remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: improve security, split routes, add API resources and FormRequests

Browse Source 
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
This commit is contained in:
root
2026-05-20 23:03:16 +02:00
parent 2f30a058a4
commit 75b78c17fa
26 changed files with 745 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Api/HotelApiController.php
+27 -37
View File
@@ -1,8 +1,20 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\HelpTicketReplyRequest;
use App\Http\Requests\Api\HelpTicketRequest;
use App\Http\Requests\Api\PhotoUploadRequest;
use App\Http\Resources\Api\ArticleResource;
use App\Http\Resources\Api\HelpTicketResource;
use App\Http\Resources\Api\LeaderboardUserResource;
use App\Http\Resources\Api\PhotoResource;
use App\Http\Resources\Api\ShopPackageResource;
use App\Http\Resources\Api\UserApiResource;
use App\Http\Resources\Api\UserBriefResource;
use App\Models\Articles\WebsiteArticle;
use App\Models\Game\Furniture\CatalogItem;
use App\Models\Game\Furniture\CatalogPage;
@@ -61,7 +73,7 @@ class HotelApiController extends Controller
->paginate(12);
return response()->json([
'data' => $articles->items(),
'data' => ArticleResource::collection($articles),
'meta' => [
'current_page' => $articles->currentPage(),
'last_page' => $articles->lastPage(),
@@ -78,7 +90,7 @@ class HotelApiController extends Controller
->firstOrFail();
return response()->json([
'data' => $article,
'data' => new ArticleResource($article),
]);
}
@@ -90,7 +102,7 @@ class HotelApiController extends Controller
->paginate(12);
return response()->json([
'data' => $photos->items(),
'data' => PhotoResource::collection($photos),
'meta' => [
'current_page' => $photos->currentPage(),
'last_page' => $photos->lastPage(),
@@ -113,20 +125,8 @@ class HotelApiController extends Controller
{
$packages = WebsiteShopArticle::latest('id')->paginate(12);
$mapped = $packages->items()->map(fn ($pkg) => [
'id' => $pkg->id,
'title' => $pkg->name,
'description' => $pkg->description,
'price' => $pkg->price(),
'credits' => null,
'pixels' => null,
'diamonds' => null,
'image' => null,
'currency' => 'credits',
]);
return response()->json([
'data' => $mapped,
'data' => ShopPackageResource::collection($packages),
'meta' => [
'current_page' => $packages->currentPage(),
'last_page' => $packages->lastPage(),
@@ -175,7 +175,7 @@ class HotelApiController extends Controller
->get(['id', 'username', 'look', 'motto', 'credits', 'pixels']);
return response()->json([
'data' => $users,
'data' => LeaderboardUserResource::collection($users),
'type' => $type,
]);
}
@@ -249,7 +249,7 @@ class HotelApiController extends Controller
->paginate(10);
return response()->json([
'data' => $tickets->items(),
'data' => HelpTicketResource::collection($tickets),
'meta' => [
'current_page' => $tickets->currentPage(),
'last_page' => $tickets->lastPage(),
@@ -264,16 +264,12 @@ class HotelApiController extends Controller
->where('id', $id)
->firstOrFail();
return response()->json(['data' => $ticket]);
return response()->json(['data' => new HelpTicketResource($ticket)]);
}
public function helpTicketCreate(Request $request): JsonResponse
public function helpTicketCreate(HelpTicketRequest $request): JsonResponse
{
$validated = $request->validate([
'subject' => ['required', 'string', 'max:200'],
'category' => ['required', 'string', 'max:100'],
'message' => ['required', 'string', 'max:5000'],
]);
$validated = $request->validated();
$ticket = WebsiteHelpCenterTicket::create([
'user_id' => $request->user()->id,
@@ -287,32 +283,26 @@ class HotelApiController extends Controller
'message' => $validated['message'],
]);
return response()->json(['data' => $ticket], 201);
return response()->json(['data' => new HelpTicketResource($ticket)], 201);
}
public function helpTicketReply(Request $request, string $id): JsonResponse
public function helpTicketReply(HelpTicketReplyRequest $request, string $id): JsonResponse
{
$validated = $request->validate(['message' => 'required', 'string', 'max:5000']);
$ticket = WebsiteHelpCenterTicket::where('id', $id)
->where('user_id', $request->user()->id)
->firstOrFail();
$reply = $ticket->replies()->create([
'user_id' => $request->user()->id,
'message' => $validated['message'],
'message' => $request->input('message'),
]);
return response()->json(['data' => $reply->load('user:id,username,look')], 201);
}
public function uploadPhoto(Request $request): JsonResponse
public function uploadPhoto(PhotoUploadRequest $request): JsonResponse
{
$validated = $request->validate([
'image' => ['required', 'image', 'max:5120'],
]);
$path = $validated['image']->store('photos', 'public');
$path = $request->file('image')->store('photos', 'public');
$photo = CameraWeb::create([
'user_id' => $request->user()->id,
@@ -320,7 +310,7 @@ class HotelApiController extends Controller
'visible' => true,
]);
return response()->json(['data' => $photo], 201);
return response()->json(['data' => new PhotoResource($photo)], 201);
}
public function purchasePackage(Request $request, int $packageId): JsonResponse