refactor: improve security, split routes, add API resources and FormRequests

- Fix timing attack vulnerability in AuthController - Split web.php (316 lines) into 7 focused route files - Add 8 API Resources for consistent response formatting - Add 8 FormRequest classes for centralized validation - Use Resources instead of manual array mapping in controllers
2026-05-20 23:03:16 +02:00
parent 2f30a058a4
commit 75b78c17fa
26 changed files with 745 additions and 404 deletions
@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class ArticleResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'title' => $this->title,
+            'slug' => $this->slug,
+            'image' => $this->image,
+            'excerpt' => $this->excerpt,
+            'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
+            'created_at' => $this->created_at,
+        ];
+    }
+}
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class HelpTicketReplyResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'ticket_id' => $this->ticket_id,
+            'user_id' => $this->user_id,
+            'message' => $this->message,
+            'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
+            'created_at' => $this->created_at,
+        ];
+    }
+}
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class HelpTicketResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'user_id' => $this->user_id,
+            'subject' => $this->subject,
+            'category' => $this->category,
+            'status' => $this->status,
+            'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
+            'replies' => $this->whenLoaded('replies', fn () => HelpTicketReplyResource::collection($this->replies)),
+            'created_at' => $this->created_at,
+            'updated_at' => $this->updated_at,
+        ];
+    }
+}
@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class LeaderboardUserResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => (string) $this->id,
+            'username' => $this->username,
+            'look' => $this->look,
+            'motto' => $this->motto,
+            'credits' => $this->credits,
+            'pixels' => $this->pixels,
+        ];
+    }
+}
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class PhotoResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'image' => $this->image,
+            'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
+        ];
+    }
+}
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class ShopPackageResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => $this->id,
+            'title' => $this->name,
+            'description' => $this->description,
+            'price' => $this->price(),
+            'credits' => null,
+            'pixels' => null,
+            'diamonds' => null,
+            'image' => null,
+            'currency' => 'credits',
+        ];
+    }
+}
@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class UserApiResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => (string) $this->id,
+            'email' => $this->mail,
+            'username' => $this->username,
+            'look' => $this->look,
+            'motto' => $this->motto ?? '',
+            'credits' => $this->credits ?? 0,
+            'pixels' => $this->pixels ?? 0,
+            'diamonds' => $this->diamonds ?? 0,
+        ];
+    }
+}
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Resources\Api;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Resources\Json\JsonResource;
+
+class UserBriefResource extends JsonResource
+{
+    #[\Override]
+    public function toArray(Request $request): array
+    {
+        return [
+            'id' => (string) $this->id,
+            'username' => $this->username,
+            'look' => $this->look,
+        ];
+    }
+}