承接 susheelhbti/laravel-user-admin 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

susheelhbti/laravel-user-admin

Composer 安装命令:

composer require susheelhbti/laravel-user-admin

包简介

A Laravel package for OTP-based authentication with full user management admin API.

README 文档

README

🔐 laravel-user-admin

OTP-based authentication + full admin user-management REST API for Laravel

Packagist License: MIT PHP Laravel

Author: Susheel Kumar — available for freelance & full-time roles. 📧 susheelhbti@gmail.com

✨ Features

  • 📧 Email OTP login with auto user registration
  • 🔐 Sanctum access token + refresh token rotation with reuse detection
  • 👥 Role & permission system (RBAC)
  • 🔒 TOTP two-factor authentication + backup codes
  • 📱 Trusted device management — skip 2FA on trusted devices
  • 🛡️ Admin API — suspend, ban, impersonate, bulk actions
  • 📊 Login history & admin audit logs with Request IDs
  • 📤 CSV user export + 📥 Bulk CSV/JSON import
  • 🗑️ Account deletion with grace period
  • 🎉 30+ named events for Slack, webhooks, Datadog
  • ❤️ Health check endpoint
  • ⚙️ Fully configurable

Requirements

  • PHP 8.1+, Laravel 10 or 11, Laravel Sanctum 3+
  • (Optional) pragmarx/google2fa for TOTP 2FA

Installation

composer require susheelhbti/laravel-user-admin

Add trait to your User model:

use Susheelhbti\LaravelUserAdmin\Traits\HasUserAdmin;

class User extends Authenticatable
{
    use HasUserAdmin;

    protected $casts = [
        'suspended_until'       => 'datetime',
        'last_login_at'         => 'datetime',
        'two_factor_enabled'    => 'boolean',
        'deletion_requested_at' => 'datetime',
        'deletion_scheduled_at' => 'datetime',
    ];
}

Run migrations:

php artisan vendor:publish --tag=laravel-user-admin-migrations
php artisan migrate

Seed roles and permissions:

php artisan db:seed --class="Susheelhbti\\LaravelUserAdmin\\Database\\Seeders\\LaravelUserAdminSeeder"

Schedule commands (Laravel 11 routes/console.php):

Schedule::command('user-admin:clean-otps')->everyFifteenMinutes();
Schedule::command('user-admin:purge-accounts')->daily();

API Endpoints

General

| GET | /api/health | DB status + version |

Auth

| POST | /api/auth/otp/send | Send OTP | | POST | /api/auth/otp/verify | Verify OTP → access + refresh tokens | | POST | /api/auth/logout | Revoke all tokens | | GET | /api/auth/me | Current user | | POST | /api/auth/token/refresh | Rotate tokens |

2FA

| GET | /api/auth/2fa/setup | Generate TOTP secret + QR | | POST | /api/auth/2fa/confirm | Enable 2FA | | POST | /api/auth/2fa/disable | Disable 2FA | | POST | /api/auth/2fa/backup-codes/regenerate | New backup codes |

2FA login flow — on first verify when 2FA is enabled:

{ "requires_2fa": true, "otp_id": 42, "message": "Two-factor authentication required." }

Re-submit with totp_token OR backup_code — no separate endpoint needed.

Trusted Devices

| GET | /api/auth/devices | List | | POST | /api/auth/devices/trust | Mark trusted | | DELETE | /api/auth/devices/{id} | Revoke one | | DELETE | /api/auth/devices | Revoke all |

Account Deletion

| POST | /api/auth/account/request-deletion | Schedule deletion | | POST | /api/auth/account/cancel-deletion | Cancel |

Admin — Users

| GET | /api/admin/users | List (filter: status, role, search) | | POST | /api/admin/users | Create | | GET | /api/admin/users/{id} | Detail | | PUT | /api/admin/users/{id} | Update | | DELETE | /api/admin/users/{id} | Hard delete | | DELETE | /api/admin/users/{id}/soft | Soft delete | | GET | /api/admin/users/export | CSV download | | POST | /api/admin/users/import | Bulk CSV/JSON import |

