Overview
SaaS Starter Vue provides comprehensive settings management for both system administrators and individual users:
- User profile and password management
- Two-factor authentication setup
- System-wide settings (name, logo, guest registration)
- SMTP email configuration
- API token management
- Appearance customization
Settings are context-aware: system settings are available on the central domain, while tenant settings are accessible on tenant domains.
User Settings
Profile Management
Users can update their profile information and delete their account:
// routes/settings.php:12
Route::get('settings/profile', [ProfileController::class, 'edit'])
->name('profile.edit');
Route::patch('settings/profile', [ProfileController::class, 'update'])
->name('profile.update');
Route::delete('settings/profile', [ProfileController::class, 'destroy'])
->name('profile.destroy');
// app/Http/Controllers/System/Settings/ProfileController.php:33
public function update(ProfileUpdateRequest $request): RedirectResponse
{
$request->user()->fill($request->validated());
if ($request->user()->isDirty('email')) {
$request->user()->email_verified_at = null;
}
$request->user()->save();
return to_route('system.settings.profile.edit');
}
Navigate to Profile Settings
Go to /settings/profile from your dashboard
Update Information
Modify your name, email, or other profile fields
Save Changes
Click Save to update your profile
If you change your email address, you’ll need to verify the new email before accessing certain features.
Password Management
Users can change their password securely:
// routes/settings.php:19
Route::get('settings/password', [PasswordController::class, 'edit'])
->name('user-password.edit');
Route::put('settings/password', [PasswordController::class, 'update'])
->middleware('throttle:6,1')
->name('user-password.update');
- Current password for verification
- New password meeting complexity requirements
- Password confirmation
- Rate limited to 6 attempts per minute
Appearance Settings
Users can customize the application appearance:
// routes/settings.php:25
Route::get('settings/appearance', function () {
return Inertia::render('system/settings/Appearance');
})->name('appearance.edit');
- Dark/light mode toggle
- Theme customization
- UI preferences
System Settings
Available only to system administrators on the central domain.
General Settings
Configure application-wide settings:
// routes/settings.php:32
Route::get('settings/general', [SystemSettingController::class, 'editGeneral'])
->name('system.settings.general.edit');
Route::post('settings/general', [SystemSettingController::class, 'updateGeneral'])
->name('system.settings.general');
Application name displayed in the UI and emails
Application logo (max 1MB, image format)
View General Settings Code
// app/Http/Controllers/System/Settings/SystemSettingController.php:27
public function updateGeneral(Request $request)
{
$validated = $request->validate([
'app_name' => 'required|string|max:255',
'app_logo' => 'nullable|image|max:1024', // Max 1MB
]);
Setting::updateOrCreate(
['key' => 'app_name'],
['value' => $validated['app_name']]
);
if ($request->hasFile('app_logo')) {
$path = $request->file('app_logo')->store('logos', 'public');
Setting::updateOrCreate(
['key' => 'app_logo'],
['value' => $path]
);
}
return redirect()->back()
->with('success', 'Settings updated successfully.');
}
Guest Registration Settings
Control whether new users can self-register:
// routes/settings.php:38
Route::get('settings/guest-register', [SystemSettingController::class, 'editGuestRegistration'])
->name('system.settings.guest-register.edit');
Route::post('settings/guest-register', [SystemSettingController::class, 'updateGuestRegistration'])
->name('system.settings.guest-register');
- Enable/disable guest registration
- When enabled, users can create their own tenant workspaces
- When disabled, only admins can create tenants
// app/Http/Controllers/System/Settings/SystemSettingController.php:74
public function updateGuestRegistration(Request $request)
{
$validated = $request->validate([
'enabled' => 'required|boolean',
]);
Setting::updateOrCreate(
['key' => 'guest_registration'],
['value' => $validated['enabled']]
);
return redirect()->back()->with('success', 'Settings updated successfully.');
}
SMTP Configuration
Configure email settings for transactional emails:
// routes/settings.php:44
Route::get('settings/smtp', [SmtpController::class, 'edit'])
->name('system.settings.smtp.edit');
Route::post('settings/smtp', [SmtpController::class, 'update'])
->name('system.settings.smtp');
Route::post('settings/smtp/test', [SmtpController::class, 'test'])
->name('system.settings.smtp.test');
- SMTP host
- SMTP port
- Encryption (TLS/SSL)
- Username
- Password
- From address and name
Use the Test Email feature to verify your SMTP configuration before saving.
API Token Management
Generate and manage API tokens for programmatic access:
// routes/settings.php:54
Route::post('settings/api-token/generate', [ApiTokenController::class, 'generate'])
->name('system.settings.api-token.generate');
Route::delete('settings/api-token', [ApiTokenController::class, 'revoke'])
->name('system.settings.api-token.revoke');
Generating Tokens
// app/Http/Controllers/System/Settings/ApiTokenController.php:13
public function generate(Request $request)
{
// Revoke all existing tokens
$request->user()->tokens()->delete();
// Create new token
$token = $request->user()->createToken('api-token');
return redirect()->back()->with([
'success' => 'API token generated successfully.',
'token' => $token->plainTextToken,
]);
}
Store your API token securely. It will only be displayed once during generation.
Using API Tokens
Include the token in your API requests:
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
https://app.yourdomain.com/api/endpoint
Revoking Tokens
// app/Http/Controllers/System/Settings/ApiTokenController.php:30
public function revoke(Request $request)
{
$request->user()->tokens()->delete();
return redirect()->back()->with('success', 'API token revoked successfully.');
}
Tenant Settings
Tenant domains have their own settings pages with similar functionality:
// routes/tenant-settings.php:11
Route::get('settings/profile', [ProfileController::class, 'edit'])
->name('tenant.settings.profile.edit');
Route::get('settings/password', [PasswordController::class, 'edit'])
->name('tenant.settings.password.edit');
Route::get('settings/appearance', function () {
return Inertia::render('tenant/settings/Appearance');
})->name('tenant.settings.appearance.edit');
- Manage their profile
- Change password
- Customize appearance
- Configure tenant-specific SMTP (if enabled)
- Manage tenant API tokens
Settings Storage
Settings are stored in the settings table:
-- Central domain settings
CREATE TABLE settings (
id BIGINT PRIMARY KEY,
key VARCHAR(255) UNIQUE,
value TEXT,
created_at TIMESTAMP,
updated_at TIMESTAMP
);
app_name - Application nameapp_logo - Logo pathguest_registration - Guest registration enabled/disabledsmtp_* - SMTP configuration values
Best Practices
Secure API Tokens
Store tokens in environment variables, never commit to source control
Test SMTP First
Always test email configuration before enabling notifications
Regular Password Updates
Encourage users to update passwords periodically
Monitor Guest Registration
Review self-registered tenants regularly for abuse prevention
Next Steps
Two-Factor Auth
Enable 2FA for enhanced security
Email Configuration
Set up email providers for notifications