[11.x] Slim skeleton support (#47309)

### Configuration

All configuration files now have framework counterparts and application level configuration is merged with the framework defaults. The default configuration files have also received many more environment variables so that more options can be changed from the application’s `.env` file. The `LoadConfiguration` bootstrap class has been added to support framework configuration cascading. A new `config:publish` command has been introduced to publish framework configuration files.

### Middleware

The `Authenticate` middleware and `AuthenticationException` exception now have `redirectUsing` methods that accept a closure. This closure will be invoked to determine where to redirect unauthenticated users. Helper methods for setting this closure are available on the `Middleware` application builder class.

The `Authenticate` middleware also now does not return a redirect location if the incoming request expected JSON.

The `RedirectIfAuthenticated` middleware has been added to the framework. This middleware also includes a `redirectUsing` method to customize the “guest” redirection behavior. The default behavior is to redirect to `/dashboard`. Helper methods for setting this closure are available on the `Middleware` application builder class.

The `AuthenticateSession` middleware has received a `redirectUsing` helper to control the redirection behavior. Helper methods for setting this closure are available on the `Middleware` application builder class.

The `TrimStrings` middleware has received an `except` method that may be used to specify which strings should not be trimmed.

The `ValidateCsrfToken` middleware has received an `except` method that may be used to specify which paths should not receive CSRF token validation.

The `ValidateSignature` middleware has receive an `except` method that may be used to specify which parameters should not be included in signature validation.

`ValidateCsrfToken` has been added as an alias of `VerifyCsrfToken`.

The `TrustHosts` middleware has been updated to allow all subdomains of the application’s configured URL by default.

The `TrustProxies` middleware has been updated to trust all proxies by default.

The `EncryptCookies` middleware has received a static `except` method which may be used in a service provider to specify the cookies that should not be encrypted.

### Events

The foundation `EventServiceProvider` has been updated to discover events by default. In addition, the email verification listener to send email verification notifications is now configured automatically if no `Registered` event listeners exist or the `SendEmailVerificatioNotification` listener is not in the list of listeners for the `Registered` event.

### Notificiations

A `slack` configuration array has been added to the framework's copy of the `services.php` configuration file.

### Artisan Commands

The `cache:table` command has received a `make:cache-table` alias to move all generation commands under the `make` namespace. The `notifications:table` command has receive a `make:notifications-table` alias to move all generation commands under the `make` namespace. The `queue:batches-table` command has received a `make:queue-batches-table` alias for the same reason as above. The `queue:failed-table` command has received a `make:queue-failed-table` alias for the same reason as above. In addition, `queue:table` has received a `make:queue-table` alias. Also, `session:table` has received a `make:session-table` alias.

A `schedule` command has been added to closure commands, allowing the fluent scheduling of closure commands in the console routes file.

The console scheduler is now available via a `Schedule` facade.

The `optimize` command now also caches views and events.

### Service Providers

The `RegisterProviders` bootstrap class has been updated to support the loading of additional providers from the `bootstrap/providers.php` array file.

The `make:provider` command has been updated to add the new service provider to the `bootstrap/providers.php` file if it exists.

The `ServiceProvider` class has received a new static `addProviderToBootstrapFile` method that will add a service provider class to the `bootstrap/providers.php` file if it exists.

### Application Configuration

The `Application` class has received several new methods and helpers. A new `registered` listener method has been added to allow code to react to the registration service providers. A new `getBootstrapProvidersPath` method has been added that returns the location to the bootstrap providers file. New `handleRequest` and `handleCommands` method have been added in order to clean up and simplify the application level bootstrap / index files.

A new `configure` method has been added to the `Application` class in order to allow the fluent configuration of multiple framework features, including routing and container bindings.

A new `ApplicationBuilder` class has been introduced to allow the easy configuration of a variety of core framework functionality, including routing, commands, middleware, exception handling, booting / booted callbacks, and more.

