Laravel REST API 架构指南：构建简洁、无状态、资源作用域的API

laravel-api by juststeveking/laravel-api-skill

78 周安装量

17 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/juststeveking/laravel-api-skill --skill laravel-api

PHP 框架 Laravel API

🇨🇳中文介绍

Laravel API - Steve 的架构

使用简洁、无状态、资源作用域的架构构建 Laravel REST API。

快速开始

当用户请求一个 Laravel API 时，请遵循以下工作流程：

理解需求 - 需要哪些资源？进行什么操作？需要认证吗？
初始化项目结构 - 设置路由，移除前端冗余代码
构建第一个资源 - 完成完整的 CRUD 以建立模式
添加认证 - 通过 PHP Open Source Saver 使用 JWT
迭代剩余资源 - 遵循已建立的模式

核心架构原则

阅读 references/architecture.md 获取完整细节。关键原则：

设计为无状态 - 无隐藏依赖，数据流明确
边界优先 - HTTP、业务逻辑、数据层清晰分离
资源作用域 - 路由、控制器按资源组织
版本规范 - 基于命名空间的版本控制，使用 HTTP Sunset 头

代码质量标准

所有代码必须遵循 Laravel 最佳实践和 PSR-12 标准：

保持功能不变 - 重构改变代码的实现方式，而非其功能
显式优于隐式 - 倾向于清晰、可读的代码，而非巧妙的捷径
类型声明 - 方法始终使用返回类型，参数类型在有益处时使用
- 为清晰起见，使用 match 表达式、switch 或 if/else

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

构建新的资源端点

始终使用 ULID。保持模型简单 - 仅用于数据访问。

<?php

declare(strict_types=1);

namespace App\Models;

use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;

final class Task extends Model
{
    use HasFactory;
    use HasUlids;
    
    protected $fillable = [
        'title',
        'description',
        'status',
        'project_id',
    ];

    protected $casts = [
        'created_at' => 'datetime',
        'updated_at' => 'datetime',
    ];

    public function project(): BelongsTo
    {
        return $this->belongsTo(Project::class);
    }
}

在 routes/api/{resource}.php 创建资源路由文件：

use App\Http\Controllers\Tasks\V1;

Route::middleware(['auth:api'])->group(function () {
    Route::get('/tasks', V1\IndexController::class);
    Route::post('/tasks', V1\StoreController::class);
    Route::get('/tasks/{task}', V1\ShowController::class);
    Route::patch('/tasks/{task}', V1\UpdateController::class);
    Route::delete('/tasks/{task}', V1\DestroyController::class);
});

在 routes/api/routes.php 中包含：

Route::prefix('v1')->group(function () {
    require __DIR__ . '/tasks.php';
});

步骤 3：DTO (Payload)

在 app/Http/Payloads/{Resource}/{Operation}Payload.php 创建：

<?php

declare(strict_types=1);

namespace App\Http\Payloads\Tasks;

final readonly class StoreTaskPayload
{
    public function __construct(
        public string $title,
        public ?string $description,
        public string $status,
        public string $projectId,
    ) {}

    public function toArray(): array
    {
        return [
            'title' => $this->title,
            'description' => $this->description,
            'status' => $this->status,
            'project_id' => $this->projectId,
        ];
    }
}

步骤 4：表单请求

在 app/Http/Requests/{Resource}/V1/{Operation}Request.php 创建：

<?php

declare(strict_types=1);

namespace App\Http\Requests\Tasks\V1;

use App\Http\Payloads\Tasks\StoreTaskPayload;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;

final class StoreTaskRequest extends FormRequest
{
    public function authorize(): bool
    {
        return true;
    }

    public function rules(): array
    {
        return [
            'title' => ['required', 'string', 'max:255'],
            'description' => ['nullable', 'string', 'max:1000'],
            'status' => ['required', Rule::in(['pending', 'in_progress', 'completed'])],
            'project_id' => ['required', 'string', 'exists:projects,id'],
        ];
    }

    public function payload(): StoreTaskPayload
    {
        return new StoreTaskPayload(
            title: $this->string('title')->toString(),
            description: $this->string('description')->toString(),
            status: $this->string('status')->toString(),
            projectId: $this->string('project_id')->toString(),
        );
    }
}

在 app/Actions/{Resource}/{Operation}.php 创建：

<?php

declare(strict_types=1);

namespace App\Actions\Tasks;

use App\Http\Payloads\Tasks\StoreTaskPayload;
use App\Models\Task;

final readonly class CreateTask
{
    public function handle(StoreTaskPayload $payload): Task
    {
        return Task::create($payload->toArray());
    }
}

