Why Laravel apps break—Mastering the fundamentals to keep them maintainable

Why Laravel apps break .BTUFSJOHUIFGVOEBNFOUBMTUPLFFQUIFNNBJOUBJOBCMF -BSBWFM-JWF+BQBO ,FOUBSP5BLFEB!,FOUBSPV5BLFEB

"CPVU.F 8IP*BN • 8FC"QQMJDBUJPO%FWFMPQFS • 1)14JODF-BSBWFM4JODF X: @KentarouTakeda Selected Past
Talks Conference Title PHPerKaigi 2023 Dr. Strange Laravel PHPerKaigi 2024 Schema driven development with Laravel OpenAPI PHPerKaigi 2025 The Housekeeper and Laravel

"HFOEB 5IF"*FSBBOEUIFTUSVDUVSFPGUIF-BSBWFM8BZ 4FQBSBUJPOPGDPODFSOTPOUIFJOCPVOETJEF 4FQBSBUJPOPGDPODFSOTPOUIFPVUCPVOETJEF 5IFTFQBSBUJPOPGDPODFSOT-BSBWFMQSPWJEFT
5IF-BSBWFM8BZCPPTUT"* UPP 8SBQVQ

8IZMFBSOUIF-BSBWFM8BZ 8IZUIF"*FSBJTIFSF 8IBUNJOJNJ[JOHEFTJHOEFDJTJPOT )PXUIF-BSBWFM8BZ

lWhy: the AI era is here 5IFDMFBOTUBDLGPS"SUJTBOTBOE BHFOUT IUUQTMBSBWFMDPN

lWhat: minimizing design decisions #VUXFDBOTPNFUJNFTUFOEUPBTEFWFMPQFST UPDSFBUFMJLFTPSUPGMJLFWFSZDPNQMFY DBUIFESBMTPGDPNQMFYJUZUIBUBSFOUTPFBTZUP DIBOHF ZPVLOPX EFTQJUFUIFJSDPNQMFYCFBVUZ
"OETPGUXBSFTIPVMECFBMJUUMFCJUNPSF ZPV LOPX TJNQMFBOEEJTQPTBCMFBOEFBTZUP DIBOHFBOE 5BZMPS0UXFMM8IBU:FBSTPG-BSBWFM5BVHIU.F "CPVU.BJOUBJOBCJMJUZ

lHow: the Laravel Way 'PMMPX-BSBWFMDPOWFOUJPOT %POUPWFSSJEFEFGBVMUT VOOFDFTTBSJMZ -BSBWFM#PPTU(VJEFMJOF"SDIJUFDUVSF#FTU 1SBDUJDFT$POWFOUJPO0WFS$POGJHVSBUJPO

l 6TFphp artisan make:DPNNBOETUPDSFBUF OFXGJMFT JFNJHSBUJPOT DPOUSPMMFST NPEFMT FUD
-BSBWFM#PPTU(VJEFMJOFMBSBWFMDPSFSVMFT

$SFBUJOH$36%GPSBBookSFTPVSDF php artisan make:model --api Book Class File Model app/Models/Book.php
Factory database/factories/BookFactory.php Migration database/migrations/2011_06_09_000000_create_books_table.php Seeder database/seeders/BookSeeder.php Request app/Http/Requests/StoreBookRequest.php Request app/Http/Requests/UpdateBookRequest.php Controller app/Http/Controllers/BookController.php Policy app/Policies/BookPolicy.php