A new `Middleware` application configuration class has been introduced that allows the easy definition of new middleware groups, prepending and appending of middleware to existing groups, replacing middleware in existing groups, and fluent methods for enabling middleware like `TrustHosts` and `EnsureFrontendRequestsAreStateful`. 

Helper methods have been added to the exception handler for `dontReport`, `dontReportDuplicates`, `dontFlash`, `buildContextUsing`.

### Installers

A new `install:api` command has been added. This command installs `laravel/sanctum` and uncomments the “API” routes definition in the bootstrap file. 

A new `install:broadcasting` has been added which uncomments the “channels” routes definition in the bootstrap file. In addition, a Laravel Echo file is written to the `resources/js` directory which contains the Echo configuration. A directive to include this file is injected into the main `bootstrap.js` file.

.github/workflows/databases.yml

@@ -52,6 +52,7 @@ jobs:
         env:
           DB_CONNECTION: mysql
           DB_USERNAME: root
+          MYSQL_COLLATION: utf8mb4_unicode_ci
 
   mysql_8:
     runs-on: ubuntu-22.04
@@ -140,7 +141,7 @@ jobs:
       - name: Execute tests
         run: vendor/bin/phpunit tests/Integration/Database
         env:
-          DB_CONNECTION: mysql
+          DB_CONNECTION: mariadb
           DB_USERNAME: root
 
   pgsql:

composer.json

@@ -106,7 +106,7 @@
         "league/flysystem-sftp-v3": "^3.0",
         "mockery/mockery": "^1.5.1",
         "nyholm/psr7": "^1.2",
-        "orchestra/testbench-core": "^9.0",
+        "orchestra/testbench-core": "dev-next/slim-skeleton",
         "pda/pheanstalk": "^4.0",
         "phpstan/phpstan": "^1.4.7",
         "phpunit/phpunit": "^10.1",

