A Laravel 12 + ReactJS Full Stack Starter Boilerplate. This is a secure, modular, production-ready base project using Laravel 12 with ReactJS frontend, ideal for building scalable web applications without Blade.
What LaraBaseX Is
A starter kit for developers who want to skip repetitive setup work and start building features right away.
- Laravel 12 backend → clean REST API architecture, ready for production.
- ReactJS frontend → Vite-based, integrated with API, UI ready with Shadcn.
- Security baked in → CSRF, CORS, Rate limiting, Sanitization.
- Roles & Permissions → Spatie permissions + UI protection.
- Full CRUDs ready → Users, Employees, Enquiries.
- Deployment ready → Works with Docker, VPS, or shared hosting.
Why It’s Useful
- Saves weeks of setup time by giving you authentication, authorization, logging, validation, helper functions, and database structure out of the box.
- Gives a modern dev experience — API response helpers, centralized error handling, custom commands, and frontend integration.
- Provides flexibility — you can scale it from small apps to enterprise-level solutions.
Included Major Features
- Backend → Laravel 12 API, Sanctum Auth, MySQL, Redis queues, Spatie permissions, custom helpers.
- Frontend → React + Shadcn UI, API integration, role-based UI.
- Dev Tools → PHPStan, Pest tests, ESLint, Pint, Postman tests, Docker dev setup.
- Security → HTTPS enforcement, CORS setup, CSRF tokens, rate limits.
- Production Ready → Queue workers, caching, mailers, exception logging, activity logs.
| No. | Topics |
|---|---|
| 0. | Tech Stack |
| 1 | Features and Integrations |
| 2 | Getting Started |
| 3 | Documentations |
| 4 | Folder Structure |
A modern tech stack for building scalable web applications.
- Backend: Laravel 12 (REST API)
- Frontend: ReactJS (Vite + Axios) + Shadcn UI
- Database: MySQL
- Authentication: Laravel Sanctum
- Deployment Ready: Docker / Shared Hosting / VPS
| Category | Integrations & Features |
|---|---|
| RDBMS | MySQL, SQLite (default) |
| Storage | Local, Unix File System |
| Message Queues | Redis, Database (queue driver), Supervisor (production) |
| Mailers | SMTP, Mailgun (via Laravel config) |
| Caching | Redis, File |
| Logging | Monolog, custom exception handler, Spatie Activity Log |
| Validations | FormRequest, custom validation rules |
| Transformers | API response helpers |
| Helpers | Centralized helpers for API, formatting, utilities |
| Internationalisation | Laravel's built-in i18n, language files |
| Console Commands | Custom Artisan commands, scheduler |
| Security | HTTPS, CORS, CSRF, Rate Limiting, Authorization, Input Sanitization |
| Frontend | ReactJS (Vite), Shadcn UI, Inertia.js SPA routing |
| Deployment | Docker, Shared Hosting, VPS |
| Authentication | Full login & registration flow with database-backed users |
| Dashboard | Working dashboard UI and backend |
| Roles & Permissions | Create/manage roles, assign permissions, protect routes and UI |
| User Management | Full users CRUD (create, read, update, delete) and assign Roles & Permissions |
| Employee Management | Employee CRUD (create, read, update, delete) and assign Roles & Permissions |
| Enquiry | Enquiry section for user/customer queries |
-
Clone the repo:
git clone https://github.com/ayush-sleeping/LaraBaseX.git cd LaraBaseX -
Install backend dependencies:
composer install
-
Install frontend dependencies:
npm install
-
Copy and configure environment files:
cp .env.example .env
- Update
.envwith your database credentials (MySQL recommended, SQLite supported). - Set up mail, cache, and other environment variables as needed.
- Update
-
Generate application key:
php artisan key:generate
-
Run database migrations and seeders:
php artisan migrate --seed
-
Build frontend assets:
npm run build
-
Start the Laravel backend server:
php artisan serve
- Or use Docker for local development:
docker-compose up
- Or use Docker for local development:
-
Start the React frontend (Vite):
npm run dev
-
Access the app:
- Backend API: http://localhost:8000
- Frontend: http://localhost:5173
-
Run tests and code quality checks:
- PHPStan (static analysis):
./vendor/bin/phpstan analyse
- Pest (unit/feature tests):
./vendor/bin/pest
- Pint (code style):
./vendor/bin/pint
- ESLint (frontend lint):
npm run lint
- Postman/Newman (API tests):
bash postman/test.sh
- Health check:
php test_health.php
- PHPStan (static analysis):
Comprehensive guides and references for the codebase.