步骤 6：控制器

在 app/Http/Controllers/{Resource}/V1/{Operation}Controller.php 创建可调用控制器：

<?php

declare(strict_types=1);

namespace App\Http\Controllers\Tasks\V1;

use App\Actions\Tasks\CreateTask;
use App\Http\Requests\Tasks\V1\StoreTaskRequest;
use App\Http\Responses\JsonDataResponse;
use Illuminate\Http\JsonResponse;

final readonly class StoreController
{
    public function __construct(
        private CreateTask $createTask,
    ) {}

    public function __invoke(StoreTaskRequest $request): JsonResponse
    {
        $task = $this->createTask->handle(
            payload: $request->payload(),
        );

        return new JsonDataResponse(
            data: $task,
            status: 201,
        );
    }
}

所有响应的标准格式：

{
    "data": {...},
    "meta": {...}
}

错误 (Problem+JSON)：

{
    "type": "about:blank",
    "title": "Validation Failed",
    "status": 422,
    "detail": "The given data was invalid",
    "errors": {...}
}

使用 Spatie Query Builder 进行过滤、排序、包含关联：

use Spatie\QueryBuilder\QueryBuilder;

$tasks = QueryBuilder::for(Task::class)
    ->allowedFilters(['status', 'priority'])
    ->allowedSorts(['created_at', 'due_date'])
    ->allowedIncludes(['project', 'assignee'])
    ->paginate();

创建 V2 命名空间：App\Http\Controllers\Tasks\V2\
在资源路由文件中添加 V2 路由组
为 V1 路由添加 Sunset 中间件：

Route::middleware(['auth:api', 'http.sunset:2025-12-31'])->group(function () {
    // V1 路由
});

使用 PHP Open Source Saver JWT 包：

composer require php-open-source-saver/jwt-auth
php artisan vendor:publish --provider="PHPOpenSourceSaver\JWTAuth\Providers\LaravelServiceProvider"
php artisan jwt:secret

在 config/auth.php 中配置：

'guards' => [
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],

添加到 app/Providers/AppServiceProvider.php：

use Illuminate\Database\Eloquent\Model;

public function boot(): void
{
    Model::shouldBeStrict(); // 防止 N+1 查询
}

在 app/Http/Kernel.php 中注册 HttpSunset 中间件：

protected $middlewareAliases = [
    'http.sunset' => \App\Http\Middleware\HttpSunset::class,
];

需要避免的反模式

使用自增 ID 而非 ULID
在模型中编写业务逻辑
每个控制器处理多个操作
在控制器/actions 中直接访问请求数据
隐藏的查询作用域
在 Action 足够时使用 Service 类
没有版本控制的破坏性变更
不一致的响应格式
嵌套三元运算符（改用 match 表达式）
方法和参数缺少类型声明
过度紧凑的“巧妙”代码，牺牲了可读性

代码审查与重构

在审查或重构 Laravel API 代码时，应用以下原则：

保持功能不变 - 确保重构不会改变行为
检查类型安全 - 添加缺失的返回类型和参数类型
简化逻辑 - 用 match 表达式替换嵌套三元运算符
提取复杂性 - 将复杂条件移动到命名方法中
验证标准 - 确保符合 PSR-12 标准，使用 declare(strict_types=1)
改进命名 - 使用能揭示意图的描述性名称

Match 表达式模式

用 match 替换嵌套三元运算符以提高清晰度：

// ❌ 避免：嵌套三元运算符
$status = $task->completed_at 
    ? ($task->verified ? 'verified' : 'completed')
    : ($task->started_at ? 'in_progress' : 'pending');

// ✅ 推荐：Match 表达式
$status = match (true) {
    $task->completed_at && $task->verified => 'verified',
    $task->completed_at => 'completed',
    $task->started_at => 'in_progress',
    default => 'pending',
};

architecture.md - 全面的架构模式和原则
code-examples.md - 每个组件的完整工作示例
code-quality.md - Laravel 最佳实践、重构模式和 PSR-12 标准

assets/templates/ 中的模板文件，用于快速搭建：

Controller.php
FormRequest.php
Payload.php
Action.php
Model.php

🇺🇸English

Laravel API - Steve's Architecture

Build Laravel REST APIs with clean, stateless, resource-scoped architecture.

