====== Laravel Architecture & Code Review Checklist ======
===== 1. Architecture Review =====
==== System Design ====
Checklist:
* [ ] Clear separation of concerns
* [ ] Domain logic separated from controllers
* [ ] Business logic not inside routes
* [ ] Business logic not inside models
* [ ] Reusable services implemented
* [ ] Event-driven where appropriate
* [ ] Scalability considered
* [ ] Maintainability prioritized
Recommended Structure:
app/
├── Http/
│ ├── Controllers/
│ ├── Middleware/
│ └── Requests/
├── Services/
├── Repositories/
├── Jobs/
├── Events/
├── Listeners/
├── Policies/
├── DTOs/
├── Actions/
└── Exceptions/
----
===== 2. Code Organization =====
==== Controller Review ====
Checklist:
* [ ] Thin controllers
* [ ] Single responsibility
* [ ] Validation delegated to FormRequest
* [ ] Business logic moved to Service/Action
* [ ] Consistent response format
Bad:
public function store(Request $request)
{
// validation
// business logic
// database logic
// external api call
}
Good:
public function store(CreateOrderRequest $request)
{
return $this->orderService->create(
$request->validated()
);
}
----
===== 3. Business Logic Review =====
==== Service Layer ====
Checklist:
* [ ] Complex business logic in Service
* [ ] Reusable logic centralized
* [ ] Services unit tested
* [ ] No duplicated business logic
Example:
OrderService
PaymentService
InventoryService
NotificationService
==== Action Pattern ====
Checklist:
* [ ] One action = one use case
* [ ] Easy to test
* [ ] Easy to reuse
Example:
CreateOrderAction
CancelOrderAction
ProcessRefundAction
----
===== 4. Validation Review =====
==== Request Validation ====
Checklist:
* [ ] FormRequest used
* [ ] Validation rules centralized
* [ ] Authorization handled
Good:
class CreateOrderRequest extends FormRequest
{
public function rules()
{
return [
'email' => 'required|email'
];
}
}
Bad:
if (!$request->email) {
...
}
----
===== 5. Database Review =====
==== Migration Review ====
Checklist:
* [ ] All schema changes via migration
* [ ] No manual database changes
* [ ] Rollback supported
* [ ] Indexes defined
* [ ] Foreign keys reviewed
Example:
$table->index('email');
$table->foreignId('user_id');
==== Query Review ====
Checklist:
* [ ] No N+1 queries
* [ ] Eager loading used
* [ ] Index usage verified
* [ ] Pagination used
Bad:
foreach ($users as $user) {
echo $user->orders;
}
Good:
User::with('orders')->get();
----
===== 6. Eloquent Review =====
Checklist:
* [ ] Relationships defined properly
* [ ] Mass assignment protected
* [ ] Hidden fields configured
* [ ] Casting configured
* [ ] Accessors/Mutators used correctly
Example:
protected $fillable = [
'name',
'email'
];
protected $hidden = [
'password'
];
----
===== 7. API Design Review =====
==== REST Standards ====
Checklist:
* [ ] Consistent endpoints
* [ ] Proper HTTP verbs
* [ ] Proper status codes
* [ ] Versioning strategy
Examples:
GET /api/v1/orders
POST /api/v1/orders
GET /api/v1/orders/{id}
PUT /api/v1/orders/{id}
DELETE /api/v1/orders/{id}
==== API Response Format ====
Checklist:
* [ ] Consistent structure
* [ ] Error handling standardized
Example:
{
"success": true,
"data": {}
}
Error:
{
"success": false,
"message": "Validation failed"
}
----
===== 8. Security Review =====
==== Authentication ====
Checklist:
* [ ] Authentication