Download the PHP package aariow/artisan-api without Composer
On this page you can find all versions of the php package aariow/artisan-api. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package artisan-api
Artisan Api
Artisan commands with HTTP
There might be some times you wanted to execute an Artisan command, but you did not have access to shell or SSH. Here we brought REST API solution for you.
You are able to run Artisan commands by REST APIs easily.
'README.md need to be updated'
Table of contents
- Get Started
- Endpoints
- Routes
- Responses
- Successful
- Not Found
- Invalid Arguments format
- Invalid Options format
- Forbidden Routes
- Authentication
- Configurations
- API Prefix and HTTP Method
- Auto Run
- Security
- Middlewares
- Useful tips
- Todo
Get Started
To use this package, you should install it alongside Laravel v9.21 and PHP v8.0 or higher.
you can install it via Composer package manager:
Although, Artisan-Api has production decetor itself, it is possible to install it globally.
Endpoints
As its name explains, all commands are available via HTTP with POST method. All commands will be generated as routes and integrated into Laravel Routing system. You only need to send a POST request and follow the signature, like other REST API endpoints.
There are two kinds of commands; one is normal commands like php artisan list
or php artisan cache:clear
, and the second form is GeneratorCommands
which tend to create files within your application like make:model
and make:migration
. These kind of commands have different purposes, you should follow diffenerent convention.
GeneratorCommand
are instance ofIlluminate\Console\GeneratorCommand
that extendsIlluminate\Console\Command
class.
All commands existed by default or created by you will be discovered automatically and you do not have to do anything manually. Thus, their endpoints will be generated dynamically to your application. So if you delete/add any command class, there is no reason to worry.
Routes
Let's dive into using endpoints:
Routes are generated with the following format:
\ So the above endpoint will be translated to:
\ And for Generator commands the endpoint is:
Pay attention that there is a name
variable. As all Generator commands need an argument called name
, this needs to be specified by what you desire.
\ Command Examples:
will be translated to:
\ and this:
will be translated to:
\ Another one:
will be translated to:
\ A Generator one:
will be translated to:
Options with more than one character will be translated to
--option
.
Responses
After calling an endpoint, you will receive a `` response.
Successful
When everything works perfectly: status : 200 OK
Not found
When inputed command is not found by application: status : 404 Not Found
Invalid Arguments format
When arguments are given by an invalid format: status : 500 Server Error
Invalid Options format:
When options are given by an invalid format: status : 500 Server Error
Forbidden routes
You might want to limit access to some critical commands like db:seed
. Artisan-Api has thought about it and make those commands inaccessible by client.
To specify forbidden commands, you are encouraged to add them within config/artisan.php
file:
Whenever client wants to access these commands by endpoints, it will be given a 404 NOT_FOUND
HTTP response.
Authentication
All enpoints will be generated under the api
middleware of Laravel and prevented by built-in authentication system, mostly with Sanctum
and API tokens.
Configurations
As mentioned before, there is a configuration config/artisan.php
file.
You are free to modify specified values as you desire.
API Prefix and HTTP Method
Here, it is possible to change default API prefix and customize it as necessary. In addition you can access endpoints with any HTTP method as you set.
Auto Run
For some reason and mostly on production mode, you do not want to allow commands to be executed by HTTP request. To prevent this behavior, set that auto-run
to false
:
This prevents not to load package's service-provider (ArtisanApiServiceProvider
) by default.
Security
Artisan-Api has done its best to protect RCE vulnerability and other possible logical bugs.
Artisan-Api uses
Symfony/console
under the hood and all commands execution are filtered and recognized by it. There is no direct call toshell_exec()
orexec()
functions.
IP restriction
You can simply allow as many IP as you want to access to your commands. '*'
means all IPs are trusted.
Middlewares
There are two middlewares in Artisan-Api.
CheckEnvMode
middleware exists to abort requests while in production environment.
AbortForbiddenRoute
middleware exists to throw 404 NOT_FOUND
status code while accessing to forbidden routes.
Useful tips
;)
Todo
- It'd better be done to take
args
andoptions
in query string, to be array.- Like:
?arg[key1]=value1&arg[key2]=value2
(it is a more standard way to deal with query string values)
- Like:
- Implement a way to deal with interactive commands like
tinker
(maybe can be implemented by socket) - Make response more readable for users, (remove "\n", ...)
All versions of artisan-api with dependencies
illuminate/collections Version ^9.21
illuminate/console Version ^9.21
illuminate/routing Version ^9.21
illuminate/support Version ^9.21
illuminate/http Version ^9.21