High priority fixes: PayPal env(), RadioApiKey Bearer-only, User restrict, SettingsService TTL, PHPStan config, + fix 7 broke points (forceFill)

app/Actions/Fortify/DisableTwoFactorAuthentication.php

@@ -15,7 +15,7 @@ class DisableTwoFactorAuthentication extends \Laravel\Fortify\Actions\DisableTwo
             $user->forceFill([
                 'two_factor_secret' => null,
                 'two_factor_recovery_codes' => null,
-                'two_factor_confirmed' => false,
+                'two_factor_confirmed_at' => null,
             ])->save();
         }
     }

app/Filament/Pages/Radio/PointsSettings.php

@@ -196,7 +196,7 @@ final class PointsSettings extends Page implements HasForms
 
     public function resetLeaderboard(): void
     {
-        User::where('radio_points', '>', 0)->update(['radio_points' => 0]);
+        User::query()->where('radio_points', '>', 0)->each(fn (User $u) => $u->forceFill(['radio_points' => 0])->save());
         RadioListenerPoint::query()->delete();
 
         $this->pointsService->clearLeaderboardCache();

app/Filament/Resources/Hotel/StaffApplications/StaffApplicationResource.php

@@ -129,7 +129,7 @@ class StaffApplicationResource extends Resource
                         }
 
                         if ((int) $user->team_id !== (int) $team->id) {
-                            $user->update(['team_id' => $team->id]);
+                            $user->forceFill(['team_id' => $team->id])->save();
                         }
 
                         $r->update([
@@ -177,7 +177,7 @@ class StaffApplicationResource extends Resource
                         }
 
                         if ($r->status === 'approved' && (int) $user->team_id === (int) $team->id) {
-                            $user->update(['team_id' => null]);
+                            $user->forceFill(['team_id' => null])->save();
                         }
 
                         $r->update([

app/Filament/Resources/User/Users/Pages/EditUser.php

@@ -189,7 +189,7 @@ class EditUser extends EditRecord
         }
 
         if (! $user->online) {
-            $user->update(['rank' => $data['rank']]);
+            $user->forceFill(['rank' => $data['rank']])->save();
 
             return;
         }

app/Http/Middleware/RadioApiKey.php

@@ -13,11 +13,11 @@ class RadioApiKey
 {
     public function handle(Request $request, Closure $next, string $permission = '*'): Response
     {
-        $key = $request->bearerToken() ?? $request->query('api_key');
+        $key = $request->bearerToken();
 
         if (empty($key)) {
             return response()->json([
-                'error' => 'API key is required. Use Authorization: Bearer <key> or ?api_key=<key>',
+                'error' => 'API key is required. Use Authorization: Bearer <key>',
             ], 401);
         }
 

app/Models/User.php

@@ -125,7 +125,7 @@ class User extends Authenticatable implements FilamentUser, HasName
     public $timestamps = false;
 
     #[\Override]
-    protected $fillable = ['username', 'mail', 'password', 'account_created', 'last_login', 'motto', 'look', 'credits', 'last_username_change', 'auth_ticket', 'home_room', 'ip_register', 'ip_current', 'referral_code', 'preferences', 'team_id', 'avatar_background', 'home_background', 'pincode', 'secret_key', 'extra_rank', 'is_hidden', 'background_id', 'background_stand_id', 'background_overlay_id', 'radio_points', 'pixels', 'points', 'online', 'gender', 'rank', 'mail_verified', 'two_factor_secret', 'two_factor_recovery_codes', 'two_factor_confirmed_at'];
+    protected $fillable = ['username', 'mail', 'password', 'account_created', 'last_login', 'motto', 'look', 'credits', 'last_username_change', 'auth_ticket', 'home_room', 'ip_register', 'ip_current', 'referral_code', 'preferences', 'avatar_background', 'home_background', 'background_id', 'background_stand_id', 'background_overlay_id', 'gender'];
 
     #[\Override]
     protected $hidden = ['password', 'remember_token'];
@@ -361,7 +361,7 @@ class User extends Authenticatable implements FilamentUser, HasName
             return false;
         }
 
-        $this->update(['two_factor_confirmed' => true]);
+        $this->forceFill(['two_factor_confirmed_at' => now()])->save();
 
         return true;
     }

app/Services/PurchaseService.php

@@ -49,7 +49,7 @@ class PurchaseService
             $this->rconService->setRank($user, $package->give_rank);
             $this->rconService->disconnectUser($user);
         } else {
-            $user->update(['rank' => $package->give_rank]);
+            $user->forceFill(['rank' => $package->give_rank])->save();
         }
     }
 

app/Services/SettingsService.php

@@ -32,7 +32,7 @@ class SettingsService
 
     public function getLanguages(): Collection
     {
-        return Cache::rememberForever(self::LANGUAGES_CACHE_KEY, function (): Collection {
+        return Cache::remember(self::LANGUAGES_CACHE_KEY, 86400, function (): Collection {
             try {
                 if (! Schema::hasTable('website_languages')) {
                     return collect();
@@ -75,7 +75,7 @@ class SettingsService
             return $this->fetchSettings();
         }
 
-        $this->cachedSettings = collect(Cache::rememberForever(self::CACHE_KEY, fn () => $this->fetchSettings()->toArray()));
+        $this->cachedSettings = collect(Cache::remember(self::CACHE_KEY, 86400, fn () => $this->fetchSettings()->toArray()));
 
         return $this->cachedSettings;
     }

config/paypal.php

@@ -4,9 +4,9 @@ declare(strict_types=1);
 
 return [
     'sandbox' => [
-        'client_id' => 'test_client_id',
-        'client_secret' => 'test_client_secret',
-        'app_id' => 'APP-80W284485P519543T',
+        'client_id' => env('PAYPAL_SANDBOX_CLIENT_ID', ''),
+        'client_secret' => env('PAYPAL_SANDBOX_CLIENT_SECRET', ''),
+        'app_id' => env('PAYPAL_SANDBOX_APP_ID', 'APP-80W284485P519543T'),
         'settings' => [
             'mode' => 'sandbox',
             'http.ConnectionTimeOut' => 30,
@@ -20,9 +20,9 @@ return [
     ],
 
     'live' => [
-        'client_id' => 'test_client_id',
-        'client_secret' => 'test_client_secret',
-        'app_id' => 'AYo1u2z7N3rQ2i2b3c4d5e6f7g8h9i0j',
+        'client_id' => env('PAYPAL_LIVE_CLIENT_ID', ''),
+        'client_secret' => env('PAYPAL_LIVE_CLIENT_SECRET', ''),
+        'app_id' => env('PAYPAL_LIVE_APP_ID', ''),
         'settings' => [
             'mode' => 'live',
             'http.ConnectionTimeOut' => 30,
@@ -36,7 +36,7 @@ return [
     ],
 
     'settings' => [
-        'mode' => 'sandbox',
+        'mode' => env('PAYPAL_MODE', 'sandbox'),
         'http.ConnectionTimeOut' => 30,
         'log.LogEnabled' => false,
         'log.FileName' => storage_path('logs/paypal.log'),

phpstan.neon.dist

@@ -0,0 +1,17 @@
+parameters:
+    level: 6
+    paths:
+        - app
+        - config
+        - database
+        - routes
+    excludePaths:
+        - vendor
+        - storage
+        - bootstrap
+        - public
+        - resources
+        - lang
+    tmpDir: storage/framework/cache/phpstan
+    checkMissingIterableValueType: false
+    checkGenericClassInNonGenericObjectType: false