PHPackages                             progalaxyelabs/stonescriptphp-server - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. progalaxyelabs/stonescriptphp-server

ActiveProject[HTTP &amp; Networking](/categories/http)

progalaxyelabs/stonescriptphp-server
====================================

Application skeleton for StoneScriptPHP. Ready-to-use project template with CLI tools, folder structure, and examples. Includes the stonescriptphp framework as a dependency.

3.22.0(6d ago)040MITPHPPHP ^8.2

Since Dec 9Pushed 1mo agoCompare

[ Source](https://github.com/progalaxyelabs/StoneScriptPHP-Server)[ Packagist](https://packagist.org/packages/progalaxyelabs/stonescriptphp-server)[ Docs](https://stonescriptphp.org)[ RSS](/packages/progalaxyelabs-stonescriptphp-server/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (10)Versions (38)Used By (0)

StoneScriptPHP Server
=====================

[](#stonescriptphp-server)

**A minimal, composable API server skeleton for building PostgreSQL-backed REST APIs.**

Clean starting point with zero bloat - add only what you need through CLI commands.

Features
--------

[](#features)

- 🎯 **Minimal by default** - Only database connection, no pre-configured auth or models
- 🔧 **Composable authentication** - Choose email/password, OAuth, API keys, or combine them
- 📦 **Migration-based** - Version-controlled database schema
- 🚀 **Production-ready** - Docker support, RBAC, JWT, rate limiting
- ⚡ **Developer-friendly** - CLI code generation, hot reload

---

Quick Start
-----------

[](#quick-start)

### 1. Create Project

[](#1-create-project)

```
composer create-project progalaxyelabs/stonescriptphp-server my-api
cd my-api
```

### 2. Setup Environment

[](#2-setup-environment)

```
# Interactive setup wizard (recommended)
php stone setup

# Or manually create .env with database credentials
cp .env.example .env
```

### 3. Choose Your Authentication

[](#3-choose-your-authentication)

**Email/Password Authentication:**

```
php stone generate auth:email-password
php stone migrate up
php stone seed rbac
php stone create:admin
```

**Google OAuth:**

```
php stone generate auth:google
php stone migrate up
```

**API Keys:**

```
php stone generate auth:api-key
php stone migrate up
```

**Or combine multiple methods!**

### 4. Start Development

[](#4-start-development)

```
# Start Docker-based development server (recommended)
composer dev
# API running at http://localhost:8000

# Or use framework's built-in server
php stone serve
# API running at http://localhost:9100
```

---

Architecture
------------

[](#architecture)

**What's included by default:**

- Database connection setup
- Routing infrastructure
- Environment configuration
- Docker setup
- CLI tools

**What's NOT included (generate as needed):**

- ❌ No authentication routes
- ❌ No user models or tables
- ❌ No default roles or permissions
- ❌ No seeders

**Philosophy:** Start minimal, add incrementally via CLI commands.

---

Docker Development
------------------

[](#docker-development)

StoneScriptPHP-Server provides a Docker-first development experience with Nginx + PHP-FPM.

### Development Commands

[](#development-commands)

```
# Start development server (builds image if needed, runs detached)
composer dev
# or
composer serve

# Stop development server
composer stop

# Restart server
composer restart

# View application logs (follow mode)
composer logs

# Access container shell
composer shell

# Rebuild image (after Dockerfile changes)
composer build

# Clean up (removes container and image)
composer clean
```

### What's Included

[](#whats-included)

- **Nginx** - Production-grade web server with proper URL rewriting
- **PHP-FPM** - High-performance PHP processor
- **Supervisor** - Process manager for Nginx + PHP-FPM
- **Development tools** - git, vim, curl, postgres client, etc.

### Live Reload

[](#live-reload)

Your code is mounted as a volume - changes are reflected immediately without rebuilding.