Admin — Actions

| POST | /api/admin/users/{id}/suspend | Suspend | | POST | /api/admin/users/{id}/unsuspend | Unsuspend | | POST | /api/admin/users/{id}/temporary-ban | Temp ban | | POST | /api/admin/users/{id}/force-password-reset | Force reset | | POST | /api/admin/users/{id}/remove-2fa | Remove 2FA | | POST | /api/admin/users/{id}/terminate-sessions | Kill sessions | | GET | /api/admin/users/{id}/login-history | Login log | | POST | /api/admin/users/{id}/impersonate | Impersonate | | POST | /api/admin/users/stop-impersonation | Stop |

Admin — Bulk

| POST | /api/admin/users/bulk/suspend | Bulk suspend | | POST | /api/admin/users/bulk/unsuspend | Bulk unsuspend | | POST | /api/admin/users/bulk/assign-role | Bulk role | | POST | /api/admin/users/bulk/delete | Bulk delete |

Admin — Stats

| GET | /api/admin/statistics | Counts by status/role | | GET | /api/admin/admin-logs | Audit log |

🎉 Event System

use Susheelhbti\LaravelUserAdmin\Events\UserAdminEvents;
use Illuminate\Support\Facades\Event;

Event::listen(UserAdminEvents::LOGIN_SUCCESS, function (string $e, array $data) {
    logger("Login: {$data['email']} from {$data['ip']}");
});

Event::listen(UserAdminEvents::TOKEN_REUSE_DETECTED, function (string $e, array $data) {
    SlackAlert::send("Token reuse attack for user #{$data['user_id']}!");
});

Event::listen(UserAdminEvents::USER_CREATED, function (string $e, array $data) {
    CrmService::createContact($data['email']);
});

Every payload contains event, fired_at, request_id.

All events: OTP_SENT, OTP_VERIFIED, OTP_FAILED, LOGIN_SUCCESS, LOGIN_FAILED, LOGOUT, TOKEN_REFRESHED, TOKEN_REUSE_DETECTED, TFA_ENABLED, TFA_DISABLED, TFA_FAILED, DEVICE_TRUSTED, DEVICE_REVOKED, SESSIONS_TERMINATED, USER_CREATED, USER_UPDATED, USER_DELETED, USER_SUSPENDED, USER_UNSUSPENDED, ACCOUNT_DELETION_REQUESTED, ACCOUNT_DELETION_COMPLETED, ACCOUNT_DELETION_CANCELLED, ADMIN_ACTION, IMPERSONATION_STARTED, IMPERSONATION_STOPPED, BULK_USERS_IMPORTED, BULK_USERS_SUSPENDED, BULK_USERS_DELETED, BULK_ROLE_ASSIGNED, EMAIL_SENT, EMAIL_FAILED

Middleware

Route::get('/dashboard', fn() => ...)->middleware(['auth:sanctum', 'user-admin.admin']);
Route::get('/mod-panel', fn() => ...)->middleware(['auth:sanctum', 'user-admin.role:moderator']);

Optional TOTP 2FA

composer require pragmarx/google2fa

No extra configuration — auto-enabled once installed.

Artisan Commands

Command Schedule
user-admin:clean-otps Every 15 min
user-admin:purge-accounts Daily

License

MIT © Susheel Kumar

susheelhbti/laravel-user-admin 适用场景与选型建议

susheelhbti/laravel-user-admin 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 0 次下载、GitHub Stars 达 0, 最近一次更新时间为 2026 年 05 月 12 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「admin」 「Authentication」 「laravel」 「otp」 「user-management」 「sanctum」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 susheelhbti/laravel-user-admin 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 susheelhbti/laravel-user-admin 我们能提供哪些服务?
定制开发 / 二次开发

基于 susheelhbti/laravel-user-admin 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 49
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-05-12