mathsgod / light
A lightweight PHP GraphQL framework
Maintainers
Requires
- php: >=8.3
- endroid/qr-code: ^4.8
- firebase/php-jwt: ^7.0
- laminas/laminas-code: ^4.7
- laminas/laminas-diactoros: ^3.5
- league/container: ^5.2
- league/event: ^3.0
- league/flysystem: ^3.15
- mathsgod/json-to-sql: ^1.0
- mathsgod/light-db: ^1.7
- mathsgod/light-db-graphqlite-mappers: ^1.0
- mathsgod/light-graphql: ^1.3
- mathsgod/light-rbac: ^1.0
- mathsgod/light-server: ^1.1
- mathsgod/mysql-schema-migrate: ^1.0
- phpmailer/phpmailer: ^6.8
- ramsey/uuid: ^4.7
- sebastian/diff: ^7.0
- symfony/cache: ^7.4
- symfony/console: ^7.4
- symfony/property-access: ^7.4
- symfony/property-info: ^7.4
- symfony/serializer: ^7.4
- symfony/yaml: ^7.4
- utopia-php/system: ^0.9.0
- web-auth/webauthn-lib: ^4.9
- webonyx/graphql-php: ^15.30
Requires (Dev)
- alphasnow/aliyun-oss-flysystem: ^3.4
- google/apiclient: ^2.15
- hostlink/hostlink-storage-adapter: ^1.0
- laminas/laminas-httphandlerrunner: *
- league/flysystem-aws-s3-v3: ^3.24
- phpstan/phpstan: ^2.0
- phpunit/phpunit: ^12.0
- dev-main
- 1.37.0
- 1.36.0
- 1.35.3
- 1.35.2
- 1.35.1
- v1.35.0
- 1.34.1
- 1.34.0
- 1.33.5
- 1.33.4
- 1.33.3
- 1.33.2
- 1.33.1
- 1.33.0
- 1.32.2
- 1.32.1
- 1.32.0
- 1.31.1
- 1.31.0
- 1.30.1
- 1.30.0
- 1.29.1
- 1.29.0
- 1.28.1
- 1.28.0
- 1.27.1
- 1.27.0
- 1.26.0
- 1.25.0
- 1.24.0
- 1.23.2
- 1.23.1
- 1.23.0
- 1.22.1
- 1.22.0
- 1.21.1
- 1.21.0
- 1.20.3
- 1.20.2
- 1.20.1
- 1.20.0
- 1.19.1
- 1.19.0
- 1.18.2
- 1.18.1
- 1.18.0
- 1.17.2
- 1.17.1
- 1.17.0
- 1.16.1
- 1.16.0
- 1.15.0
- 1.14.2
- 1.14.1
- 1.14.0
- 1.13.7
- 1.13.6
- 1.13.5
- 1.13.4
- 1.13.3
- 1.13.2
- 1.13.1
- 1.13.0
- 1.12.1
- 1.12.0
- 1.11.0
- 1.10.0
- 1.9.0
- 1.8.4
- 1.8.3
- 1.8.2
- 1.8.1
- 1.8.0
- 1.7.0
- 1.6.5
- 1.6.4
- 1.6.3
- 1.6.2
- 1.6.1
- 1.6.0
- 1.5.0
- 1.4.0
- 1.3.0
- 1.2.0
- 1.1.0
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
This package is auto-updated.
Last update: 2026-05-29 08:54:33 UTC
README
light
A lightweight PHP 8.3+ GraphQL backend framework for building admin/CMS applications. Exposes a GraphQL API (plus a few REST endpoints for file serving) backed by a custom ORM (mathsgod/light-db), RBAC, and a PSR-15 middleware pipeline.
The companion frontend module is nuxt-light — a Nuxt 4 module using Quasar UI.
Requirements
- PHP >= 8.3
- Composer
- MySQL / MariaDB (or any Laminas DB-supported database)
Installation
composer install
Configuration
All configuration is read from a .env file in the project root.
Database
DATABASE_HOSTNAME= DATABASE_DATABASE= DATABASE_USERNAME= DATABASE_PASSWORD= DATABASE_PORT= DATABASE_CHARSET=
JWT Secret
A random string used to sign JWT access/refresh tokens.
JWT_SECRET=
Timezone
TZ=Asia/Hong_Kong
Google Sign-In (optional)
Install the Google API client:
composer require google/apiclient
Then set:
GOOGLE_CLIENT_ID=
Other optional settings
API_PREFIX= # URL prefix for the GraphQL endpoint CORS= # Allowed CORS origin domain
Development Server
# Linux / macOS sh run.sh # Windows run.bat
Both start php -S 0.0.0.0:8888 router.php.
Database Schema
Initialize the database schema (defined in db.json):
php bin/light db:install
CLI Scaffolding
php bin/light make:controller Name # Generate a GraphQL controller php bin/light make:model Name # Generate an ORM model php bin/light make:input Name # Generate a GraphQL input type php bin/light make:ts # Generate TypeScript definitions from the schema
Architecture
index.php → Light\App::run()
→ Middleware pipeline (CORS, JWT auth, file upload)
→ Router:
GET /fs/{protocol}/{path} — Flysystem file serving
GET /drive/{index}/{path} — Drive/storage access
POST /refresh_token — JWT token refresh
* — GraphQL execution
Schema generation is annotation-driven via TheCodingMachine/GraphQLite. Controllers in src/Controller/ declare queries and mutations using PHP 8 attributes (#[Query], #[Mutation], #[Type], etc.).
ORM — models live in src/Model/ and extend Light\Model. The schema is defined in db.json. save() and delete() auto-populate audit fields (created_time, updated_time, created_by, updated_by) and write to EventLog.
RBAC — role → permission mappings bootstrap from permissions.yml; menus bootstrap from menus.yml. The Administrators role always has * (wildcard) permission.
File storage — file operations go through Light\Drive (Flysystem MountManager). Supported adapters: Local, AWS S3, Aliyun OSS, Hostlink.
Directory Layout
| Path | Purpose |
|---|---|
src/Controller/ |
GraphQL controllers (queries & mutations) |
src/Model/ |
ORM models, extend Light\Model |
src/Input/ |
GraphQL input types for mutations |
src/Type/ |
GraphQL output types |
src/Command/ |
Symfony Console CLI commands |
src/Auth/ |
JWT auth & authorization logic |
src/Drive/ |
Flysystem drive abstraction |
function/ |
Global helper functions (auto-loaded) |
pages/ |
Optional plain-PHP pages (return JSON) |
db.json |
Database schema definition |
menus.yml |
Hierarchical menu definitions |
permissions.yml |
Role → permission bootstrap mappings |
Authentication Flow
- Login via GraphQL mutation → returns
access_token(short-lived JWT) +refresh_token - Subsequent requests send
Authorization: Bearer <access_token> - Token refresh:
POST /refresh_token - Optional 2FA (TOTP) and WebAuthn supported via
src/Security/
Testing
./vendor/bin/phpunit --no-coverage # Run all tests ./vendor/bin/phpunit --no-coverage tests/SomeTest.php # Single test file ./vendor/bin/phpunit --no-coverage --filter testMethodName # Single test method ./vendor/bin/phpstan analyse src/ # Static analysis
Tests require a real DB connection (integration tests). Each test wraps in a DB transaction and rolls back in tearDown().
License
MIT