| No. | Topics | Includes |
|---|---|---|
| 1 | Security Essentials Documentation | HTTPS Enforced, CORS Configured Properly, CSRF Protection and Others ... |
| 2 | Architecture & Structure Essentials | Helpers, Services, Job Queues, and Others ... |
| 3 | Packages to Include Documentation | Spatie Laravel Permission, Laravel Sanctum, and Others ... |
| 4 | Developer Experience Documentation | Global Exception Handler, Standard API Response, Seeder & Factory and Others ... |
| 5 | Frontend Integration Documentation | Serve React with Vite, Proxy Setup, React Router and Others ... |
| 6 | User Management Essentials | Auth APIs, Password Management, Roles & Permissions and Others ... |
| 7 | Helper Functions Documentation | Helper Functions |
| 8 | MySQL Best Practices Documentation | MySQL Best Practices |
| 9 | Deployment & Production Readiness | Deployment on server |
| 10 | Authentication Flow Documentation | Authentication Flow |
| 11 | Authorization Flow Documentation | Authorization Flow |
| 12 | Setting Profile Information Update | Profile Information Update |
| 13 | Setting Password Update | Password Update |
| 14 | Permission Based UI Implementation | Permission Based UI Implementation |
| 15 | LaraBaseX Postman Collection | Postman Collection |
| 16 | Testing | Testing Documentation |
LaraBaseX/
├── app/
│ ├── Http/
│ │ ├── Controllers/
│ │ │ ├── Api/
│ │ │ │ ├── AuthController.php
│ │ │ │ ├── BaseApiController.php
│ │ │ │ └── HomeController.php
│ │ │ ├── Auth/
│ │ │ │ ├── AuthenticatedSessionController.php
│ │ │ │ ├── ConfirmablePasswordController.php
│ │ │ │ ├── EmailVerificationNotificationController.php
│ │ │ │ ├── EmailVerificationPromptController.php
│ │ │ │ ├── NewPasswordController.php
│ │ │ │ ├── PasswordController.php
│ │ │ │ ├── PasswordResetLinkController.php
│ │ │ │ ├── RegisteredUserController.php
│ │ │ │ └── VerifyEmailController.php
│ │ │ ├── Backend/
│ │ │ │ ├── DashboardController.php
│ │ │ │ ├── EmployeeController.php
│ │ │ │ ├── EnquiryController.php
│ │ │ │ ├── RoleController.php
│ │ │ │ └── UserController.php
│ │ │ ├── Frontend/
│ │ │ │ └── (empty)
│ │ │ ├── Settings/
│ │ │ │ ├── PasswordController.php
│ │ │ │ └── ProfileController.php
│ │ │ ├── Controller.php
│ │ │ └── HealthController.php
│ │ ├── Kernel.php
│ │ ├── Middleware/
│ │ │ ├── AdminAccess.php
│ │ │ ├── Authenticate.php
│ │ │ ├── BasicAuth.php
│ │ │ ├── EncryptCookies.php
│ │ │ ├── ForceHttps.php
│ │ │ ├── HandleAppearance.php
│ │ │ ├── HandleInertiaRequests.php
│ │ │ ├── PreventBackHistory.php
│ │ │ ├── PreventRequestsDuringMaintenance.php
│ │ │ ├── RedirectIfAuthenticated.php
│ │ │ ├── Token.php
│ │ │ ├── TrimStrings.php
│ │ │ ├── TrustHosts.php
│ │ │ ├── TrustProxies.php
│ │ │ ├── ValidateSignature.php
│ │ │ └── VerifyCsrfToken.php
│ │ └── Requests/
│ │ ├── Auth/
│ │ │ └── LoginRequest.php
│ │ ├── Settings/
│ │ │ └── ProfileUpdateRequest.php
│ │ └── (empty)
│ ├── Repositories/
│ │ └── Contracts/ (empty)
│ ├── Scopes/
│ │ └── HierarchyScope.php
│ ├── Services/
│ │ ├── BackupMonitoringService.php
│ │ ├── CacheWarmupService.php
│ │ └── QueryCacheService.php
│ ├── Traits/
│ │ ├── Cacheable.php
│ │ └── Hashidable.php
│ └── helpers.php
├── bootstrap/
│ ├── cache/
│ │ ├── .gitignore
│ │ ├── config.php
│ │ ├── packages.php
│ │ ├── routes-v7.php
│ │ └── services.php
│ ├── app.php
│ └── providers.php
├── config/
│ ├── app.php
│ ├── auth.php
│ ├── backup.php
│ ├── broadcasting.php
│ ├── cache.php
│ ├── cors.php
│ ├── database.php
│ ├── debugbar.php
