Authentication
Email/password sign-in with hashed passwords (bcrypt/argon2), session management, password-reset flows, and remember-me tokens. Optional TOTP 2FA via authenticator apps or SMS. Built on Laravel's auth contracts or NextAuth; OAuth providers (Google, GitHub) drop in via the same pattern. Includes throttling, rate-limited login, and forensic audit-log capture (IP, user-agent) for compromise response.
Projects
- CodeIgniter → Laravel strangler (PTIprint API)2024-08-01
Strangler-pattern migration of a CodeIgniter API to Laravel — new routes in Laravel, legacy routes proxied until cut-over.
Industry: saas - CodeIgniter → Laravel port (MorTrack)2024-06-15
Full port of a legacy CodeIgniter SaaS to Laravel — keeping data shape, modernizing the runtime + auth layer.
Industry: saas - Hospitality booking platform2025-11-20
Booking + reservations platform with calendar UI, deposits, customer messaging.
Industry: hospitality - Field service mobile-first portal2025-09-01
Mobile-first field service portal — job assignment, GPS check-in, photo upload, invoice generation.
Industry: trades - Applicant tracking system2025-08-15
ATS with pipeline kanban, candidate notes, interview scheduling, GDPR-compliant data subject flows.
Industry: recruiting - Nonprofit fundraising portal2025-07-10
Donor management, recurring donations, campaign dashboards, receipt generation.
Industry: nonprofit - Custom LMS2025-04-01
Multi-tenant LMS with course progress, quizzes, certificates, instructor dashboards.
Industry: education - E-commerce merchant portal2025-02-15
Per-merchant SaaS portal — orders, inventory, payouts, Stripe-backed billing.
Industry: e-commerce - Healthcare scheduling app2024-11-20
Provider-side scheduling + intake forms with insurance verification flow.
Industry: healthcare - Legal intake portal2024-09-15
Multi-tenant intake portal for a law firm — case-type wizards, document upload, e-signature flow.
Industry: legal - Client Portal SaaS2025-12-01
Multi-tenant client portal for service businesses — per-tenant data, invoices, file-sharing, role-based access.
- Docgen — Document Generation API2026-06-07
PDF/DOCX/HTML generation from versioned templates with format conversion and a try-it docs site.
- Pennant — Feature Flags2026-06-08
Feature-flag API with real-time SSE broadcasts, two SDKs, and a Filament admin where the buyer actually wants to live.
- Webhook Relay2026-06-07
Production-shaped webhook delivery API with HMAC signing, exponential backoff retries, dead-letter queue, and 4 language SDKs.
Packages (11)
- @philiprehberger/dart-jwt-decoderdart
Lightweight JWT token decoder with typed claim access and expiration checking
- @philiprehberger/dart-secure-storedart
Unified secure storage with built-in encryption and pluggable backends
- @philiprehberger/dotnet-password-strengthdotnet
Password strength evaluation with entropy calculation, common password detection, and pattern analysis.
- @philiprehberger/php-password-strengthphp
Password strength validation with entropy calculation and common password detection
- @philiprehberger/py-jwt-litepython
Minimal JWT creation and validation with HMAC and RSA signing.
- @philiprehberger/rb-jwt-kitruby
Opinionated JWT toolkit for Ruby — secure by default, with support for encoding, validation, refresh tokens, revocation, and key rotation
- @philiprehberger/rb-passwordruby
Password strength checking, policy validation, pattern detection, hashing, and secure generation
- @philiprehberger/rs-jwtrust
JSON Web Token encoding, decoding, and validation with HMAC algorithms
- @philiprehberger/swift-keychain-kitswift
Modern, type-safe Keychain wrapper with Codable, biometric auth, and async/await
- @philiprehberger/jwt-decode-tstypescript
Decode and inspect JWTs — no verification, typed payload, tiny
- @philiprehberger/next-api-middlewaretypescript
Next.js API route middleware: compose, validation, CSRF protection, and security headers