Forem: Ilya Beliaev

Laravel has no native WebDAV server — so I built one

Ilya Beliaev — Wed, 15 Apr 2026 21:19:08 +0000

🚀 I’ve just released the first alpha version of my Laravel WebDAV server:

👉 https://github.com/N3XT0R/laravel-webdav-server/releases/tag/1.0.0-alpha.1

⚠️ Disclaimer

This is an early alpha prototype.

It is:

not stable
not production-ready
subject to breaking changes at any time

The current focus is on architecture and extensibility, not completeness.

The problem

In the Laravel ecosystem, there is currently no truly native WebDAV server solution.

Most existing approaches fall into one of two categories:

Thin wrappers around SabreDAV with limited Laravel integration
WebDAV client adapters (e.g. for Storage::disk()), not actual servers

What’s missing is a solution that:

integrates cleanly into Laravel’s architecture
respects existing auth and authorization concepts
works naturally with Laravel’s filesystem abstraction (Flysystem)

The idea

This package aims to bridge the gap between the WebDAV protocol and Laravel’s filesystem abstraction.

Instead of exposing raw filesystem paths, it maps WebDAV nodes directly to Laravel disks.

That means you can expose:

local storage
S3 buckets
or any Flysystem-backed disk

through a WebDAV endpoint.

What makes this different

1. Native Laravel integration

This is not a standalone WebDAV server bolted onto Laravel.

It is designed to feel like a first-class Laravel component.

2. Explicit request pipeline (no magic)

Every request follows a clearly defined flow:

Controller → Factory → Credential Validation → Space Resolution → Authorization → Storage

There is:

no hidden magic
no black box
no implicit behavior

Every step is transparent and replaceable.

3. Clear separation of concerns

The architecture strictly separates:

WebDAV transport (SabreDAV)
Application logic (Laravel)
Storage (Flysystem)

4. Pluggable architecture

Core components are abstracted via interfaces:

Credential validation
Storage space resolution
Path-level authorization

All bindings use bindIf(), so you can override them without modifying package code.

5. Policy-native authorization

Authorization integrates directly with Laravel’s Gate and Policies.

6. Dynamic storage mapping

Storage is resolved at runtime based on:

user (principal)
route parameter {space}

What this package is (and is not)

✔ WebDAV server for Laravel (HTTP endpoint)

✖ Not a Storage::disk('webdav') client driver

Current feature set

WebDAV server powered by SabreDAV
Mapping of WebDAV nodes to Laravel filesystem disks
Pluggable authentication (Basic Auth by default)
Flexible storage space resolution
Extensible authorization layer
Clean extension points via interfaces

Supported operations

PROPFIND
GET
PUT
DELETE
MKCOL

What’s missing

Stability
Edge case handling
Production readiness

Why release this early?

Because the architecture is the most important part.

Feedback welcome

I’d really appreciate:

architectural feedback
edge cases I haven’t considered
ideas for real-world use

GitHub

👉 https://github.com/N3XT0R/laravel-webdav-server/releases/tag/1.0.0-alpha.1

Hashtags

laravel #php #webdav #opensource #softwarearchitecture #backend #api #flysystem

Laravel Passport Modern Scopes – Attribute-Based OAuth Scope Enforcement

Ilya Beliaev — Wed, 07 Jan 2026 23:49:17 +0000

Laravel Passport traditionally enforces OAuth scopes at the routing level, usually via middleware definitions in
route files.

While this works, it often leads to:

authorization rules scattered across routes
controllers coupled to infrastructure concerns
duplicated or hard-to-review scope requirements
reduced clarity as APIs grow

Laravel Passport Modern Scopes introduces a different approach.

👉 https://github.com/N3XT0R/laravel-passport-modern-scopes

The idea: declare scopes where they matter

Instead of wiring scopes into routes, this package allows you to declare OAuth scope requirements directly on
controllers or controller actions using PHP 8 attributes.

Authorization intent lives next to the code it protects.

Passport itself remains fully responsible for authentication and token validation.

