Developer-centric content management framework for building high-quality, scalable websites. Features include multisite support, content types, plugins, actions, filters, and custom fields.
Features
Multisite
Allows you to create multiple separate sites, each with its own RESTful endpoint, from a single installation.
Content Types
Enables you to section your content by creating specific content types like 'Post' for a blog or 'News' for a news section.
Custom Fields
Lets you add custom fields to content types and products for a more tailored CMS experience.
Plugins, Actions, Filters
Allows you to create or install plugins via composer to enhance functionality, and utilize action and filter hooks for customization.
Headless Content Management System
Devflow functions as a headless, event-sourcing PHP content management framework for quickly developing web applications and websites. It allows you to build a frontend, consume the API, or build a theme, offering flexibility for user-specific needs.
Simple Backend with Admin Panel
Devflow provides a straightforward backend with an admin panel, making it easier to manage content and site configurations.
Environment-Based Configuration
Allows different configuration values based on the running environment. Environment variables are used to easily switch configurations between development and production environments, providing flexibility in deployment.
DevCore-PHP Helper Integration
Utilizes DevCore-PHP library by Vane Lucas to load environment variables, which are vital for configuring different environment needs and facilitating easy switching between configurations.
Custom Configurations
Offers custom configuration options through files like auth.php, cms.php, and cookies.php, allowing for security adjustments, session handling, and domain settings.
getdevflow/adminbar
Adds a backend admin bar to a Devflow site.
getdevflow/cookie-consent
Helps you comply with EU regulations regarding the usage of website cookies.
getdevflow/vapor
A minimal and responsive theme with a focus on typography, ported from Ghost.
ContentSecurityPolicyMiddleware
Allows easy addition of Content Security Policy (CSP) headers to applications. It enables you to configure and manage security policies, providing options for customizing security headers through configuration files.
Custom Content Types
Devflow allows you to create custom content types based on your specific needs. You define the data or pages you need to manage and create content types accordingly.
Content Type Management
Once content types are created, they appear under the 'Content Types' section in the sidebar, making it easy to manage and navigate through them.
Basic Controllers
The ability to create simple controllers using basic class definitions and returning views directly from methods, leveraging the base Controller class.
Resource Controllers
Facilitates RESTful routing by allowing you to create controllers with stub methods that handle common CRUD operations, automating route definitions.
RESTful Controller
Allows you to group common routes to be handled by a single controller. Provides a way to efficiently organize routes that follow the RESTful pattern.
Controller Middleware
Middleware can be assigned to the controller's routes within the controller class to filter requests, providing a structured way to include middleware within controller methods.
Service Providers
Service providers are used to bootstrap applications with the injection of core classes and dependencies. The register method defines new services or extends existing ones, while boot is called after all service providers are registered.
Register Method
The register method in a service provider is used to define parameters, create new services, or extend existing services.
Boot Method
The boot method is executed once all service providers have been registered, allowing for necessary initialization after setup.
ScaffoldNative Template Engine
A non-compiler template engine that uses native PHP syntax. It supports inheritance through blocks, allowing child templates to declare blocks that can be overridden and extended by parent templates.
Namespace and Function Callbacks
Callbacks are registered with the templating engine constructed as callable methods within the template context.
Custom Views
Place custom views in Cms/views with the default extension being .phtml.
Registered Function Callbacks
Includes functions like strip(), trim(), upper(), lower(), ucfirst(), lcfirst(), ucwords(), esc(), javascript esc(), escurl(), purify(), truncate(), and concat() for various data manipulations.
Flexible Ecommerce Framework
Devflow is a framework that allows you to add products and customize features to meet ecommerce needs, although it does not include a built-in ecommerce solution.
Security Headers Middleware
Automatically applies various security headers to HTTP responses using the ContentSecurityPolicyMiddleware. This helps enhance the security posture of web applications by preventing common attacks.
X-Content-Type-Options
Sets the X-Content-Type-Options header to prevent browsers from interpreting files as a different MIME type, helping to reduce the risk of certain types of attacks.
X-Download-Options
Adds the X-Download-Options header to prevent file downloads from opening automatically, protecting users from potentially malicious files executing automatically.
X-Frame-Options
Implements the X-Frame-Options header to control whether a page can be displayed in a frame, hence preventing clickjacking attacks.
X-Permitted-Cross-Domain-Policies
Sets cross-domain policies through the X-Permitted-Cross-Domain-Policies header to limit or allow specific cross-domain sharing of resources or data.
X-Powered-By
Optionally displays or suppresses the X-Powered-By header that indicates the technology stack used by the application, which can be a security risk if exposed unnecessarily.
X-XSS-Protection
Enables the X-XSS-Protection header to activate the web browser’s built-in cross-site scripting (XSS) filter, helping to protect users from such attacks.
Referrer-Policy
Controls the amount of referrer information passed along with the request when navigating from a particular document, helping to protect user privacy.
Cross-Origin-Embedder-Policy
Configures the Cross-Origin-Embedder-Policy header to restrict how resources from different origins can be embedded, enhancing security concerning embedded content.
Cross-Origin-Opener-Policy
Uses the Cross-Origin-Opener-Policy header to ensure a top-level document does not share a browsing context group with cross-origin documents, mitigating side-channel attacks.
Cross-Origin-Resource-Policy
Defines the Cross-Origin-Resource-Policy header to manage which origins can fetch resources, protecting sensitive data from cross-origin leaks.