The lightness PHP framework.

Maintainers

πŸ‘ lambirou

Package info

github.com/horizom/app

Homepage

Type:project

pkg:composer/horizom/app

Statistics

Installs: 7

Dependents: 0

Suggesters: 0

Stars: 1

Open Issues: 0

3.1.0 2022-08-01 02:35 UTC

Requires

Requires (Dev)

None

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT ed522bfb86df532759d1ee619aa23a468cec3599

  • Horizom Team <horizom.team.woop@gmail.com>

frameworkphphorizonhorizom

This package is auto-updated.

Last update: 2026-06-21 23:53:31 UTC

README

πŸ‘ Image

πŸ‘ Total Downloads
πŸ‘ Latest Stable Version
πŸ‘ License

The lightness PHP framework β€” fast, minimal, PSR-compliant.

Overview

Horizom is a lightweight PHP micro-framework built on PSR standards. It provides a clean, expressive foundation for building web applications and REST APIs without the overhead of a full-stack framework.

Core packages:

Package Role
horizom/core Application container, configuration, lifecycle
horizom/routing PSR-15 router powered by FastRoute
horizom/http PSR-7 request/response helpers

Requirements

Installation

composer create-project horizom/app my-project
cd my-project
cp .env.example .env

Start the built-in development server:

composer serve
# β†’ http://localhost:8000

Project Structure

β”œβ”€β”€ app/
β”‚ β”œβ”€β”€ Controllers/ # Request handlers (PSR-7)
β”‚ β”œβ”€β”€ Middlewares/ # PSR-15 middleware (CORS, errors…)
β”‚ β”œβ”€β”€ Models/ # Domain models
β”‚ └── Providers/ # Service providers
β”œβ”€β”€ bootstrap/
β”‚ β”œβ”€β”€ app.php # Application bootstrap
β”‚ └── dependencies.php # Middleware registration
β”œβ”€β”€ config/
β”‚ β”œβ”€β”€ app.php # App settings
β”‚ β”œβ”€β”€ auth.php # JWT / auth settings
β”‚ └── database.php # Database connections
β”œβ”€β”€ public/
β”‚ └── index.php # Front controller
β”œβ”€β”€ resources/
β”‚ └── views/ # Blade templates
β”œβ”€β”€ routes/
β”‚ β”œβ”€β”€ web.php # Web routes
β”‚ └── api.php # API routes
└── tests/
 └── Unit/ # PHPUnit test suites

Configuration

All sensitive values must be set in your .env file and are never committed to version control.

# Application
APP_NAME=Horizom
APP_ENV=development
APP_URL=http://localhost:8000
APP_DEBUG=false

# Database
DB_DRIVER=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=horizom
DB_USERNAME=root
DB_PASSWORD=

Access config values anywhere with the config() helper:

$name = config('app.name'); // "Horizom"
$dsn = config('database.default'); // "development"

Routing

Web routes (routes/web.php)

$router->get('/', 'MainController@index');

API routes (routes/api.php)

$router->group(['prefix' => 'api'], function (RouteCollector $router) {
 $router->get('/status', 'ApiController@status');
 $router->get('/version', 'ApiController@version');
});

Use explicit HTTP verbs β€” avoid any() as it widens the attack surface.

Controllers

Controllers are final classes. They return a PSR-7 ResponseInterface.

<?php

declare(strict_types=1);

namespace App\Controllers;

use Psr\Http\Message\ResponseInterface;

final class ApiController
{
 public function status(): ResponseInterface
 {
 return response()->json(['status' => 'UP']);
 }
}

Middleware

Registering middleware

Global middleware is registered in bootstrap/dependencies.php:

$app->add(new \App\Middlewares\CorsMiddleware());

CORS (CorsMiddleware)

Handles preflight OPTIONS requests directly β€” returns 204 without invoking the next handler β€” and attaches CORS headers to all other responses.

To restrict allowed origins in production, edit the $allowedOrigins property:

// app/Middlewares/CorsMiddleware.php
private array $allowedOrigins = [
 'https://myapp.com',
 'https://www.myapp.com',
];

Error handling (ErrorHandlerMiddleware)

Maps exceptions to structured HTTP responses:

Exception Status
NotFoundException 404 Not Found
MethodNotAllowedException 405 Method Not Allowed
Any other Throwable 500 Internal Server Error

XHR / AJAX requests receive a JSON payload; browser requests receive an HTML error page.

Stack traces are only included when app.pretty_debug = true. Never expose them in production.

Built-in API Endpoints

Method Path Description
GET /api Health check alias
GET /api/status Returns { "status": "UP" }
GET /api/version Returns the framework version

Views

Templates use the Blade engine. Layouts live in resources/views/.

@extends('default')

@section('content')
 <h1>Hello, World!</h1>
@endsection

Available helpers inside templates:

{{ config('app.name') }}
{{ asset('css/style.css') }}

Testing

Tests use PHPUnit 11 and live in tests/Unit/.

composer test
# or directly:
vendor/bin/phpunit
tests/
└── Unit/
 β”œβ”€β”€ Controllers/
 β”‚ └── ApiControllerTest.php
 └── Middlewares/
 β”œβ”€β”€ CorsMiddlewareTest.php
 └── ErrorHandlerMiddlewareTest.php

Security

Concern Mitigation
Secrets in source code Use .env for all credentials β€” never hardcode
Stack trace exposure Only shown when app.pretty_debug = true
CORS wildcard in production Replace ['*'] with an explicit origin list
Over-broad HTTP verbs API routes use GET only; avoid any()
Type safety All classes declare strict_types=1

Learning Horizom

The full Horizom documentation covers installation, routing, middleware, templating, and more.

License

The Horizom framework is open-sourced software licensed under the MIT license.