│ ├── filesystems.php
│ ├── hashids.php
│ ├── hashing.php
│ ├── inertia.php
│ ├── l5-swagger.php
│ ├── logging.php
│ ├── mail.php
│ ├── permission.php
│ ├── proxy.php
│ ├── queue.php
│ ├── sanctum.php
│ ├── services.php
│ ├── session.php
│ ├── telescope.php
│ ├── trusted.php
│ ├── view.php
├── database/
│ ├── .gitignore
│ ├── database.sqlite
│ ├── factories/
│ │ └── UserFactory.php
│ ├── migrations/
│ │ ├── 0001_01_01_000000_create_users_table.php
│ │ ├── 0001_01_01_000001_create_cache_table.php
│ │ ├── 0001_01_01_000002_create_jobs_table.php
│ │ ├── 2025_08_01_000000_create_permissiongroups_table.php
│ │ ├── 2025_08_01_000001_create_permissions_table.php
│ │ ├── 2025_08_01_000002_create_roles_table.php
│ │ ├── 2025_08_01_000003_create_model_has_permissions_table.php
│ │ ├── 2025_08_01_000004_create_model_has_roles_table.php
│ │ ├── 2025_08_01_000005_create_role_has_permissions_table.php
│ │ ├── 2025_08_01_134338_create_personal_access_tokens_table.php
│ │ ├── 2025_08_04_000001_create_employees_table.php
│ │ ├── 2025_08_04_000002_create_enquiries_table.php
│ │ ├── 2025_08_04_075755_add_avatar_column_to_users_table.php
│ │ ├── 2025_08_08_063250_create_telescope_entries_table.php
│ │ ├── 2025_08_08_063402_create_activity_log_table.php
│ │ ├── 2025_08_08_063403_add_event_column_to_activity_log_table.php
│ │ └── 2025_08_08_063404_add_batch_uuid_column_to_activity_log_table.php
│ └── seeders/
│ ├── DatabaseSeeder.php
│ └── PermissionSeeder.php
├── documentation/
│ ├── 1. Security Essentials/
│ ├── 2. Architecture & Structure Essentials/
│ ├── 3. Packages to Include/
│ ├── 4. Developer Experience (DX)/
│ ├── 5. Frontend Integration (ReactJS)/
│ ├── 6. User Management Essentials/
│ ├── 7. Helper Functions/
│ ├── 8. MySQL Best Practices/
│ ├── 9. Deployment & Production Readiness/
│ ├── 10. Authentication Flow Documentation/
│ ├── 11. Authorization Flow Documentation/
│ ├── 12. Setting Profile Information Update/
│ ├── 13. Setting Password Update/
│ ├── 14. Permission Based UI Implementation/
│ └── 15. Testing/
├── lang/
│ ├── en/
│ └── vendor/
├── node_modules/
│ ├──
├── postman/
│ ├──
├── public/
│ ├── .htaccess
│ ├── apple-touch-icon.png
│ ├── build/
│ ├── favicon.ico
│ ├── favicon.svg
│ ├── index.php
│ ├── logo.svg
│ └── robots.txt
├── resources/
│ ├── css/
│ │ └── app.css
│ ├── js/
│ │ ├── app.tsx
│ │ ├── ssr.tsx
│ │ ├── ziggy.js
│ │ ├── components/
│ │ ├── hooks/
│ │ ├── layouts/
│ │ ├── lib/
│ │ ├── pages/
│ │ │ ├── auth/
│ │ │ ├── backend/
│ │ │ ├── frontend/
│ │ │ ├── settings/
│ │ │ ├── dashboard.tsx
│ │ │ ├── error.tsx
│ │ │ └── welcome.tsx
│ │ └── types/
│ └── views/
│ ├── app.blade.php
│ └── vendor/
│ └── l5-swagger/
├── routes/
│ ├── api.php
│ ├── auth.php
│ ├── backend.php
│ ├── channels.php
│ ├── console.php
│ ├── frontend.php
│ ├── settings.php
│ └── web.php
├── scripts/
│ └── phpstan.sh
├── storage/
│ ├── api-docs/
│ ├── app/
│ ├── debugbar/
│ ├── framework/
│ ├── logs/
│ └── pail/
├── stubs/
│ └──
├── tests/
│ ├── Feature/
│ ├── Pest.php
│ ├── TestCase.php
│ └── Unit/
├── vendor/
│ └── ... (all composer dependencies)
├── .editorconfig
├── .env
├── .env.example
├── .gitattributes
├── .github/
├── .gitignore
├── .prettierignore
├── .prettierrc
├── LICENSE
├── README.md
├── artisan
├── components.json
├── composer.json
├── composer.lock
├── eslint.config.js
├── package-lock.json
├── package.json
├── phpstan-baseline.neon
├── phpstan.neon
├── phpunit.xml
├── postman/
├── test_health.php
├── tsconfig.json
├── vite.config.ts