remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: improve security, split routes, add API resources and FormRequests

Browse Source 
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
This commit is contained in:
root
2026-05-20 23:03:16 +02:00
parent 2f30a058a4
commit 75b78c17fa
26 changed files with 745 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Requests/Api/ArticleCommentRequest.php
Executable
+23
View File
@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use App\Rules\WebsiteWordfilterRule;
use Illuminate\Foundation\Http\FormRequest;
class ArticleCommentRequest extends FormRequest
{
public function rules(): array
{
return [
'comment' => ['required', 'string', 'max:1000', new WebsiteWordfilterRule],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/HelpTicketReplyRequest.php
Executable
+22
View File
@@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class HelpTicketReplyRequest extends FormRequest
{
public function rules(): array
{
return [
'message' => ['required', 'string', 'max:5000'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/HelpTicketRequest.php
Executable
+24
View File
@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class HelpTicketRequest extends FormRequest
{
public function rules(): array
{
return [
'subject' => ['required', 'string', 'max:200'],
'category' => ['required', 'string', 'max:100'],
'message' => ['required', 'string', 'max:5000'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/LoginRequest.php
Executable
+23
View File
@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class LoginRequest extends FormRequest
{
public function rules(): array
{
return [
'username' => ['required', 'string'],
'password' => ['required'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/PhotoUploadRequest.php
Executable
+22
View File
@@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class PhotoUploadRequest extends FormRequest
{
public function rules(): array
{
return [
'image' => ['required', 'image', 'max:5120'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/RegisterRequest.php
Executable
+26
View File
@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class RegisterRequest extends FormRequest
{
public function rules(): array
{
return [
'username' => ['required', 'string', 'max:50'],
'password' => ['required', 'string', 'min:6'],
'mail' => ['required', 'email', 'max:255'],
'look' => ['nullable', 'string'],
'motto' => ['nullable', 'string', 'max:100'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/UpdatePasswordRequest.php
Executable
+24
View File
@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rules\Password;
class UpdatePasswordRequest extends FormRequest
{
public function rules(): array
{
return [
'current_password' => ['required', 'current_password'],
'password' => ['required', 'string', 'min:6', 'confirmed'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/UpdateUserRequest.php
Executable
+23
View File
@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class UpdateUserRequest extends FormRequest
{
public function rules(): array
{
return [
'motto' => ['nullable', 'string', 'max:100'],
'look' => ['nullable', 'string'],
];
}
public function authorize(): bool
{
return true;
}
}