PHPackages boilingsoup/sneeze - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. boilingsoup/sneeze ActiveLibrary[Authentication & Authorization](/categories/authentication) boilingsoup/sneeze ================== A Laravel Sanctum token-based auth starter kit v1.0.0(9mo ago)14MITPHPPHP ^8.2.0CI passing Since Aug 6Pushed 9mo agoCompare [ Source](https://github.com/BoilingSoup/sneeze)[ Packagist](https://packagist.org/packages/boilingsoup/sneeze)[ RSS](/packages/boilingsoup-sneeze/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (8)Versions (3)Used By (0) [![image](https://private-user-images.githubusercontent.com/84747244/475208740-3013e7ef-0868-4ae8-8e4a-de7545f6ab4d.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzM5NjkyMDksIm5iZiI6MTc3Mzk2ODkwOSwicGF0aCI6Ii84NDc0NzI0NC80NzUyMDg3NDAtMzAxM2U3ZWYtMDg2OC00YWU4LThlNGEtZGU3NTQ1ZjZhYjRkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNjAzMjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjYwMzIwVDAxMDgyOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTAxNTgxZjMyYWUzNGJhMDIxNjdhNzVlMzczODMwY2UxMGZmOTBjMjVmMjZkZGVhZWU0OTk5MzJhMWY5YzM1NjgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.3UWdSZT8yRAKMUZw1Sqlv5fXUj8WYJS_mAzmYPYVOpw)](https://private-user-images.githubusercontent.com/84747244/475208740-3013e7ef-0868-4ae8-8e4a-de7545f6ab4d.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NzM5NjkyMDksIm5iZiI6MTc3Mzk2ODkwOSwicGF0aCI6Ii84NDc0NzI0NC80NzUyMDg3NDAtMzAxM2U3ZWYtMDg2OC00YWU4LThlNGEtZGU3NTQ1ZjZhYjRkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNjAzMjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjYwMzIwVDAxMDgyOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTAxNTgxZjMyYWUzNGJhMDIxNjdhNzVlMzczODMwY2UxMGZmOTBjMjVmMjZkZGVhZWU0OTk5MzJhMWY5YzM1NjgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.3UWdSZT8yRAKMUZw1Sqlv5fXUj8WYJS_mAzmYPYVOpw) Sneeze ====== [](#sneeze) **Sneeze** is a modern, token-based authentication starter kit for Laravel using Sanctum. Inspired by Breeze, it's designed for API-first apps that need clean, flexible auth, with no frontend assumptions and no reliance on cookies or CSRF. Use it with any frontend: mobile, SPA, desktop, TUI. If it can send headers, it works. --- πŸ’‘ Why Laravel Sneeze? --------------------- [](#-why-laravel-sneeze) Breeze is great for traditional Laravel apps, but it's tightly coupled to session cookies, CSRF protection, and frontend-specific flows like email verification links. Sneeze takes a different approach: - Clients only need to POST data. No clickable links or cookie handling required. - No CSRF middleware, no session storage, no need to hit the `/csrf-token` endpoint. - Auth uses **Bearer tokens**, not cookies, so your frontend can be on the **same domain or any other**. You're not locked into a browser SPA. Whether you're building a mobile app, CLI, TUI, or remote dashboard, Sneeze is designed to get out of your way and let you build. --- πŸ”₯ Features ---------- [](#-features) - πŸ§ͺ API-first authentication using [Laravel Sanctum](https://laravel.com/docs/sanctum) - πŸ” Register/Login issues a Sanctum token - πŸ” 8-digit **verification codes** for: - Email verification - Password resets - 🧼 No CSRF. No session cookies. Just clean `Bearer` token auth - 🧽 Automatic cleanup of expired or used verification codes - 🧱 All key files (routes, controllers, traits, notifications) copied into your app so you can customize freely - βœ… Implements Laravel’s `CanResetPassword` and `MustVerifyEmail` interfaces - πŸ§ͺ Tested with both **PHPUnit** and **Pest** --- πŸš€ Installation -------------- [](#-installation) **Laravel Sneeze is intended for new Laravel projects.** It scaffolds routes, controllers, traits, notifications, and test files directly into your app. Install the package via Composer: ``` composer require boilingsoup/sneeze ``` Then run the install command: ``` php artisan sneeze:install # Installs with PHPUnit tests php artisan sneeze:install --pest # Installs with Pest tests ``` The `sneeze:install` command will: - Copy controllers, routes, notifications, traits, etc. into your `app/` and `routes/` directories - Publish `config/sneeze.php` with all settings --- 🧬 Authentication Flow --------------------- [](#-authentication-flow) All actions are done via API. No frontend coupling, no session redirects, no need for custom URLs. ActionEndpointMethodDescriptionRegister`/api/register`POSTCreate a new userLogin`/api/login`POSTReturns Sanctum tokenLogout`/api/logout`POSTRevokes tokenRequest password