Handles authentication, authorisation, and SSO scope compliance for the seatplus EVE Online management platform. This is the core package — seatplus/eveapi and seatplus/web both depend on it.
Four role types with distinct membership and permission semantics:
| Type | Membership | Use case |
|---|---|---|
automatic |
Auto-assigned when a character belongs to a configured corporation or alliance | Fleet / alliance access |
on-request |
User applies, moderator approves or denies | Corp-specific elevated access |
manual |
Admin explicitly adds / removes individual users | One-off grants |
opt-in |
User self-joins if they meet the criteria | Opt-in programmes |
Every role has Affiliation records that define permission scope (which EVE entities the role holder can access data for), not membership. Three types:
allowed— these corporations / alliances / characters are in scopeinverse— everyone except these is in scopeforbidden— always excluded, overridesallowed/inverse
IsUserCompliantService checks whether every character owned by a user has all required OAuth scopes. Required scopes are aggregated from global settings, corporation-level SsoScopes records, and alliance-level records. Non-compliant users have their role memberships set to inactive automatically on the next handleMembers() call.
CanUserService::check() runs a Laravel Pipeline to validate a set of EVE entity IDs against a user's permissions. The pipeline strips IDs the user owns, IDs covered by in-game corporation roles (e.g. Director), and IDs covered by Spatie permissions. Any remaining IDs are denied. The superuser permission bypasses all checks.
composer require seatplus/authPublish and run migrations:
php artisan vendor:publish --provider="Seatplus\Auth\AuthServiceProvider"
php artisan migrateBy default the minimal scopes are requested. To step up a character to additional scopes, redirect to:
/eve/sso/{character_id}/step_up?add_scopes=esi-skills.read_skills.v1,esi-wallet.read_character_wallet.v1
use Seatplus\Auth\Services\Dtos\ValidateIdsDTO;
use Seatplus\Auth\Services\CanUserService;
$dto = ValidateIdsDTO::make(entity_ids: [12345678], user: $user);
CanUserService::check($user, $dto, permissions: ['view member tracking']);- PHP 8.3+
- PostgreSQL (user
seatplus, passwordsecret, databaselaravel@127.0.0.1:5432) - Redis @
127.0.0.1:6379
composer run test # lint + PHPStan + type-coverage + unit tests
composer run test:unit # unit tests only
composer run test:lint # Pint formatting check
composer run lint # auto-fix formatting with Pint
composer run test:types # PHPStan static analysis
composer run test:type-coverage # 100% type coverage check