Example

use N3XT0R\PassportModernScopes\Support\Attributes\RequiresScope;
use N3XT0R\PassportModernScopes\Support\Attributes\RequiresAnyScope;

#[RequiresScope('users:read')]
final class UserController
{
    public function index()
    {
        // Requires users:read
    }

    #[RequiresAnyScope('users:update', 'users:write')]
    public function update()
    {
        // Requires at least one of the given scopes
    }
}

A single middleware inspects controller attributes at runtime and enforces them using Laravel Passport’s native
tokenCan checks.

Authentication itself remains the responsibility of your configured guard (e.g. auth:api).

What this package does

Enables attribute-based OAuth scope enforcement
Keeps routes clean and infrastructure-agnostic
Makes authorization requirements explicit and discoverable
Works with Passport’s existing scope validation
Requires no changes to Passport internals

Scopes are declared, not wired.

Why attributes?

Using PHP attributes for authorization requirements has several advantages:

Declarative and explicit
No duplication between routes and controllers
Easier to reason about during code review
Friendly to static analysis and documentation tools
No magic strings scattered across route definitions

This keeps authorization intent separate from HTTP wiring.

What this package does not do

To be explicit:

❌ It does not replace Laravel Passport
❌ It does not implement authentication
❌ It does not introduce custom guards
❌ It does not enforce business rules

It only resolves and enforces declared OAuth scope requirements.

Where this fits architecturally

Laravel Passport Modern Scopes is intentionally small and focused.

It pairs well with:

structured scope models (e.g. resource:action)
domain-level authorization logic
admin tooling that manages scopes centrally

It can be used standalone or alongside higher-level authorization libraries.

Installation

composer require n3xt0r/laravel-passport-modern-scopes:^2.0

The middleware is automatically registered via the package’s service provider.

Final thoughts

This package is about clarity, not abstraction.

If you prefer:

explicit authorization requirements
clean routes
controllers that express intent clearly

then attribute-based scope enforcement can be a very natural fit.

Feedback and discussion are welcome.

👉 https://github.com/N3XT0R/laravel-passport-modern-scopes

Filament Passport UI – Managing Laravel Passport OAuth with Clarity

Ilya Beliaev — Wed, 07 Jan 2026 23:47:11 +0000

Laravel Passport provides a solid, standards-compliant OAuth2 implementation.

What it intentionally does not provide is an opinionated way to administer and govern OAuth configuration.

In real-world applications, this often leads to:

OAuth clients created once via CLI and never revisited
unclear ownership of machine-to-machine clients
scopes defined as ad-hoc strings without structure
no central overview of active tokens and permissions

Filament Passport UI was created to close this gap.

👉 https://github.com/N3XT0R/filament-passport-ui

What Filament Passport UI is

Filament Passport UI is a structured administrative interface for managing Laravel Passport OAuth resources
using Filament v4.

It is designed for applications that already use Filament as their primary admin panel and want to manage:

OAuth clients
tokens
scopes
grants and authorization-related state

in a clear, explicit, and reviewable way.

This package focuses on administration and visibility, not on implementing OAuth flows.

What the package does

Filament Passport UI adds a domain-oriented admin layer on top of Laravel Passport:

OAuth clients are managed explicitly instead of being created only via CLI
Scopes are modeled and managed in a structured way
Tokens and grants become visible and reviewable
Authorization decisions remain enforced by Passport at runtime

Passport itself is not modified or extended.

All logic operates at the application and UI level.

Key features

OAuth client management

Manage OAuth clients by grant type:
- authorization code
- client credentials
- password
- personal access
- implicit
- device
View client metadata and ownership
Enable or revoke clients via UI

Token visibility

Inspect issued access tokens
Review token state and expiration
Revoke tokens explicitly

Structured scopes

Manage scopes via UI instead of static configuration
Model scopes as resource:action
Group and reason about permissions in a human-readable way
Designed to work with structured authorization models

Native Filament integration

Built with Filament v4 resources and pages
UX aligned with Filament conventions
No custom panels or hacks required

Auditability

Administrative actions are fully auditable
Changes can be recorded via spatie/laravel-activitylog
Supports traceability for security and compliance contexts (e.g. ISO/IEC 27001)

What this package does not do

To be explicit:

❌ It does not implement OAuth flows
❌ It does not replace Laravel Passport
❌ It does not enforce authorization decisions
❌ It does not guess application security rules

Authorization logic remains the responsibility of the application.

