Mirrors the frontend catch-up in 570f17e: a substantial amount of
finished-but-never-committed backend work had accumulated locally.
- New CustomField module: admin-managed field definitions per client,
reorderable, typed values stored per client (backing the frontend's
ClientCustomFieldCard + settings/fields page)
- History entries switch from a hardcoded type enum to a dynamic,
admin-managed HistoryType module (reorderable, backing
settings/history-types)
- New Import module: CSV client import (backing settings/import)
- Clients table gains soft deletes (deleted_at)
- Supporting factories, seeders, policies, and feature tests for all
of the above
All 63 backend tests pass locally before this commit.
1.4 KiB
1.4 KiB
Backend — Laravel 10
Module pattern
Every feature lives in app/Modules/<Name>/:
Controllers/<Name>Controller.php— thin: authorize → DTO → action → resourceActions/Create<Name>Action.php— handle(DTO): ModelActions/Update<Name>Action.php— handle(Model, DTO): ModelModels/<Name>.php— Eloquent modelResources/<Name>Resource.php— explicit field list, no$this->resourceDTOs/<Name>Data.php— readonly constructor + staticfromRequest()Requests/Create<Name>Request.php/Update<Name>Request.phpPolicies/<Name>Policy.php
Commands
composer test # Pest, SQLite in-memory
composer static-analysis # pint --test + phpstan + phpmd (user do the static code analysis manually)
php artisan migrate # run migrations (against Docker MySQL)
DB schema
users: id, name, email, password, role(enum:admin|staff), timestampsclients: id, client_number(unique), name, notes(JSON), timestampshistory_entries: id, client_id(FK), type(enum), body(text), author_id(FK), updated_by(FK nullable), deleted_at, timestamps
Auth
- Sanctum SPA cookie sessions —
EnsureFrontendRequestsAreStatefulonapimiddleware group - Filament:
webguard,/admin/login - No Passport, no tokens
API conventions
- Resources always wrap in
datakey (JsonResource default) - Paginated lists:
data[]+meta.totaletc. - 201 on create, 200 on update, 204 on delete