$SFBUJOHDPNQPOFOUTCFZPOE$36% php artisan make:* Command File Description make:test tests/Feature/BookControllerTest.php Test
make:observer app/Observers/FooObserver.php Invariants and side effects for records and Eloquent models make:scope app/Models/Scopes/FooScope.php Cross-cutting constraints on queries make:component app/View/Components/Foo.php Encapsulating view-side logic make:rule app/Rules/Foo.php Custom validation make:cast app/Casts/AsFoo.php Transparent conversion between columns and fields make:event app/Events/BookUpdated.php Event make:listener app/Listeners/SendEmailToSubscriber.php Event listener

l *XJMMTBZUIBUMJLFUIFBQQTUIBUTFFNUPEP UIFCFTUJOUFSNTPGMPOHUFSNNBJOUBJOBCJMJUZ BOETPSUPGUIFBCJMJUZUPKVTUVOEFSTUBOEUIF DPEFPWFSUJNFBSFBQQTUIBUKVTUTUJDL DMPTFTUUPUIFDPOWFOUJPOTPGUIFGSBNFXPSL 5BZMPS0UXFMM8IBU:FBSTPG-BSBWFM5BVHIU.F "CPVU.BJOUBJOBCJMJUZ

"DPNNPO-BSBWFM8BZEFCBUF • 5JHIUDPVQMJOHUFOETUPCSFFEDPNQMFYJUZ • -PHJDTIPVMECFDMFBO • %FQFOEJOHPOUIFGSBNFXPSLNBLFTUFTUJOH IBSEFS • 4PTIPVMEOUEPNBJOMPHJDCFDPNQMFUFMZ
TFQBSBUFEGSPNUIFGSBNFXPSL

%FDPNQPTFEPSOPU XJSJOHJTNBOVBM public function update(Request $request, int $number): Response {
$user = $this->authService->authenticate($request); $data = $this->requestValidator->validate($request); $pullRequest = $this->pullRequestFinder->find($number); $this->pullRequestRules->assertUpdatable($pullRequest); $this->authorizer->authorize($user, 'update', $pullRequest); // Main logic $pullRequest->update($data); return new JsonResponse($pullRequest, 200); } • &WFOBGUFSEFDPNQPTJOHJOUPTJOHMFSFTQPOTJCJMJUZDMBTTFT UIFDBMM TFRVFODFTUBZTJOUIFDPOUSPMMFS • 4PNFUIJOHUIBUSFTFNCMFTCPJMFSQMBUFNFUIPEOBNFT BSHVNFOUT BOE PSEFSBMMEJGGFSTVCUMZ • 'PSHFUUJOHBOBVUIPSJ[BUJPODBMM SFWFSTJOHUIFPSEFS NJYJOHVQBSHVNFOUT FWFSZPOFBHBUFXBZUPBTFDVSJUZJODJEFOU

5IFFOUSZQPJOUJTBQJQFMJOF *UTBQJQFMJOF OPU$MFBO "SDIJUFDUVSFTMBZFSTCVUUIF DPODFSOTBSFTUJMMDMFBSMZ TFQBSBUFE

5IFDPOUSPMMFSKVTUXSJUFTJUCBDL class UpdatePullRequest { #[Middleware('auth')] #[Authorize('update', 'pullRequest')] public function __invoke(
UpdatePullRequestRequest $request, PullRequest $pullRequest, ): PullRequestResource { return tap($pullRequest) ->update($request->validated()) ->toResource(); } }

7BMJEBUJPOMJWFTJOB'PSN3FRVFTU class UpdatePullRequestRequest extends FormRequest { public function rules(): array
{ return [ 'title' => ['required', 'string', 'max:255'], 'body' => ['nullable', 'string'], 'base_ref' => ['nullable', 'string', new BranchName], ]; } }

"VUIPSJ[BUJPOMJWFTJOB1PMJDZ class PullRequestPolicy { public function update(User $user, PullRequest $pullRequest):
bool { if (!in_array($pullRequest->state, [State::Open, State::Draft])) { return false; } return $pullRequest->author_id === $user->id || $this->isMaintainer($user, $pullRequest); } }