### Database Connection

[](#database-connection)

Connect to your external PostgreSQL instance via `.env`:

```
DB_HOST=localhost      # or your database host
DB_PORT=5432
DB_NAME=stonescriptphp
DB_USER=postgres
DB_PASSWORD=postgres
```

---

CLI Commands
------------

[](#cli-commands)

### Authentication

[](#authentication)

```
# Generate authentication methods (composable)
php stone generate auth:email-password    # Traditional auth
php stone generate auth:google            # Google OAuth
php stone generate auth:linkedin          # LinkedIn OAuth
php stone generate auth:apple             # Apple OAuth
php stone generate auth:api-key           # API key auth
```

### Database

[](#database)

```
php stone migrate status    # Check migration status
php stone migrate up        # Run pending migrations
php stone migrate down      # Rollback last batch
php stone migrate verify    # Check for schema drift
```

### Seeding

[](#seeding)

```
php stone seed rbac         # Seed roles & permissions
```

### User Management

[](#user-management)

```
php stone create:admin      # Create system admin (interactive)
```

### Code Generation

[](#code-generation)

```
php stone generate route POST /auth/login       # Generate route handler
php stone generate model get_user.pgsql         # Generate model from SQL function
php stone generate client                       # Generate TypeScript client
php stone generate jwt                          # Generate JWT keypair
```

### Development

[](#development)

```
php stone serve             # Start dev server
php stone stop              # Stop dev server
php stone test              # Run tests
```

---

Example Workflow
----------------

[](#example-workflow)

**Building an API with email/password auth:**

```
# 1. Create project
composer create-project progalaxyelabs/stonescriptphp-server my-api
cd my-api

# 2. Setup database
php stone setup

# 3. Add email/password authentication
php stone generate auth:email-password

# 4. Run migrations
php stone migrate up

# 5. Seed RBAC (roles & permissions)
php stone seed rbac

# 6. Create admin user
php stone create:admin
# Enter: admin@example.com, password, Admin User

# 7. Start server
php stone serve

# 8. Test login
curl -X POST http://localhost:9100/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@example.com","password":"your-password"}'
```

---

Token Exchange (External Auth Mode)
-----------------------------------

[](#token-exchange-external-auth-mode)

When using external authentication (mode: 'external' in `config/auth.php`), your API validates JWTs from a central auth service but may need to issue **platform tokens** with additional claims like roles.

### Flow

[](#flow)

```
1. User authenticates with external auth service → receives identity token
2. Client calls POST /api/auth/exchange with identity token
3. API validates token against auth service JWKS
4. API looks up user roles from tenant database
5. API signs and returns platform token with roles

```

### Setup

[](#setup)

**1. Generate platform signing keys:**

```
openssl genrsa -out keys/platform-private.pem 2048
openssl rsa -in keys/platform-private.pem -pubout -out keys/platform-public.pem
```

**2. Configure `config/auth.php`:**

```
return [
    'mode' => 'external',
    'server' => [
        'url' => 'http://auth-service:3139',  // Auth service URL
        'issuer' => 'https://auth.example.com', // JWT issuer claim
        'paths' => [
            'jwks' => '/api/auth/jwks',
        ],
    ],
    'platform_jwt' => [
        'private_key_path' => __DIR__ . '/../../keys/platform-private.pem',
        'public_key_path' => __DIR__ . '/../../keys/platform-public.pem',
        'algorithm' => 'RS256',
        'key_id' => 'platform-key-1',
        'ttl' => 3600,
    ],
];
```

**3. Customize role lookup in `TokenExchangeRoute.php`:**

The skeleton uses `Database::fn('get_user_role', [$identityId])`. Replace this with your tenant DB schema:

```
// Option A: user_roles junction table
$roleResult = Database::fn('get_user_roles_by_identity', [$identityId]);

// Option B: Single role column
$roleResult = Database::fn('get_user_by_identity', [$identityId]);
$role = $roleResult[0]['role'] ?? 'member';
```

### Usage

[](#usage)

```
# Exchange identity token for platform token
curl -X POST http://localhost:9100/api/auth/exchange \
  -H "Authorization: Bearer "

# Response
{
  "status": "ok",
  "data": {
    "access_token": "",
    "token_type": "Bearer",
    "expires_in": 3600,
    "role": "admin",
    "roles": ["admin", "member"]
  }
}
```

### Platform Token Claims

[](#platform-token-claims)

The issued platform token includes:

- `identity_id`, `tenant_id`, `tenant_slug` - from identity token
- `role`, `roles` - from tenant database lookup
- `token_type: "platform"` - distinguishes from identity tokens
- Standard JWT claims (`iat`, `exp`, `iss`, `sub`)

---

Migrations
----------

[](#migrations)

Migrations are stored in `migrations/` and run in order:

```
migrations/
├── 001_create_users_table.sql           # Base users table
├── 002_add_email_password_auth.sql      # Email/password columns
├── 003_add_oauth_providers.sql          # OAuth providers table
├── 004_create_api_keys_table.sql        # API keys table
└── 005_create_rbac_tables.sql           # RBAC tables

```

Each `generate auth:*` command adds the necessary migrations. They're composable - run in any order!

