remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
99 Commits 1 Branch 0 Tags
main
Commit Graph

8 Commits

Author SHA1 Message Date
root 9b5c655c68 High priority fixes: PayPal env(), RadioApiKey Bearer-only, User restrict, SettingsService TTL, PHPStan config, + fix 7 broke points (forceFill) 2026-06-04 20:17:45 +02:00
root 4b6872e5e0 Low priority fixes: debug comments, Fortify cleanup, badge cost setting, profile query merge, User model fixes, VPN constructor cleanup, PayPal POST, PII removal, Dutch→English translations, duplicate rank check, CHANGELOG 2026-06-04 19:57:01 +02:00
root 943d5bfc38 feat: install and configure Inertia.js with React 
- Install inertia-laravel, @inertiajs/react, react, @vitejs/plugin-react
- Add HandleInertiaRequests middleware registered in web group
- Create Inertia root template (resources/views/app.blade.php)
- Add React entry point and page components (resources/js/)
- Add Inertia demo route (/inertia-test)
- HomeController reverted to Blade (index page stays original)
- Remove inertia-test2 test route
 2026-05-25 15:15:14 +02:00
root eea81a3e9a Fix middleware class collision (RadioApiKey -> alias), add missing setup.do and setup.reset routes, fix SSE int type cast 2026-05-24 14:20:22 +02:00
root 261a5e63c6 Fix SSE listeners type cast, replace Blade tab component with Alpine.js tabs in DjModeration, use wire:confirm instead of onclick 2026-05-24 14:15:44 +02:00
root 0c6c558a59 Add radio embed widget, SSE real-time, song history, moderation panel, and Auto DJ 
- Embed widget: standalone iframe player with dark/light/transparent themes, copy-paste embed code admin page
- Real-time SSE: streaming now-playing/listeners/dj events, replaces polling in radio-player and embed
- Song history: auto-records song changes to radio_song_plays table, Filament resource to view
- DJ moderation: unified panel for shouts approval, song request queue, DJ applications
- Auto DJ: playlist management with round-robin playback when no DJ is live
- Refactored radio-player Alpine component to use EventSource API with auto-reconnect
 2026-05-24 14:07:32 +02:00
root 7f59024bef fix(security): patch critical security vulnerabilities 
- Remove User::$guarded = [] to prevent mass assignment attacks
- Enable SQL strict mode and disable emulated prepares (SQL injection prevention)
- Switch password hashing from bcrypt to argon2id (stronger algorithm)
- Enable session encryption to protect session data at rest
- Restrict TrustProxies to localhost only (prevent IP spoofing)
- Restrict CORS allowed_methods via env variable instead of wildcard
- Add PayPal amount mismatch detection to prevent payment manipulation
- Add double-capture prevention (idempotency check)
- Add expected_amount column to transactions table for verification
 2026-05-19 19:37:15 +02:00
root 9d73f82529 Initial commit 2026-05-09 17:32:17 +02:00