Getting Started

Minimal Setup

Installation:

composer require yadahan/laravel-authentication-log

Publish Assets:
```
php artisan vendor:publish --provider="Yadahan\AuthenticationLog\AuthenticationLogServiceProvider"
```
- This generates:
  - Database migration (authentication_logs table)
  - Config file (config/authentication-log.php)
  - Optional views (if using notifications)
Run Migration:
```
php artisan migrate
```
First Use Case: Enable logging in config/authentication-log.php:
```
'enabled' => env('AUTH_LOG_ENABLED', true),
```
Verify logs appear in the authentication_logs table after user logins/logouts.

Implementation Patterns

Core Workflows

Logging Authentication Events:
- The package automatically logs:
  - login (success/failure)
  - logout
  - password-reset
  - failed-login (with IP/attempts)
- Trigger Manually (if needed):
```
use Yadahan\AuthenticationLog\Facades\AuthenticationLog;

AuthenticationLog::login($user, $ip);
AuthenticationLog::logout($user, $ip);
```

Notifications:

Send alerts via authentication-log:send-notification event.

Extend Notifications:

// config/authentication-log.php
'notifications' => [
    'login' => \App\Notifications\LoginAlert::class,
    'logout' => \App\Notifications\LogoutAlert::class,
],

IP Tracking:
- Logs IP addresses by default. Disable in config:
```
'log_ip' => false,
```
User-Agent Logging:
- Enable/disable via config:
```
'log_user_agent' => true,
```

Integration Tips

Guard-Specific Logging: Use auth:guard middleware to log for specific guards:

Route::middleware(['auth:admin'])->group(function () {
    // Admin-specific auth logs
});

Custom Fields: Add extra metadata via event listeners:

AuthenticationLog::extend(function ($log) {
    $log->setCustomData(['device' => request()->userAgent()]);
});

API Logging: Combine with laravel-api-logging for unified audit trails.

Gotchas and Tips

Pitfalls

Migration Conflicts:
- If authentication_logs table exists, manually check for column mismatches (e.g., user_agent or custom_data fields).
Performance:
- Disable logging for high-traffic APIs:
```
'enabled' => env('APP_ENV') !== 'production',
```

IP Spoofing:

Trusted proxies (e.g., Cloudflare) may log incorrect IPs. Configure trusted_proxies in Laravel’s AppServiceProvider:

$this->middleware(function ($request, $next) {
    if (request()->ip() !== request()->server('REMOTE_ADDR')) {
        request()->setUserResolver(function () {
            return auth()->user();
        });
    }
    return $next($request);
});

Notification Delays:

Use queues for async notifications:

'notifications' => [
    'login' => [
        'class' => \App\Notifications\LoginAlert::class,
        'queue' => 'high',
    ],
],

Debugging

Missing Logs: Verify auth.log middleware is registered in app/Http/Kernel.php:

protected $middleware = [
    \Yadahan\AuthenticationLog\Middleware\AuthLogMiddleware::class,
];

Custom Data Not Saved: Ensure custom_data column exists in the migration or update it:
```
$table->json('custom_data')->nullable();
```

Extension Points

Custom Log Models: Extend the Yadahan\AuthenticationLog\Models\AuthenticationLog model:

class CustomAuthLog extends AuthenticationLog {
    protected $table = 'custom_auth_logs';
}

Bind it in AuthServiceProvider:

AuthenticationLog::setModel(CustomAuthLog::class);

Event Overrides: Listen to authentication-log:before-log to modify logs:

AuthenticationLog::before(function ($log) {
    $log->ip = request()->ip();
    $log->user_agent = request()->userAgent();
});

API Responses: Return logs in API responses (e.g., for admin dashboards):

use Yadahan\AuthenticationLog\Facades\AuthenticationLog;

return AuthenticationLog::getLogs()->paginate(10);

Laravel Authentication Log Laravel Package