6OJU5FTUFBDIMBZFSJOJTPMBUJPO // Eloquent in memory — no DB needed $user
= new User() ->forceFill(['id' => 42]) ->setRelation( 'pivot', new Pivot() ->forceFill(['role' => 'maintainer']) ); $pullRequest = new PullRequest() ->forceFill(['author_id' => 23, 'state' => State::Open]) ->setRelation( 'repository', new Repository() ->setRelation('collaborators', collect([$user])) ); // Policy: pure PHP class — instantiate and call $policy = new PullRequestPolicy(); $this->assertTrue($policy->update($user, $pullRequest)); // ValidationRule: also a pure PHP class $rule = new BranchName(); $rule->validate( 'ref', 'feature/new-branch', fn($msg) => $this->fail($msg) ); // If we reach here, validation passed $this->assertTrue(true);

'FBUVSF5FTUUIFXIPMFQJQFMJOF $this->actingAs($outsider) ->putJson("/api/prs/{$pullRequest->id}", $validData) ->assertStatus(403); // Blocked by Policy $this->actingAs($author)
->putJson("/api/prs/{$pullRequest->id}", $invalidData) ->assertStatus(422); // Blocked by FormRequest $this->actingAs($author) ->putJson("/api/prs/{$pullRequest->id}", $validData) ->assertStatus(200); // All pass

;FSPEFTJHOEFDJTJPOTJOUIFCPJMFSQMBUF • /BNJOHUpdatePullRequestRequest PullRequestPolicy • 1MBDFNFOUHttp/Requests/ Policies/ Rules/ •
(FOFSBUJPOphp artisan make:* %FWFMPQFSTDBOGPDVTPOXIBUHPFTJOTJEF SVMFT BOEUIFBVUIPSJ[BUJPOMPHJD

%FFQEJWFBSUJDMF -BSBWFM)PX'PSN3FRVFTU 1PMJDZ BOE 7BMJEBUJPO3VMF3FBDIFE5IFJS'JOBM'PSN IUUQTOPIBDLOPMJGFFOQPTUEFDPVQMJOH XJUIMBSBWFMGPSNSFRVFTUBOEQPMJDZ ,FZQPJOUT • )PXBVUIFOUJDBUJPO
BVUIPSJ[BUJPO BOE WBMJEBUJPOFWPMWFEJOUPUIFJSGJOBMGPSN • "EWBODFEUFDIOJRVFTTVDIBTTUBUFUSBOTJUJPO BVUIPSJ[BUJPO

4JEFFGGFDUTHPJOUP-JTUFOFST Controller Event dispatch Listeners UpdateInventory SendConfirmation NotifyAdmin 4JEFFGGFDUTBSFTFQBSBUFEJOUP -JTUFOFSTBOEXJUIBVUP
EJTDPWFSZ FWFOUIFXJSJOHJT VOOFDFTTBSZ

5IFDPOUSPMMFSTKPCFOETBUEJTQBUDI public function store( StoreOrderRequest $request, PaymentGateway $payment, ): OrderResource
{ return DB::transaction(function () use ($request, $payment) { $order = Order::create($request->validated()); $payment->pay($order); event(new OrderConfirmed($order)); return $order; })->toResource(); }

4ZODISPOPVT-JTUFOFSTEPPOFUIJOH class UpdateInventory { public function __construct( private Inventory $inventory,
) {} public function handle(OrderConfirmed $event): void { $this->inventory->deductFor($event->order); } }

"TZODISPOPVT-JTUFOFSTBGUFSDPNNJU class SendConfirmation implements ShouldQueueAfterCommit { public function handle(OrderConfirmed $event):
void { Mail::to($event->order->customer) ->send( new OrderConfirmationMail($event->order), ); } }

5FTUFEJOEFQFOEFOUMZ MJLFCFGPSF // Controller: verify dispatch only Event::fake(); $this->postJson('/api/orders', $valid)
->assertStatus(201); Event::assertDispatched( OrderConfirmed::class ); // Listener: isolated from the request $this->mock(Inventory::class) ->shouldReceive('deductFor') ->once() ->with($order); $event = new OrderConfirmed($order); $this->app->make(UpdateInventory::class) ->handle($event);