reset`/api/forgot-password`POSTSends 8-digit codeReset password`/api/reset-password`POSTVerifies code + sets new passwordRequest email verification code`/api/email/verification-notification`POSTSends 8-digit codeVerify email`/api/verify-email`POSTVerifies 8-digit code--- βš™οΈ Configuration ---------------- [](#️-configuration) Sneeze uses a simple config file to define expiration times for tokens and codes. These are set using [`CarbonInterval`](https://carbon.nesbot.com/docs/#api-carboninterval), which gives you expressive, readable control over durations. File: `config/sneeze.php` ``` use Carbon\CarbonInterval; return [ // Set how long Sanctum auth tokens are valid after login or registration 'sanctum_auth_token_expiration' => CarbonInterval::months(1), // Set how long email verification codes are valid 'email_verification_expiration' => CarbonInterval::minutes(15), // Set how long password reset codes are valid 'password_reset_expiration' => CarbonInterval::minutes(15), ]; ``` You can customize these values using any `CarbonInterval` expression. Example: To make reset codes expire in 30 minutes, change: ``` 'password_reset_expiration' => CarbonInterval::minutes(30), ``` CarbonInterval supports durations like `minutes()`, `hours()`, `days()`, `weeks()`, `months()`, and more. These intervals are applied **at the time the token or code is created**, ensuring consistent and timezone-aware expiration. --- ⏱ Scheduled Tasks ----------------- [](#-scheduled-tasks) Sneeze registers two scheduled tasks in `routes/console.php` to keep your auth tables clean: ``` // Prune expired Sanctum tokens (every minute) Schedule::command('sanctum:prune-expired --hours=0')->everyMinute(); // Prune used or expired verification codes (every minute) Schedule::command('sneeze:prune-stale')->everyMinute(); ``` These tasks are added automatically when you install Sneeze. - In development, you can run: `php artisan schedule:work` - In production, set up a cron job to run `php artisan schedule:run` every minute More info: [Laravel Scheduler Documentation](https://laravel.com/docs/scheduling#running-the-scheduler) --- πŸ” Security Notes ---------------- [](#-security-notes) - Verification codes are generated using `random_int(10000000, 99999999)` β€” cryptographically secure. - Codes are hashed before being stored in the database (like passwords.) - Verification codes can only be used **once.** - Expired or used codes are automatically cleaned up via scheduled task. - Auth token expiration is enforced via Laravel Sanctum. - No CSRF is needed. All clients authenticate via Bearer token header. --- 🧱 Customization --------------- [](#-customization) All important logic is published into your app for easy modification: - `app/Http/Controllers/Auth/...` - `app/Models/Traits/HasVerificationCodes.php` - `app/Notifications/Auth/...` --- πŸ“¦ Credits --------- [](#-credits) Created by [Boiling Soup](https://github.com/boilingsoup) Inspired by Laravel Breeze ### Health Score 32 β€” LowBetter than 72% of packages Maintenance58 Moderate activity, may be stable Popularity5 Limited adoption so far Community6 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits β€” single point of failure How is this calculated?**Maintenance (25%)** β€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** β€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** β€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** β€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 278d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/277c1d608a0abfb09244eee88c2f0f506506592631dfcfb3f322905fb2054a52?d=identicon)[boilingsoup](/maintainers/boilingsoup) --- Top Contributors [![BoilingSoup](https://avatars.githubusercontent.com/u/84747244?v=4)](https://github.com/BoilingSoup "BoilingSoup (69 commits)") --- Tags laravelauthsneeze ### Code Quality Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/boilingsoup-sneeze/health.svg) ``` [![Health](https://phpackages.com/badges/boilingsoup-sneeze/health.svg)](https://phpackages.com/packages/boilingsoup-sneeze) ``` ### Alternatives [laravel/breeze Minimal Laravel authentication scaffolding with Blade and Tailwind. 3.0k31.3M148](/packages/laravel-breeze)[laravel/ui Laravel UI utilities and presets. 2.7k134.9M601](/packages/laravel-ui)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum)[tapansharma/breeze-svelte Minimal Laravel authentication scaffolding with Svelte and Tailwind. 321.2k](/packages/tapansharma-breeze-svelte) PHPackages Β© 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)