seatplus / auth
SeAT plus package that handles authentication agnostic to SeAT plus usage as pure API or Web
Maintainers
Requires
- php: ^8.3
- laravel/framework: ^11.0
- laravel/socialite: ^5.0
- seatplus/eveapi: ^4.0
- socialiteproviders/eveonline: ^4.0
- spatie/laravel-permission: ^6.10
Requires (Dev)
- driftingly/rector-laravel: ^1.2
- larastan/larastan: ^2.9
- laravel/pint: ^1.9
- nunomaduro/collision: ^8.1
- orchestra/testbench: ^9.0
- pestphp/pest: ^3.0
- pestphp/pest-plugin-laravel: ^3.0
- pestphp/pest-plugin-type-coverage: 3.5.1
- phpstan/phpstan: 1.12.24
- rector/rector: ^1.2
- 4.x-dev
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0.0
- 3.x-dev
- 3.0.0
- 2.x-dev
- 2.0.1
- 2.0.0
- 1.x-dev
- 1.1.2
- 1.1.1
- 1.1.0
- 1.0.0
- 0.9.6
- 0.9.5
- 0.9.4
- 0.9.3
- 0.9.2
- 0.9.1
- 0.9.0
- 0.8.3
- 0.8.2
- 0.8.1
- 0.8.0
- 0.7.0
- 0.6.1
- 0.6.0
- 0.5.1
- 0.5.0
- 0.4.2
- 0.4.1
- 0.4.0
- 0.3.1
- 0.3.0
- 0.2.5
- 0.2.4
- 0.2.3
- 0.2.1
- 0.2.0
- 0.1.6
- 0.1.5
- 0.1.4
- 0.1.3
- 0.1.1
- 0.1.0
- dev-fix/manage-role-actions-tuple-format
- dev-fix/custom-permission-models
- dev-dependabot/composer/rector/rector-tw-1.2.4
- dev-fix/return_type
- dev-dependabot/composer/spatie/laravel-permission-tw-6.9
This package is auto-updated.
Last update: 2026-04-29 11:47:30 UTC
README
Handles authentication, authorisation, and SSO scope compliance for the seatplus EVE Online management platform. This is the core package — seatplus/eveapi and seatplus/web both depend on it.
Overview
Role system
Four role types with distinct membership and permission semantics:
| Type | Membership | Use case |
|---|---|---|
automatic |
Auto-assigned when a character belongs to a configured corporation or alliance | Fleet / alliance access |
on-request |
User applies, moderator approves or denies | Corp-specific elevated access |
manual |
Admin explicitly adds / removes individual users | One-off grants |
opt-in |
User self-joins if they meet the criteria | Opt-in programmes |
Affiliation system
Every role has Affiliation records that define permission scope (which EVE entities the role holder can access data for), not membership. Three types:
allowed— these corporations / alliances / characters are in scopeinverse— everyone except these is in scopeforbidden— always excluded, overridesallowed/inverse
SSO scope compliance
IsUserCompliantService checks whether every character owned by a user has all required OAuth scopes. Required scopes are aggregated from global settings, corporation-level SsoScopes records, and alliance-level records. Non-compliant users have their role memberships set to inactive automatically on the next handleMembers() call.
Permission checking
CanUserService::check() runs a Laravel Pipeline to validate a set of EVE entity IDs against a user's permissions. The pipeline strips IDs the user owns, IDs covered by in-game corporation roles (e.g. Director), and IDs covered by Spatie permissions. Any remaining IDs are denied. The superuser permission bypasses all checks.
Installation
composer require seatplus/auth
Publish and run migrations:
php artisan vendor:publish --provider="Seatplus\Auth\AuthServiceProvider"
php artisan migrate
Usage
Add OAuth scopes to a character
By default the minimal scopes are requested. To step up a character to additional scopes, redirect to:
/eve/sso/{character_id}/step_up?add_scopes=esi-skills.read_skills.v1,esi-wallet.read_character_wallet.v1
Check permissions
use Seatplus\Auth\Services\Dtos\ValidateIdsDTO; use Seatplus\Auth\Services\CanUserService; $dto = ValidateIdsDTO::make(entity_ids: [12345678], user: $user); CanUserService::check($user, $dto, permissions: ['view member tracking']);
Development
Requirements
- PHP 8.3+
- PostgreSQL (user
seatplus, passwordsecret, databaselaravel@127.0.0.1:5432) - Redis @
127.0.0.1:6379
Running the test suite
composer run test # lint + PHPStan + type-coverage + unit tests composer run test:unit # unit tests only composer run test:lint # Pint formatting check composer run lint # auto-fix formatting with Pint composer run test:types # PHPStan static analysis composer run test:type-coverage # 100% type coverage check