)BSEUPGPMMPXNFBOTJUTVDDFFEFE • "DPNNPODPODFSOXJUIFWFOUESJWFODPEF JUTIBSEUPGPMMPXXIFSFBOEXIBUJT IBQQFOJOH • "OPUIFSXBZUPTFFJUCFJOHIBSEUPGPMMPXJT JUTFMGQSPPGUIBUUIFTFQBSBUJPOPGDPODFSOT TVDDFFEFE
• 0CTFSWBCJMJUZJTTFDVSFETFQBSBUFMZ • php artisan event:list • *%&HPUPSFGFSFODF • 5IFapp/Listeners/EJSFDUPSZ

&OUSZBOEFYJUUIFTBNFJEFB • &OUSZBQJQFMJOF .JEEMFXBSFˠ'PSN3FRVFTU ˠ$POUSPMMFS • &YJUFWFOUESJWFO $POUSPMMFSˠ&WFOUˠ -JTUFOFS •
*ODPNNPOXJSJOH OBNJOH BOEQMBDFNFOUBSF -BSBWFMDPOWFOUJPOT "MMUIBUSFNBJOTPOUIFBQQTJEFJTUIFDPOUFOUT PGFBDISFTQPOTJCJMJUZDMBTT

%FFQEJWFBSUJDMF 5IBU-PPTF$PVQMJOH -BSBWFM$BO%P*U IUUQTOPIBDLOPMJGFFOQPTUEFDPVQMJOH XJUIMBSBWFMFWFOUT ,FZQPJOUT • "DIJFWJOHMPPTFDPVQMJOHXJUIPVUJOUSPEVDJOH UIJOHTMJLFB3FQPTJUPSZ •
$IPPTJOHCFUXFFOTZODISPOPVTBOE BTZODISPOPVT BOEUIFUFTUJOHTUSBUFHZ

5IFCJHQJDUVSF Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener

$36%3FTPVSDF Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener • $36%JTCVOEMFEBTBRoute::resource()SFTPVSDF

1JQFMJOF Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener "MMQSFQSPDFTTJOHIBQQFOTUSBOTQBSFOUMZBOEOFWFSCMPBUTUIF DPOUSPMMFS

3PVUF.PEFM#JOEJOH Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener 3PVUF.PEFM#JOEJOHSFTPMWFTUIFNPEFMJOBEWBODF

5IJO$POUSPMMFS Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener 5IFDPOUSPMMFSKVTUXSJUFTCBDLUIF BMSFBEZSFTPMWFENPEFM return tap($book) ->update($request->validated()) ->toResource();

&WFOU%SJWFOTJEFFGGFDUT Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener 4JEFFGGFDUTBSFJTPMBUFECZFWFOUT 5IFZDBOCFNBEFBTZODISPOPVT UPP event(new BookUpdated($book));

&YQSFTTJWF"DUJWF3FDPSE Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener • 4DPQF $BTU BOE.VUBUPSBCTPSCUIFHBQCFUXFFO"DUJWF 3FDPSEBOEUIFEPNBJO

1FSTJTUFODFMBZFSTJEFFGGFDUT Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener • 4JEFFGGFDUTPO&MPRVFOUNPEFMTDBOBMTPCFTFQBSBUFEXJUI FWFOUT

-JHIUXFJHIUDPOUSPMMFSUFTUT Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener

*TPMBUFEJOUFSWFOUJPOQPJOUUFTUT Test ApiResource Response ValidationRule CRUD Authenticate Route Model Binding
Authorize FormRequest Controller Model Table Scope Cast Mutator Policy Event Listener • &BDIJOUFSWFOUJPOQPJOUDBOCFUFTUFEXJUIBTJOHMF SFTQPOTJCJMJUZ