Quick Start

When user requests a Laravel API, follow this workflow:

Understand requirements - What resources? What operations? Authentication needed?
Initialize project structure - Set up routing, remove frontend bloat
Build first resource - Complete CRUD to establish pattern
Add authentication - JWT via PHP Open Source Saver
Iterate on remaining resources - Follow established pattern

Core Architecture Principles

Read references/architecture.md for comprehensive details. Key principles:

Stateless by design - No hidden dependencies, explicit data flow
Boundary-first - Clear separation of HTTP, business logic, data layers
Resource-scoped - Routes, controllers organized by resource
Version discipline - Namespace-based versioning, HTTP Sunset headers

Code Quality Standards

All code must follow Laravel best practices and PSR-12 standards:

Preserve Functionality - Refactorings change HOW code works, never WHAT it does
Explicit Over Implicit - Prefer clear, readable code over clever shortcuts
Type Declarations - Always use return types on methods, parameter types where beneficial
Avoid Nested Ternaries - Use match expressions, switch, or if/else for clarity
Consistent Naming - Follow PSR-12 and Laravel conventions strictly
Proper Namespacing - Organize imports logically, use full type hints

When reviewing or refactoring code:

Focus on clarity and maintainability over cleverness
Simplify complex nested logic into readable structures
Extract magic values into named constants or config
Remove unnecessary complexity while preserving exact behavior

Project Structure

routes/api/
  routes.php              # Main entry point, version grouping
  tasks.php               # All task routes, all versions
  projects.php            # All project routes, all versions

app/Http/
  Controllers/{Resource}/V1/
    StoreController.php   # Always invokable
    IndexController.php
    ShowController.php
  Requests/{Resource}/V1/
    StoreTaskRequest.php  # Validation + payload() method
  Payloads/{Resource}/
    StoreTaskPayload.php  # Simple DTOs with toArray()
  Responses/
    JsonDataResponse.php  # Implements Responsable
    JsonErrorResponse.php
  Middleware/
    HttpSunset.php

app/Actions/{Resource}/
  CreateTask.php          # Single-purpose business logic

app/Services/             # Only when logic too complex for Actions

app/Models/
  Task.php                # HasUlids trait, simple data access

Building a New Resource Endpoint

Step 1: Model

Always use ULIDs. Keep models simple - data access only.

<?php

declare(strict_types=1);

namespace App\Models;

use Illuminate\Database\Eloquent\Concerns\HasUlids;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;

final class Task extends Model
{
    use HasFactory;
    use HasUlids;
    
    protected $fillable = [
        'title',
        'description',
        'status',
        'project_id',
    ];

    protected $casts = [
        'created_at' => 'datetime',
        'updated_at' => 'datetime',
    ];

    public function project(): BelongsTo
    {
        return $this->belongsTo(Project::class);
    }
}

Step 2: Routes

Create resource route file at routes/api/{resource}.php:

use App\Http\Controllers\Tasks\V1;

Route::middleware(['auth:api'])->group(function () {
    Route::get('/tasks', V1\IndexController::class);
    Route::post('/tasks', V1\StoreController::class);
    Route::get('/tasks/{task}', V1\ShowController::class);
    Route::patch('/tasks/{task}', V1\UpdateController::class);
    Route::delete('/tasks/{task}', V1\DestroyController::class);
});

Include in routes/api/routes.php:

Route::prefix('v1')->group(function () {
    require __DIR__ . '/tasks.php';
});

Step 3: DTO (Payload)

Create at app/Http/Payloads/{Resource}/{Operation}Payload.php:

<?php

declare(strict_types=1);

namespace App\Http\Payloads\Tasks;

final readonly class StoreTaskPayload
{
    public function __construct(
        public string $title,
        public ?string $description,
        public string $status,
        public string $projectId,
    ) {}

    public function toArray(): array
    {
        return [
            'title' => $this->title,
            'description' => $this->description,
            'status' => $this->status,
            'project_id' => $this->projectId,
        ];
    }
}

Step 4: Form Request

Create at app/Http/Requests/{Resource}/V1/{Operation}Request.php:

<?php

declare(strict_types=1);

namespace App\Http\Requests\Tasks\V1;

use App\Http\Payloads\Tasks\StoreTaskPayload;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;

final class StoreTaskRequest extends FormRequest
{
    public function authorize(): bool
    {
        return true;
    }

    public function rules(): array
    {
        return [
            'title' => ['required', 'string', 'max:255'],
            'description' => ['nullable', 'string', 'max:1000'],
            'status' => ['required', Rule::in(['pending', 'in_progress', 'completed'])],
            'project_id' => ['required', 'string', 'exists:projects,id'],
        ];
    }

    public function payload(): StoreTaskPayload
    {
        return new StoreTaskPayload(
            title: $this->string('title')->toString(),
            description: $this->string('description')->toString(),
            status: $this->string('status')->toString(),
            projectId: $this->string('project_id')->toString(),
        );
    }
}

Step 5: Action

Create at app/Actions/{Resource}/{Operation}.php:

