These are the recommended patterns for building maintainable, performant, and secure Mumara Campaigns addons — worth reviewing before you release anything. The core principle is to follow Laravel conventions: keep controllers thin, push business logic into service or action classes, use jobs for async work, and events/listeners for decoupled communication.
The key areas covered:
Database: guard migrations with Schema::hasTable()/hasColumn() checks, index frequently queried columns (including composite indexes), and wrap multi-step writes in DB::transaction().
Performance: eager-load relations to avoid N+1 queries, process large datasets with chunk() or lazy(), cache expensive lookups with Cache::remember(), and dispatch heavy work to queue jobs instead of blocking requests.
Security: validate all input with form requests, use policies and authorize() for access control, never expose API keys in responses, and encrypt() sensitive stored settings.
Hooks: keep hook callbacks lightweight (queue heavy work), pick sensible priorities (low numbers run first, 50+ for logging), and always return a string — empty when there's nothing to output — from output hooks.
Also: degrade gracefully when external APIs fail, throw specific exceptions with meaningful messages, log with appropriate levels and context, give users flash messages and progress feedback, write feature tests, and include a README. The doc ends with a pre-release checklist covering all of these.
