Difference between #25 and #27 of
Yii3 - How to start

Changes

Title unchanged

Yii3 - How to start

Category unchanged

Tutorials

Yii version unchanged

3.0

Tags unchanged

Content changed

[...]
In Yii3 it is not as easy to start as it was with Yii2. You have to install and configure basic things on your own. Yii3 uses the modern approach based on independent packages and dependency injection, but it makes it harder for newcomers. I am here to show them ...

Note:
- Instead of installing local WAMP- or XAMPP-server I will be using Docker.
- Do not forget about a modern IDE like PhpStorm, which comes budnled with all you will ever need.

# Yii3 - How to start
[...]
You can technically create a migration or a command and insert random data manually. But you can also use the Faker. In that case I needed following dependencies:

```sh
 
composer require fakerphp/faker composer require yiisoft/security (not only for generating random strings)  
```


Now find the class `HelloCommand.php`, copy and rename it to `SeedCommand.php`
[...]
Before you start, install dependency:

 
```sh
 
composer require yiisoft/security  
```


Let's create a migration for storing the access tokens:
[...]
```

Then you will also need class `App\Entity\UserTokenRepository` for DB manipulation. Copy and modify the UserRepository. These methods will be handy:

```php
[...]
<?php
declare(strict_types=1);

 
namespace App\Api;
 
use App\Api\Shared\ResponseFactory;
use App\Entity\UserRepository;
use App\Entity\UserTokenRepository;
[...]
use Yiisoft\DataResponse\DataResponse;
use Yiisoft\Http\Status;

 
final class LoginAction { public function __construct( private UserRepository $userRepository, private UserTokenRepository $userTokenRepository, )
 
    {
 
    }
 
{}
public function __invoke(
ResponseFactory $responseFactory,
[...]
{
$data = json_decode((string) $request->getBody(), true);

 
 $username = $data['username'] ?? ''; $password = $data['password'] ?? '';
 
 $user = $this->userRepository->findByUsername($username);
 
 if (!$user || !$user->validatePassword($password)) { return new DataResponse(['error' => 'Invalid credentials'], Status::UNAUTHORIZED); }
 
 $this->userTokenRepository->deleteByUserId($user->getId()); $userToken = $this->userTokenRepository->create($user->getId());
 
 return $responseFactory->success([ 'token' => $userToken->getToken(), 'expires_at' => $userToken->getExpiresAt()->format(DateTimeImmutable::ATOM), ]); }
 
} ``` Next we also need an algorithm that will enforce these tokens in each request, will validate and refresh them and will restrict access only to endpoints that the user can use. This is a bigger topic for later. It may be covered by the package https://github.com/yiisoft/auth/ which offers "HTTP bearer authentication". ## JS client - Installable Vuejs3 PWA If you create a REST API you may be interested in a JS frontend that will communicate with it using Ajax. Below you can peek into my very simple VueJS3 attempt. It is an installable PWA application that works in offline mode (=1 data transfer per day, not on every mouse click) and is meant for situations when customer does not have wifi everywhere. See my [Gitlab](https://gitlab.com/radin.cerny/vuejs3-pwa-demo-plus).
1 0
2 followers
Viewed: 576 times
Version: 3.0
Category: Tutorials
Tags:
Written by: rackycz rackycz
Last updated by: rackycz rackycz
Created on: Oct 8, 2025
Last updated: 2 days ago
Update Article
Revert to #25 | Revert to #27

Revisions

View all history