<?php

declare(strict_types=1);

namespace App\Actions\Tasks;

use App\Http\Payloads\Tasks\StoreTaskPayload;
use App\Models\Task;

final readonly class CreateTask
{
    public function handle(StoreTaskPayload $payload): Task
    {
        return Task::create($payload->toArray());
    }
}

Step 6: Controller

Create invokable controller at app/Http/Controllers/{Resource}/V1/{Operation}Controller.php:

<?php

declare(strict_types=1);

namespace App\Http\Controllers\Tasks\V1;

use App\Actions\Tasks\CreateTask;
use App\Http\Requests\Tasks\V1\StoreTaskRequest;
use App\Http\Responses\JsonDataResponse;
use Illuminate\Http\JsonResponse;

final readonly class StoreController
{
    public function __construct(
        private CreateTask $createTask,
    ) {}

    public function __invoke(StoreTaskRequest $request): JsonResponse
    {
        $task = $this->createTask->handle(
            payload: $request->payload(),
        );

        return new JsonDataResponse(
            data: $task,
            status: 201,
        );
    }
}

Response Format

Standard format for all responses:

Success:

{
    "data": {...},
    "meta": {...}
}

Error (Problem+JSON):

{
    "type": "about:blank",
    "title": "Validation Failed",
    "status": 422,
    "detail": "The given data was invalid",
    "errors": {...}
}

Query Building

Use Spatie Query Builder for filtering, sorting, includes:

use Spatie\QueryBuilder\QueryBuilder;

$tasks = QueryBuilder::for(Task::class)
    ->allowedFilters(['status', 'priority'])
    ->allowedSorts(['created_at', 'due_date'])
    ->allowedIncludes(['project', 'assignee'])
    ->paginate();

Versioning Endpoints

When creating V2:

Create V2 namespace: App\Http\Controllers\Tasks\V2\
Add V2 route group in resource file
Add Sunset middleware to V1 routes:

Route::middleware(['auth:api', 'http.sunset:2025-12-31'])->group(function () {

    // V1 routes
});

Authentication Setup

Use PHP Open Source Saver JWT package:

composer require php-open-source-saver/jwt-auth
php artisan vendor:publish --provider="PHPOpenSourceSaver\JWTAuth\Providers\LaravelServiceProvider"
php artisan jwt:secret

Configure in config/auth.php:

'guards' => [
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users',
    ],
],

Essential Setup

Add to app/Providers/AppServiceProvider.php:

use Illuminate\Database\Eloquent\Model;

public function boot(): void
{
    Model::shouldBeStrict(); // Prevent N+1 queries
}

protected $middlewareAliases = [
    'http.sunset' => \App\Http\Middleware\HttpSunset::class,
];

Anti-Patterns to Avoid

Using auto-increment IDs instead of ULIDs
Business logic in models
Multiple actions per controller
Accessing request data directly in controllers/actions
Hidden query scopes
Service classes when an Action would suffice
Breaking changes without versioning
Inconsistent response formats
Nested ternary operators (use match expressions instead)
Missing type declarations on methods and parameters
Overly compact "clever" code that sacrifices readability

Code Review & Refactoring

When reviewing or refactoring Laravel API code, apply these principles:

Simplification Checklist

Preserve Functionality - Ensure refactorings don't change behavior
Check Type Safety - Add missing return types and parameter types
Simplify Logic - Replace nested ternaries with match expressions
Extract Complexity - Move complex conditions into named methods
Verify Standards - Ensure PSR-12 compliance with declare(strict_types=1)
Improve Naming - Use descriptive names that reveal intent

Match Expression Pattern

Replace nested ternaries with match for clarity:

// ❌ Avoid: Nested ternary
$status = $task->completed_at 
    ? ($task->verified ? 'verified' : 'completed')
    : ($task->started_at ? 'in_progress' : 'pending');

// ✅ Prefer: Match expression
$status = match (true) {
    $task->completed_at && $task->verified => 'verified',
    $task->completed_at => 'completed',
    $task->started_at => 'in_progress',
    default => 'pending',
};

References

architecture.md - Comprehensive architectural patterns and principles
code-examples.md - Complete working examples for every component
code-quality.md - Laravel best practices, refactoring patterns, and PSR-12 standards

Templates

Template files in assets/templates/ for quick scaffolding:

Controller.php
FormRequest.php
Payload.php
Action.php
Model.php

Weekly Installs

Repository

juststeveking/l…pi-skill

GitHub Stars

First Seen

Jan 24, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode70

codex68

gemini-cli67

github-copilot65

amp60

kimi-cli60

lark-cli 共享规则：飞书资源操作指南与权限配置详解

39,000 周安装