Merge pull request #5 from Grazulex/fix/php-requirement-rate-limiting

fix: align PHP requirement and implement rate limiting
Merge branch 'main' into fix/php-requirement-rate-limiting
2025-12-30 15:35:29 +01:00 · 2025-12-30 15:35:22 +01:00 · 2025-12-30 15:34:33 +01:00 · 2025-12-30 15:33:20 +01:00 · 2025-12-30 11:05:45 +01:00 · 2025-12-28 19:16:16 +01:00
5 changed files with 494 additions and 526 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@

 All notable changes to this project will be documented in this file.

+## [1.1.0](https://github.com/Grazulex/laravel-api-kit/releases/tag/v1.1.0) (2025-12-25)
+
+### Chores
+
+- **deps:** update laravel-apiroute to ^1.0 ([02c55f7](https://github.com/Grazulex/laravel-api-kit/commit/02c55f765f103852258398d7d0d0790146a33f10))
 ## [1.0.0](https://github.com/Grazulex/laravel-api-kit/releases/tag/v1.0.0) (2025-12-25)

 ### Features
--- a/composer.json
+++ b/composer.json
@@ -6,9 +6,9 @@
    "keywords": ["laravel", "api", "rest", "starter-kit", "sanctum"],
    "license": "MIT",
    "require": {
-        "php": "^8.2",
+        "php": "^8.3",
        "dedoc/scramble": "^0.12",
-        "grazulex/laravel-apiroute": "^0.0",
+        "grazulex/laravel-apiroute": "^1.2",
        "laravel/framework": "^12.0",
        "laravel/sanctum": "^4.0",
        "laravel/tinker": "^2.10.1",
@@ -21,8 +21,8 @@
        "laravel/pint": "^1.24",
        "mockery/mockery": "^1.6",
        "nunomaduro/collision": "^8.6",
-        "pestphp/pest": "^3.0",
-        "pestphp/pest-plugin-laravel": "^3.0"
+        "pestphp/pest": "^4.0",
+        "pestphp/pest-plugin-laravel": "^4.0"
    },
    "autoload": {
        "psr-4": {
--- a/composer.lock
+++ b/composer.lock
--- a/routes/api.php
+++ b/routes/api.php
@@ -17,13 +17,17 @@ use Illuminate\Support\Facades\Route;

 // Version 1 - Current stable version
 ApiRoute::version('v1', function () {
-    // Public routes
-    Route::post('register', [AuthController::class, 'register'])->name('api.v1.register');
-    Route::post('login', [AuthController::class, 'login'])->name('api.v1.login');
+    // Public routes with auth rate limiter (5/min - brute force protection)
+    Route::middleware('throttle:auth')->group(function () {
+        Route::post('register', [AuthController::class, 'register'])->name('api.v1.register');
+        Route::post('login', [AuthController::class, 'login'])->name('api.v1.login');
+    });

-    // Protected routes
-    Route::middleware('auth:sanctum')->group(function () {
+    // Protected routes with authenticated rate limiter (120/min)
+    Route::middleware(['auth:sanctum', 'throttle:authenticated'])->group(function () {
        Route::post('logout', [AuthController::class, 'logout'])->name('api.v1.logout');
        Route::get('me', [AuthController::class, 'me'])->name('api.v1.me');
    });
-})->current();
+})
+    ->current()
+    ->rateLimit(60); // Global rate limit: 60 requests/minute for v1
--- a/routes/web.php
+++ b/routes/web.php
@@ -1,6 +1,4 @@
 <?php

-use Illuminate\Support\Facades\Route;
-
 // Web routes disabled - API only application
 // Scramble documentation available at /docs/api
Author	SHA1	Message	Date
Jean-Marc Strauven	9f0d41d827	Merge pull request #5 from Grazulex/fix/php-requirement-rate-limiting fix: align PHP requirement and implement rate limiting	2025-12-30 15:35:29 +01:00
Jean-Marc Strauven	562448f576	Merge branch 'main' into fix/php-requirement-rate-limiting	2025-12-30 15:35:22 +01:00
Jean-Marc Strauven	cb911a3c04	Merge pull request #4 from Trpsky/feature Fix : laravel-apiroute version mismatch and upgrade Pest to v4 for Laravel 12 compatibility	2025-12-30 15:34:33 +01:00
Jean-Marc Strauven	06ee9a5016	fix: align PHP requirement and implement rate limiting - Update composer.json to require PHP ^8.3 (required by grazulex/laravel-apiroute ^1.2) - Add rate limiting to routes using laravel-apiroute's rateLimit() and Laravel's throttle middleware - Public routes (login/register): throttle:auth (5/min for brute force protection) - Protected routes: throttle:authenticated (120/min) - Global version rate limit: 60 req/min via ->rateLimit(60) - Remove unused import in routes/web.php (fixes Pint style issue) - Update composer.lock with synchronized dependencies	2025-12-30 15:33:20 +01:00
ELMEHDI ACHAHED	0113b0112b	Fix : dependency mismatch and upgrade Pest for Laravel 12 support This commit resolves the version mismatch for 'grazulex/laravel-apiroute' by regenerating the lock file. Additionally, it upgrades 'pestphp/pest' and 'pestphp/pest-plugin-laravel' to v4 to ensure compatibility with Laravel 12 and PHPUnit 12, fixing dependency conflicts. The lock file was out of sync with composer.json, causing installation failures. Upgrading to Pest v4 is necessary as Pest v3 conflicts with PHPUnit 12, which is required by Laravel 12.	2025-12-30 11:05:45 +01:00
Jean-Marc Strauven	ae8d4bd432	Merge pull request #1 from Grazulex/chore/update-laravel-apiroute-1.2.0 chore(deps): update laravel-apiroute to ^1.2	2025-12-28 19:16:16 +01:00
Jean-Marc Strauven	c9fbf64472	chore(deps): update laravel-apiroute to ^1.2	2025-12-28 19:15:17 +01:00
Jean-Marc Strauven	d93b82b1eb	chore(release): 1.1.0	2025-12-25 07:33:38 +01:00
Jean-Marc Strauven	02c55f765f	chore(deps): update laravel-apiroute to ^1.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-25 07:33:08 +01:00