config/app.php

@@ -0,0 +1,184 @@
+<?php
+
+use Illuminate\Support\Facades\Facade;
+use Illuminate\Support\ServiceProvider;
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Application Name
+    |--------------------------------------------------------------------------
+    |
+    | This value is the name of your application, which will be used when the
+    | framework needs to place the application's name in a notification or
+    | any other location as required by the application or its packages.
+    |
+    */
+
+    'name' => env('APP_NAME', 'Laravel'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Application Environment
+    |--------------------------------------------------------------------------
+    |
+    | This value determines the "environment" your application is currently
+    | running in. This may determine how you prefer to configure various
+    | services the application utilizes. Set this in your ".env" file.
+    |
+    */
+
+    'env' => env('APP_ENV', 'production'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Application Debug Mode
+    |--------------------------------------------------------------------------
+    |
+    | When your application is in debug mode, detailed error messages with
+    | stack traces will be shown on every error that occurs within your
+    | application. If disabled, a simple generic error page is shown.
+    |
+    */
+
+    'debug' => (bool) env('APP_DEBUG', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Application URL
+    |--------------------------------------------------------------------------
+    |
+    | This URL is used by the console to properly generate URLs when using
+    | the Artisan command line tool. You should set this to the root of
+    | your application so that it is used when running Artisan tasks.
+    |
+    */
+
+    'url' => env('APP_URL', 'http://localhost'),
+
+    'frontend_url' => env('FRONTEND_URL', 'http://localhost:3000'),
+
+    'asset_url' => env('ASSET_URL'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Application Timezone
+    |--------------------------------------------------------------------------
+    |
+    | Here you may specify the default timezone for your application, which
+    | will be used by the PHP date and date-time functions. The timezone
+    | is set to "UTC" by default as it is suitable for most use cases.
+    |
+    */
+
+    'timezone' => env('APP_TIMEZONE', 'UTC'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Application Locale Configuration
+    |--------------------------------------------------------------------------
+    |
+    | The application locale determines the default locale that will be used
+    | by the translation service provider. You are free to set this value
+    | to any of the locales which will be supported by the application.
+    |
+    */
+
+    'locale' => env('APP_LOCALE', 'en'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Application Fallback Locale
+    |--------------------------------------------------------------------------
+    |
+    | The fallback locale determines the locale to use when the default one
+    | is not available. You may change the value to correspond to any of
+    | the languages which are currently supported by your application.
+    |
+    */
+
+    'fallback_locale' => env('APP_FALLBACK_LOCALE', 'en'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Faker Locale
+    |--------------------------------------------------------------------------
+    |
+    | This locale will be used by the Faker PHP library when generating fake
+    | data for your database seeds. For example, this will be used to get
+    | localized telephone numbers, street address information and more.
+    |
+    */
+
+    'faker_locale' => env('APP_FAKER_LOCALE', 'en_US'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Encryption Key
+    |--------------------------------------------------------------------------
+    |
+    | This key is utilized by Laravel's encryption services and should be set
+    | to a random, 32 character string or all of the encrypted strings are
+    | not secure. You should do this prior to deploying the application.
+    |
+    */
+
+    'key' => env('APP_KEY'),
+
+    'cipher' => 'AES-256-CBC',
+
+    /*
+    |--------------------------------------------------------------------------
+    | Maintenance Mode Driver
+    |--------------------------------------------------------------------------
+    |
+    | These configuration options determine the driver used to determine and
+    | manage Laravel's "maintenance mode" status. The "cache" driver will
+    | allow maintenance mode to be controlled across multiple machines.
+    |
+    | Supported drivers: "file", "cache"
+    |
+    */
+
+    'maintenance' => [
+        'driver' => env('APP_MAINTENANCE_DRIVER', 'file'),
+        'store'  => env('APP_MAINTENANCE_STORE', 'redis'),
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Autoloaded Service Providers
+    |--------------------------------------------------------------------------
+    |
+    | The service providers listed here will be automatically loaded on any
+    | requests to your application. You may add your own services to the
+    | arrays below to provide additional features to this application.
+    |
+    */
+
+    'providers' => ServiceProvider::defaultProviders()->merge([
+        // Package Service Providers...
+    ])->merge([
+        // Application Service Providers...
+        // App\Providers\AppServiceProvider::class,
+    ])->merge([
+        // Added Service Providers (Do not remove this line)...
+    ])->toArray(),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Class Aliases
+    |--------------------------------------------------------------------------
+    |
+    | This array of class aliases will be registered when this application
+    | is started. You may add any additional class aliases which should
+    | be loaded to the array. For speed, all aliases are lazy loaded.
+    |
+    */
+
+    'aliases' => Facade::defaultAliases()->merge([
+        // 'Example' => App\Facades\Example::class,
+    ])->toArray(),
+
+];

