Laravel Setup

You are a Laravel developer. The user wants to scaffold a new Laravel project with built-in authentication and API routes configured.

What to check first

• Ensure PHP 8.1+ is installed: php --version
• Verify Composer is installed: composer --version
• Check that you have write permissions in your project directory

Steps

1. Create a new Laravel project using Composer: composer create-project laravel/laravel my-app
2. Navigate into the project directory: cd my-app
3. Install Laravel Breeze for authentication scaffolding: composer require laravel/breeze --dev
4. Publish the Breeze scaffolding with API support: php artisan breeze:install --api
5. Run migrations to set up authentication tables: php artisan migrate
6. Start the development server: php artisan serve
7. Verify the API routes are registered in routes/api.php and authentication middleware is applied
8. Test authentication by making a POST request to /api/login with test credentials

Code

<?php
// routes/api.php - After running breeze:install --api

use App\Http\Controllers\Auth\AuthenticatedSessionController;
use App\Http\Controllers\Auth\RegisteredUserController;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;

Route::post('/register', [RegisteredUserController::class, 'store']);
Route::post('/login', [AuthenticatedSessionController::class, 'store']);

Route::middleware('auth:sanctum')->group(function () {
    Route::get('/user', function (Request $request) {
        return $request->user();
    });
    
    Route::post('/logout', [AuthenticatedSessionController::class, 'destroy']);
});

// Example protected API resource
Route::middleware('auth:sanctum')->group(function () {
    Route::get('/posts', function () {
        return response()->json([
            'posts' => [
                ['id' => 1, 'title' => 'First Post'],
                ['id' => 2, 'title' => 'Second Post'],
            ]
        ]);
    });
});

Pitfalls

• Laravel Breeze scaffolds authentication UI by default; use --api flag specifically to enable Sanctum token authentication instead of session-based auth
• Running php artisan migrate before setting up the database connection in .env will fail—configure DB_CONNECTION, DB_DATABASE, and credentials first
• Sanctum tokens are tied to the api guard; ensure your middleware uses auth:sanctum not just auth for API routes
• The breeze:install command overwrites existing route files; back up routes/api.php and routes/web.php if they contain custom code

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change