8IBUEPFTUIF-BSBWFM8BZQSPWJEF "TUSVDUVSFUIBULFFQTDPOUSPMMFSTBOE NPEFMTGSPNCMPBUJOH $POWFOUJPOTUIBUNBLFXJSJOHVOOFDFTTBSZ 5IFJNQMFNFOUBUJPOCFIJOEUIFDPOWFOUJPOT JTUFTUBCMFJOJTPMBUJPO ,OPXJOHUIFTUSVDUVSF
BOENBQQJOHZPVS SFRVJSFNFOUTPOUPJU JTUIFTFDSFUUPLFFQJOHBOBQQMJDBUJPOTJNQMF

8IFOUIFTUSVDUVSFEPFTOUGJU 1SFWJPVTUBMLBU1)1FS,BJHJ +BQBO ࢲͷѪͨ͠-BSBWFMʙϨʔϧΛ௒͑ͨͦͷઌ΁ʙ 5IFIPVTFLFFQFSBOE-BSBWFM#FZPOEUIF 3BJMT 4MJEFTIUUQTTQFBLFSEFDLDPNLFOUBSPVUBLFEBTJ OPBJTJUBMBSBWFMSFSVXPDIBPFUBTPOPYJBOIF 7JEFP IUUQTXXXZPVUVCFDPNXBUDI
W-F[2U[O0Z& ,FZQPJOUT • )BOEMFUIFQBSUTUIBUEPOUGJUCZ FYUFOEJOH-BSBWFMJUTFMG • ,FFQUIF"QQMBZFSDPEFPOUIF-BSBWFM 8BZ

l :PVS"*JTPOMZBTHPPEBTUIF EFDJTJPOTJUEPFTOUIBWFUP NBLF 5IF#FTU7JCFDPEJOH4UBDLGPS

l 3VOUIFNJOJNBMOVNCFSPGUFTUT VTJOHBO BQQSPQSJBUFGJMUFS CFGPSFGJOBMJ[JOH -BSBWFM#PPTU(VJEFMJOF3VOOJOH5FTUT

4NBMMSFTQPOTJCJMJUJFTNFBOTNBMMUFTUT • 4FQBSBUJPOPGDPODFSOTUISPVHIUIF-BSBWFM 8BZˠFBDIVOJUTSFTQPOTJCJMJUZJTTNBMM • 5IFHFOFSBUFˠUFTUˠGJYMPPQDBOSVOGBTU • )VNBOTDBOGPDVTPOKVTUUIFCSPLFOQBSU

l 6TFphp artisan make:DPNNBOETUPDSFBUF OFXGJMFT JFNJHSBUJPOT DPOUSPMMFST NPEFMT FUD
-BSBWFM#PPTU(VJEFMJOFMBSBWFMDPSFSVMFT

-BSBWFM#PPTUCPPTUTIVNBOTBOE"* • 3FBEBCJMJUZGPSIVNBOT • 0VUQVUBDDVSBDZGPS"* • #PUIEFSJWFGSPNNJOJNJ[JOHEFTJHOEFDJTJPOT

l -BSBWFMJTVOJRVFMZQPTJUJPOFEUP CFUIFCFTUGSBNFXPSLGPS"* BTTJTUFEBOEBHFOUJD EFWFMPQNFOU -BSBWFMY"*"TTJTUFE%FWFMPQNFOU

,OPXJOHZPVSGSBNFXPSLTTUSVDUVSF NBUUFSTNPSFBOENPSF GPSEFWFMPQFSTJOUIF"*FSB

8IZMFBSOUIF-BSBWFM8BZ 8IZUIF"*FSBJTIFSF 8IBUNJOJNJ[JOHEFTJHOEFDJTJPOT )PXUIF-BSBWFM8BZ

l %P5IJOHTUIF-BSBWFM8BZ -BSBWFM#PPTU(VJEFMJOF

Why Laravel apps break—Mastering the fundamenta...

Why Laravel apps break—Mastering the fundamentals to keep them maintainable

More Decks by 武田 憲太郎

Other Decks in Programming

Featured

Transcript

More Decks by 武田憲太郎