config/auth.php

@@ -0,0 +1,115 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Authentication Defaults
+    |--------------------------------------------------------------------------
+    |
+    | This option controls the default authentication "guard" and password
+    | reset options for your application. You may change these defaults
+    | as required, but they're a perfect start for most applications.
+    |
+    */
+
+    'defaults' => [
+        'guard' => env('AUTH_GUARD', 'web'),
+        'passwords' => 'users',
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Authentication Guards
+    |--------------------------------------------------------------------------
+    |
+    | Next, you may define every authentication guard for your application.
+    | Of course, a great default configuration has been defined for you
+    | which utilizes session storage plus the Eloquent user provider.
+    |
+    | All authentication drivers have a user provider. This defines how the
+    | users are actually retrieved out of your database or other storage
+    | mechanisms used by this application to persist your user's data.
+    |
+    | Supported: "session"
+    |
+    */
+
+    'guards' => [
+        'web' => [
+            'driver' => 'session',
+            'provider' => 'users',
+        ],
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | User Providers
+    |--------------------------------------------------------------------------
+    |
+    | All authentication drivers have a user provider. This defines how the
+    | users are actually retrieved out of your database or other storage
+    | mechanisms used by this application to persist your user's data.
+    |
+    | If you have multiple user tables or models you may configure multiple
+    | sources which represent each model / table. These sources may then
+    | be assigned to any extra authentication guards you have defined.
+    |
+    | Supported: "database", "eloquent"
+    |
+    */
+
+    'providers' => [
+        'users' => [
+            'driver' => 'eloquent',
+            'model' => env('AUTH_MODEL', App\Models\User::class),
+        ],
+
+        // 'users' => [
+        //     'driver' => 'database',
+        //     'table' => 'users',
+        // ],
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Resetting Passwords
+    |--------------------------------------------------------------------------
+    |
+    | You may specify multiple password reset configurations if you have more
+    | than one user table or model in the application and you want to have
+    | separate password reset settings based on the specific user types.
+    |
+    | The expiry time is the number of minutes that each reset token will be
+    | considered valid. This security feature keeps tokens short-lived so
+    | they have less time to be guessed. You may change this as needed.
+    |
+    | The throttle setting is the number of seconds a user must wait before
+    | generating more password reset tokens. This prevents the user from
+    | quickly generating a very large amount of password reset tokens.
+    |
+    */
+
+    'passwords' => [
+        'users' => [
+            'provider' => 'users',
+            'table' => 'password_reset_tokens',
+            'expire' => 60,
+            'throttle' => 60,
+        ],
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Password Confirmation Timeout
+    |--------------------------------------------------------------------------
+    |
+    | Here you may define the amount of seconds before a password confirmation
+    | window expires and users are asked to re-enter their password via the
+    | confirmation screen. By default, the timeout lasts for three hours.
+    |
+    */
+
+    'password_timeout' => env('AUTH_PASSWORD_TIMEOUT', 10800),
+
+];

config/broadcasting.php

@@ -0,0 +1,71 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Default Broadcaster
+    |--------------------------------------------------------------------------
+    |
+    | This option controls the default broadcaster that will be used by the
+    | framework when an event needs to be broadcast. You may set this to
+    | any of the connections defined in the "connections" array below.
+    |
+    | Supported: "pusher", "ably", "redis", "log", "null"
+    |
+    */
+
+    'default' => env('BROADCAST_CONNECTION', 'null'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Broadcast Connections
+    |--------------------------------------------------------------------------
+    |
+    | Here you may define all of the broadcast connections that will be used
+    | to broadcast events to other systems or over websockets. Samples of
+    | each available type of connection are provided inside this array.
+    |
+    */
+
+    'connections' => [
+
+        'pusher' => [
+            'driver' => 'pusher',
+            'key' => env('PUSHER_APP_KEY'),
+            'secret' => env('PUSHER_APP_SECRET'),
+            'app_id' => env('PUSHER_APP_ID'),
+            'options' => [
+                'cluster' => env('PUSHER_APP_CLUSTER'),
+                'host' => env('PUSHER_HOST') ?: 'api-'.env('PUSHER_APP_CLUSTER', 'mt1').'.pusher.com',
+                'port' => env('PUSHER_PORT', 443),
+                'scheme' => env('PUSHER_SCHEME', 'https'),
+                'encrypted' => true,
+                'useTLS' => env('PUSHER_SCHEME', 'https') === 'https',
+            ],
+            'client_options' => [
+                // Guzzle client options: https://docs.guzzlephp.org/en/stable/request-options.html
+            ],
+        ],
+
+        'ably' => [
+            'driver' => 'ably',
+            'key' => env('ABLY_KEY'),
+        ],
+
+        'redis' => [
+            'driver' => 'redis',
+            'connection' => env('REDIS_BROADCASTING_CONNECTION', 'default'),
+        ],
+
+        'log' => [
+            'driver' => 'log',
+        ],
+
+        'null' => [
+            'driver' => 'null',
+        ],
+
+    ],
+
+];