- Add pagination to ShopController (50 per page)
- Add throttle:3,10 to radio application store route
- Replace mixed Dutch/English labels in RadioWizardController (English only)
- Replace Dutch error messages in RadioController and RadioSetupController
- Add config('habbo.defaults.avatar_look') for SocialAuthController
- Remove hardcoded default stream URL from RadioSetupController
- Add database indexes for radio_listener_points.earned_at and bans.ip
HIGH:
- Add missing import RadioSongRequestFormRequest (fixes crash on POST)
- Add Purify XSS sanitization for article full_story
- Fix duplicate radio API routes (/api/radio vs /api/radio/v2)
- Add try-catch guards in InstallationController for missing records
MEDIUM:
- Fix N+1: eager load comments.user in ArticleController::show()
- Fix GuestbookController authorization logic
- Remove dead doSetup() method and duplicate route
- Extract shared HasRadioDefaults trait (remove code duplication)
- Use named routes in ForceStaffTwoFactorMiddleware
- Fix WebsiteHelpCenterTicket::isOpen() (no permission leak)
- Enable on WebsiteHelpCenterTicket (matches schema)
- Replace WebsiteTeam::all()->pluck() with direct pluck()
- Replace CatalogPage::all()->pluck() with direct pluck()
- Replace WebsiteBadge::all() with direct pluck()
- Add throttle middleware to guestbook store, logo-generator, radio embed
LOW:
- Remove unused imports
- Remove dead /inertia-test route
- Consolidate cache keys in RadioController
- Embed widget: standalone iframe player with dark/light/transparent themes, copy-paste embed code admin page
- Real-time SSE: streaming now-playing/listeners/dj events, replaces polling in radio-player and embed
- Song history: auto-records song changes to radio_song_plays table, Filament resource to view
- DJ moderation: unified panel for shouts approval, song request queue, DJ applications
- Auto DJ: playlist management with round-robin playback when no DJ is live
- Refactored radio-player Alpine component to use EventSource API with auto-reconnect
Added proper return types (View, RedirectResponse, JsonResponse, Collection)
to 40+ controller methods across 16 controllers. Also added missing
imports for Illuminate response types and tightened parameter types
(e.g. InstallationController::showStep now uses int instead of mixed).
root