Medium priority fixes: CORS from env, shared HasRadioSettings trait, lazy RconService, validated() fixes, LogoGenerator hardening, DB indexes, user profile consistency, radio rank N+1 fix

app/Http/Controllers/Miscellaneous/LogoGeneratorController.php

@@ -7,6 +7,7 @@ use App\Models\Miscellaneous\WebsiteSetting;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Str;
 use Illuminate\View\View;
 
 class LogoGeneratorController extends Controller
@@ -24,9 +25,25 @@ class LogoGeneratorController extends Controller
 
     public function store(Request $request): JsonResponse
     {
-        $request->validate(['logo' => 'required|image|mimes:jpeg,png,gif,webp|max:5120']);
+        $request->validate([
+            'logo' => [
+                'required',
+                'image',
+                'mimes:jpeg,png,gif,webp',
+                'max:5120',
+            ],
+        ]);
 
-        $path = $request->file('logo')->store('generated-logos', 'public');
+        $file = $request->file('logo');
+        $mime = finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file->getPathname());
+        $allowedMimes = ['image/jpeg', 'image/png', 'image/gif', 'image/webp'];
+
+        if (! in_array($mime, $allowedMimes, true)) {
+            return response()->json(['success' => false, 'message' => 'Invalid file type.'], 422);
+        }
+
+        $filename = 'logo_' . Str::random(16) . '.' . $file->getClientOriginalExtension();
+        $path = $file->storeAs('generated-logos', $filename, 'public');
 
         $setting = WebsiteSetting::where('key', 'cms_logo')->first();