one... If this does not happen, a user might have their password stolen, and an attacker could have API access, and the user cannot stop them from further harming their account, because a password reset will not revoke the compromised access token.

It would be great, if you could delete the authorize token and access token from the database when a user changes their password...

Also, on another note. How do I change the UserController, so that I can update any field without making all the others null? For example if I wish to only change the username and not email, in the body request, Example: { "username": "[email protected], "password": "1234" }

This JSON PUT will override the email field in the database to null.

Thanks!

Thank you

Step 9

How do I do step 9?

The API works if I use: mywebsite/lumen-api/public/v1/register etc

how do I remove /public/?