Fix security, performance, and code quality issues across CMS

Security: - Replace unescaped {!! !!} with Purify::clean() in 15+ Blade templates (XSS) - Add rate limiting to register (3/hr), upload (10/min), SSE (6/min) - Add max:5000 validation on article comments - Remove duplicate exception handler callback Hardcoded paths: - Replace ~44 /var/www/ hardcoded paths with env() configs - CatalogService (13), AutoDetectService (18), Commandocentrum (11), AppServiceProvider (2) Performance: - Add 10 missing database indexes (radio_song_requests, help_center_tickets, etc.) - Replace Cache::flush() with targeted Cache::forget() in RadioSettings - Cache getCachedCategories() in TicketController (N+1 fix) - Remove redundant top-3 leaderboard query Bug fixes: - Fix undefined $enabled variable → $isOnline in radio index view - Add getAvatarAttribute() accessor for non-existent avatar column - Fix User::guilds() from wrong HasMany to HasManyThrough Code quality: - Replace file_get_contents with Http::timeout(10) in TraxService - Remove commented Echo/Pusher boilerplate in bootstrap.js - Remove TODO/FIXME comments from logo-generator templates - Replace hardcoded Turnstile CDN URL with config() - Restore QUEUE_CONNECTION=redis in .env.example files
2026-06-29 18:28:19 +02:00
parent ef0aec4301
commit f29ba72591
30 changed files with 407 additions and 159 deletions
@@ -104,15 +104,15 @@ final class Commandocentrum extends Page implements HasForms
            'emulator_database_username' => $this->getSetting('emulator_database_username', ''),
            'emulator_database_password' => $this->getSetting('emulator_database_password', ''),
            'emulator_version' => $this->getSetting('emulator_version', 'Onbekend'),
-            'nitro_emulator_path' => $this->getSetting('nitro_emulator_path', '/var/www/emulator'),
+            'nitro_emulator_path' => $this->getSetting('nitro_emulator_path', $this->emulatorPath()),
            'nitro_emulator_service' => $this->getSetting('nitro_emulator_service', 'emulator'),
            'nitro_db_name' => $this->getSetting('nitro_db_name', 'habbo'),
-            'nitro_sql_dir' => $this->getSetting('nitro_sql_dir', '/var/www/emulator/Database Updates'),
-            'nitro_backup_dir' => $this->getSetting('nitro_backup_dir', '/var/www/emulator/Database Updates/backups'),
-            'nitro_gamedata_dir' => $this->getSetting('nitro_gamedata_dir', '/var/www/Gamedata/config'),
-            'nitro_client_dir' => $this->getSetting('nitro_client_dir', '/var/www/Nitro-V3/public/configuration'),
-            'nitro_client_src' => $this->getSetting('nitro_client_src', '/var/www/Nitro-V3'),
-            'nitro_renderer_src' => $this->getSetting('nitro_renderer_src', '/var/www/Nitro_Render_V3'),
+            'nitro_sql_dir' => $this->getSetting('nitro_sql_dir', $this->emulatorPath('Database Updates')),
+            'nitro_backup_dir' => $this->getSetting('nitro_backup_dir', $this->emulatorPath('Database Updates/backups')),
+            'nitro_gamedata_dir' => $this->getSetting('nitro_gamedata_dir', $this->gamedataPath()),
+            'nitro_client_dir' => $this->getSetting('nitro_client_dir', $this->nitroV3Path('public/configuration')),
+            'nitro_client_src' => $this->getSetting('nitro_client_src', $this->nitroV3Path()),
+            'nitro_renderer_src' => $this->getSetting('nitro_renderer_src', $this->nitroRendererV3Path()),
            'hotel_alert_message' => '',
        ];
    }
@@ -350,9 +350,9 @@ final class Commandocentrum extends Page implements HasForms
        $serviceStatus = $this->runCommand('systemctl is-active ' . escapeshellarg($serviceName) . ' 2>/dev/null') ?: 'inactive';
        $serviceColor = $serviceStatus === 'active' ? '#22c55e' : '#ef4444';

-        $nitroClientPath = $this->getSetting('nitro_client_path', '/var/www/nitro-client');
-        $nitroRendererPath = $this->getSetting('nitro_renderer_path', '/var/www/nitro-renderer');
-        $nitroWebroot = $this->getSetting('nitro_webroot', '/var/www/Client');
+        $nitroClientPath = $this->getSetting('nitro_client_path', $this->nitroClientPath());
+        $nitroRendererPath = $this->getSetting('nitro_renderer_path', $this->nitroRendererPath());
+        $nitroWebroot = $this->getSetting('nitro_webroot', $this->clientWebrootPath());

        $clientCommit = $this->getGitCommit($nitroClientPath);
        $rendererCommit = $this->getGitCommit($nitroRendererPath);
@@ -685,7 +685,7 @@ final class Commandocentrum extends Page implements HasForms
            $settings->set('emulator_jar_direct_url', $this->data['emulator_jar_direct_url'] ?? '');
            $settings->set('emulator_jar_path', $this->data['emulator_jar_path'] ?? '/root/emulator');
            $settings->set('emulator_source_repo', $this->data['emulator_source_repo'] ?? '');
-            $settings->set('emulator_source_path', $this->data['emulator_source_path'] ?? '/var/www/emulator-source');
+            $settings->set('emulator_source_path', $this->data['emulator_source_path'] ?? $this->emulatorSourcePath());
            $settings->set('emulator_github_branch', $this->data['emulator_github_branch'] ?? 'main');
            $settings->set('emulator_database_host', $this->data['emulator_database_host'] ?? '127.0.0.1');
            $settings->set('emulator_database_name', $this->data['emulator_database_name'] ?? '');
@@ -885,4 +885,60 @@ final class Commandocentrum extends Page implements HasForms
    {
        return $this->runCommand('cat ' . escapeshellarg($path) . ' 2>/dev/null');
    }
+
+    private function emulatorPath(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_EMULATOR_PATH', '/var/www/emulator'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
+
+    private function nitroClientPath(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_CLIENT_DIR', '/var/www/nitro-client'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
+
+    private function gamedataPath(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_GAMEDATA_DIR', '/var/www/Gamedata/config'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
+
+    private function nitroV3Path(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_V3_DIR', '/var/www/Nitro-V3'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
+
+    private function nitroRendererV3Path(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_RENDERER_V3_DIR', '/var/www/Nitro_Render_V3'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
+
+    private function nitroRendererPath(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_RENDERER_DIR', '/var/www/nitro-renderer'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
+
+    private function clientWebrootPath(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_CLIENT_WEBROOT', '/var/www/Client'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
+
+    private function emulatorSourcePath(string $path = ''): string
+    {
+        $base = rtrim(env('NITRO_EMULATOR_SOURCE_DIR', '/var/www/emulator-source'), '/');
+
+        return $path !== '' ? $base . '/' . ltrim($path, '/') : $base;
+    }
 }