Relationship to Laravel Passport Authorization Core

Filament Passport UI builds on a clear architectural separation.

All Filament-agnostic authorization and domain logic is progressively consolidated into a dedicated core package:

👉 https://github.com/N3XT0R/laravel-passport-authorization-core

This allows:

a clean separation between domain logic and UI
reuse of authorization concepts outside of Filament
independent evolution of core logic and admin UI

Filament Passport UI remains focused purely on administrative workflows and presentation.

Who this is for

This package is useful if you:

use Laravel Passport and Filament
manage multiple OAuth clients or integrations
want visibility into tokens and permissions
care about long-term maintainability and auditability
prefer explicit administration over CLI-only workflows

Final thoughts

Filament Passport UI is not about adding features to Passport.

It’s about making OAuth configuration visible, explicit, and manageable in real-world systems.

Feedback, issues, and architectural discussion are very welcome.

👉 https://github.com/N3XT0R/filament-passport-ui

Laravel Passport Authorization Core – A Domain-Oriented Authorization Foundation

Ilya Beliaev — Wed, 07 Jan 2026 23:45:45 +0000

n many Laravel applications, OAuth is handled correctly, but authorization modeling slowly degrades over time.

Scopes become undocumented strings.

Authorization rules spread across policies, middleware, and UI layers.

Admin panels re-implement domain logic that should not live there.

To address this, I extracted the authorization domain logic from a real-world Filament + Passport setup into a dedicated
core package:

👉 https://github.com/N3XT0R/laravel-passport-authorization-core

What this package is

Laravel Passport Authorization Core is a UI-agnostic, domain-oriented authorization layer built on top of
Laravel Passport.

It focuses on authorization intent, not OAuth mechanics.

No UI
No OAuth flows
No token issuance
No policy enforcement magic

Passport remains fully responsible for runtime authentication and token validation.

The core idea

Instead of treating scopes as arbitrary strings, this package introduces explicit authorization concepts:

Structured scopes (resource:action)
Authorization context (client, grant, actor, scope, intent)
Application-level use cases as the only integration surface
Clear separation of:
- Domain
- Application (Usecases)
- Infrastructure (Passport integration)

All interaction happens through Application / Usecase classes — never through low-level models or repositories.

Why this matters

Laravel Passport intentionally avoids opinions about authorization modeling.

In larger systems, this often leads to:

duplicated authorization logic
unclear ownership of permissions
UI-driven security decisions
poor auditability and reviewability

This package provides a single, explicit authorization backbone that can be reused by:

admin interfaces (e.g. Filament)
policies and middleware
API gateways
background jobs
audit and compliance tooling

What this package does not do

To be explicit:

❌ It does not replace Passport
❌ It does not implement OAuth flows
❌ It does not enforce authorization decisions
❌ It does not assume application architecture

It defines structure and intent — enforcement remains the responsibility of the application.

Relationship to Filament Passport UI

This package serves as the domain core for

Filament Passport UI, which focuses purely on administrative UI concerns.

The long-term architecture deliberately separates:

Authorization domain logic → Core package
Presentation & admin workflows → UI package

Both packages evolve independently with a stable boundary.

Who this is for

This package is intended for developers who:

care about long-term authorization clarity
work on multi-service or multi-team systems
want audit-friendly security models
prefer explicit architecture over implicit conventions

Final thoughts

This is not a “plug-and-play helper package”.

It’s a foundational library meant to support clean architecture and long-lived systems.

Feedback, architectural discussion, and constructive criticism are very welcome.

👉 https://github.com/N3XT0R/laravel-passport-authorization-core

🚀 WP-XPub v1.0.0 – A Clean Architecture Approach to Multi-Channel Publishing in WordPress

Ilya Beliaev — Mon, 28 Jul 2025 21:47:14 +0000

We’re proud to release WP-XPub v1.0.0, a modern, maintainable WordPress plugin designed for structured multi-channel publishing — built from the ground up with hexagonal architecture, PSR standards, and clean separation of concerns.

🎯 What is WP-XPub?