---

Docker Deployment
-----------------

[](#docker-deployment)

```
# Start with docker-compose
docker compose up -d

# Run migrations inside container
docker exec -it stonescriptphp-app php stone migrate up

# Create admin user
docker exec -it stonescriptphp-app php stone create:admin
```

See `docker-compose.yaml` for configuration.

---

Default Roles (after `php stone seed rbac`)
-------------------------------------------

[](#default-roles-after-php-stone-seed-rbac)

RolePermissions`super_admin`All permissions`admin`Most permissions except critical ones`moderator`Content management + user viewing`user`Basic content permissions`guest`Read-only accessCustomize by editing the seeder or creating your own roles.

---

Environment Variables
---------------------

[](#environment-variables)

Required variables (created by `php stone setup`):

```
# App
APP_NAME=StoneScriptPHP
APP_ENV=development
APP_PORT=9100

# Database
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_USER=postgres
DATABASE_PASSWORD=your-password
DATABASE_DBNAME=your-database

# JWT (auto-generated)
JWT_PRIVATE_KEY_PATH=./keys/jwt-private.pem
JWT_PUBLIC_KEY_PATH=./keys/jwt-public.pem
JWT_EXPIRY=3600

# Optional: OAuth
GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret
```

---

Project Structure
-----------------

[](#project-structure)

```
my-api/
├── migrations/              # Database migrations (generated)
├── public/
│   └── index.php           # Entry point
├── src/
│   ├── App/
│   │   ├── Routes/         # Route handlers
│   │   ├── DTO/            # Data Transfer Objects
│   │   ├── Lib/            # Custom libraries
│   │   └── AppEnv.php      # Application environment config
│   ├── config/
│   │   ├── routes.php      # Route definitions
│   │   └── allowed-origins.php  # CORS config
│   └── postgresql/
│       ├── tables/         # Table schemas
│       └── functions/      # SQL functions
├── composer.json
├── docker-compose.yaml
└── .env

```

---

Contributing
------------

[](#contributing)

This is the application skeleton. For framework contributions, see [StoneScriptPHP](https://github.com/progalaxyelabs/StoneScriptPHP).

---

License
-------

[](#license)

MIT License - see LICENSE file for details.

---

Next Steps
----------

[](#next-steps)

- [Framework Documentation](https://github.com/progalaxyelabs/StoneScriptPHP)
- [Docker Deployment Guide](DOCKER.md)
- [High Level Design](HLD.md)
- [Website](https://stonescriptphp.org)

###  Health Score

44

—

FairBetter than 90% of packages

Maintenance92

Actively maintained with recent releases

Popularity7

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~5 days

Recently: every ~17 days

Total

37

Last Release

6d ago

Major Versions

v2.4.0 → v3.0.02026-02-24

### Community

Maintainers

![](https://www.gravatar.com/avatar/395201d5852ab3828cb1de9eda82667c405c5dd11b55d9b5be4d768f93955c1d?d=identicon)[pradeepkumardesk](/maintainers/pradeepkumardesk)

---

Top Contributors

[![pradeepdsmk](https://avatars.githubusercontent.com/u/7545127?v=4)](https://github.com/pradeepdsmk "pradeepdsmk (98 commits)")

---

Tags

phpapirestpostgresqlboilerplateSkeletonstonescriptphp

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/progalaxyelabs-stonescriptphp-server/health.svg)

```
[![Health](https://phpackages.com/badges/progalaxyelabs-stonescriptphp-server/health.svg)](https://phpackages.com/packages/progalaxyelabs-stonescriptphp-server)
```

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
