Phone Verification Laravel Package

Getting Started

Minimal Setup

1. Installation

   composer require alexgeno/phone-verification
   

   Add to config/services.php (if not present):

   'phone-verification' => [
       'sender' => 'twilio', // or 'messagebird', 'vonage'
       'twilio' => [
           'account_sid' => env('TWILIO_SID'),
           'auth_token' => env('TWILIO_TOKEN'),
           'from' => env('TWILIO_FROM'),
       ],
       // ... other providers
   ],
   

2. Publish Config

   php artisan vendor:publish --provider="Alexgeno\PhoneVerification\PhoneVerificationServiceProvider"
   

   Customize .env and config/phone-verification.php (e.g., OTP length, expiry, retries).

3. First Use Case: Send OTP

   use Alexgeno\PhoneVerification\PhoneVerification;
   
   $verifier = app(PhoneVerification::class);
   $verifier->send('+1234567890'); // Returns OTP ID
   

Implementation Patterns

Core Workflow

1. Initiate Verification

   $otpId = $verifier->send($phoneNumber);
   // Store $otpId in session/DB for later validation
   

2. Validate OTP

   $isValid = $verifier->verify($otpId, $userInputCode);
   

3. Resend OTP (with rate limiting)

   $verifier->resend($otpId); // Throws exception if retries exhausted
   

Integration with Laravel

• Middleware for Protected Routes

  public function handle(Request $request, Closure $next) {
      if (!$request->user()->isVerified()) {
          return redirect()->route('verify.phone');
      }
      return $next($request);
  }
  

• Event Listeners Listen to Alexgeno\PhoneVerification\Events\OTPSent or OTPVerified for logging/analytics.

• Queue Jobs for Async Sending

  $verifier->send($phoneNumber)->onQueue('sms');
  

Customization

• Override Default Templates Publish views:

  php artisan vendor:publish --tag=phone-verification-views
  

  Extend resources/views/vendor/phone-verification/otp.blade.php.

• Extend Verification Logic Bind your own Alexgeno\PhoneVerification\Contracts\Sender implementation:

  $verifier->setSender(new CustomSender());
  

Gotchas and Tips

Pitfalls

1. Rate Limiting

   • Default: 5 attempts per OTP. Adjust via config:

     'max_attempts' => 3,
     'attempts_lockout_time' => 3600, // seconds
     

2. Phone Number Validation

   • Library uses libphonenumber under the hood. Ensure your input matches expected formats (e.g., +1234567890 vs 1234567890).

3. OTP Expiry

   • Default: 10 minutes. Set via:

     'otp' => [
         'length' => 6,
         'expiry' => 600, // seconds
     ],
     

4. Provider-Specific Quirks

   • Twilio: Ensure from number is verified in Twilio Console.
   • MessageBird: Requires originator (sender ID) to be pre-approved.
   • Vonage: Configure applicationId and privateKey in config.

Debugging

• Enable Logging

  'logging' => true,
  

  Check storage/logs/laravel.log for OTP send/verify events.

• Test Mode Use verifier->setTestMode(true) to bypass SMS sending (for unit tests).

Extension Points

1. Custom OTP Storage Implement Alexgeno\PhoneVerification\Contracts\OTPStorage to use Redis/DB:

   $verifier->setOTPStorage(new RedisOTPStorage());
   

2. Webhook Handling Extend Alexgeno\PhoneVerification\Events\OTPSent to trigger webhooks:

   event(new OTPSent($otpId, $phoneNumber));
   

3. Multi-Factor Workflows Combine with Laravel’s Illuminate\Auth\Events\Verified for post-verification actions:

   Auth::user()->markEmailAsVerified(); // Example post-verification logic
   

Performance Tips

• Cache OTP IDs Use Laravel’s cache to reduce DB writes:

  Cache::put("otp_{$otpId}", $otpData, now()->addMinutes(10));
  

• Batch Processing For bulk verifications, use Laravel’s dispatchSync to avoid queue delays:

  $verifier->send($phoneNumber)->dispatchSync();