WP-XPub is a flexible auto-publisher framework for WordPress that allows you to push content to multiple external platforms (e.g., Mastodon, LinkedIn, custom APIs) from within your WordPress environment. It’s not another social media plugin — it’s a system designed for:

High modularity
Testability and long-term maintainability
Minimal WordPress coupling
Extensible publisher definitions

💡 Why Not in the WordPress Plugin Directory?

⚠️ WP-XPub is not listed on WordPress.org — and that’s by design.

The WordPress plugin directory enforces legacy practices that actively hinder modern software architecture. This includes:

Tight coupling through functions.php
Global procedural design
Prohibition of namespaced class autoloading (e.g., via Composer)
Literal-only i18n strings, which break abstraction and prevent layered translation systems
Constraints that prevent effective testing or mocking

We respect the ecosystem — but we choose to build for developers who care about code quality, clarity, and architecture first.

✅ What's in v1.0.0?

✔️ Multi-publisher architecture using filter-dispatched factories
✔️ Admin UI to activate publishers and set platform-specific configuration
✔️ Publisher abstraction that allows easy integration of 3rd-party APIs
✔️ Automatic trigger on post publication (post_status = publish)
✔️ Fully PSR-compliant code (PSR-1, PSR-4, PSR-12)
✔️ Composer-powered structure — no function clutter, no legacy globals
✔️ Support for modern PHP (8.2+) and WordPress 6.x

👉 See the full source and installation instructions on GitHub

Laravel Migration Generator: v8.1 & v8.2 Released 🚀

Ilya Beliaev — Wed, 09 Jul 2025 07:05:05 +0000

I've recently shipped two updates to my Laravel Migration Generator project – focusing on database normalization, architecture cleanup, and future extensibility.

🔄 v8.1.0 – Schema Normalization

You can now normalize legacy schemas using the new --normalizer=pivot option:

Replaces composite primary keys with a synthetic $table->id() column
Preserves the original compound key as a UNIQUE constraint
Improves compatibility with Eloquent models

Ideal if you're working with databases that were not designed for Laravel-style ORM!

🧱 v8.2.0 – Refactored Execution Flow

This release introduces the SchemaMigrationExecutor and its interface to decouple execution logic from the console command:

Implements the Separation of Concerns principle (SoC)
Executor is now resolved via Laravel's service container
Optionally injects the SchemaNormalizationManagerInterface only when needed

Cleaner, more testable, and easier to extend.

🔭 Up Next

I'm currently working on:

Caching – to improve performance for repeated runs
Model Generation – automatic Eloquent model scaffolding based on the schema

🛠️ Try it out!

👉 GitHub: https://github.com/N3XT0R/laravel-migration-generator

If you're migrating legacy databases or want to generate clean Laravel-compatible migrations – this tool might save you hours.

Thanks for reading – feel free to drop feedback or ideas for upcoming versions!

laravel #php #opensource #cli #migrations #eloquent #legacycode #cleanarchitecture #devlog

🚀 Laravel Migration Generator – Now with PostgreSQL and MSSQL Support

Ilya Beliaev — Fri, 20 Jun 2025 20:57:48 +0000

Laravel Migration Generator – now with PostgreSQL & MSSQL support!

🚀 Introducing Laravel Migration Generator – an open-source package that lets you generate Laravel migrations directly from your existing database schema.

No more manual migration writing. It supports:

✅ MySQL (5.7 & 8.0)
✅ PostgreSQL (15)
✅ MSSQL (2022)

Tested with Laravel 10–12 and PHP 8.2–8.4.

🔧 Installation

composer require --dev n3xt0r/laravel-migration-generator

🔍 Features

Generate migrations from your database schema
Multiple output modes (by table, by database, grouped)
Supports complex structures (foreign keys, indexes)
CLI-powered and Docker-compatible
Open for extension (planned plugin support)

📘 Documentation

Full documentation is available at:

📚 https://laravel-migration-generator.readthedocs.io/

🔗 GitHub

Check out the repository on GitHub:

👉 https://github.com/N3XT0R/laravel-migration-generator

If you find it helpful, leave a ⭐️ – it's highly appreciated!

🤝 Contribute

Have feedback or want to contribute? Open an issue or PR on GitHub. Plugin system, model generator and more features are planned – stay tuned!

Thanks for reading & happy migrating!