6eeb85fcf2
Improvements: fix duplicate seeder, add missing seeders, remove redundant $with, add migration down(), optimize queries
2026-06-08 18:33:24 +02:00
f7fe86efeb
Refactor HotelApiController into 6 focused controllers + FurniEditorController Eloquent migration
2026-06-04 20:32:15 +02:00
b2bb1811d0
Medium priority fixes: CORS from env, shared HasRadioSettings trait, lazy RconService, validated() fixes, LogoGenerator hardening, DB indexes, user profile consistency, radio rank N+1 fix
2026-06-04 20:05:36 +02:00
4b6872e5e0
Low priority fixes: debug comments, Fortify cleanup, badge cost setting, profile query merge, User model fixes, VPN constructor cleanup, PayPal POST, PII removal, Dutch→English translations, duplicate rank check, CHANGELOG
2026-06-04 19:57:01 +02:00
2d8beaa531
chore: fix code style with Laravel Pint
2026-05-23 19:05:37 +02:00
75b78c17fa
refactor: improve security, split routes, add API resources and FormRequests
...
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
2026-05-20 23:03:16 +02:00
b1739cabbf
fix(security): eliminate remaining critical vulnerabilities
...
- SystemFixService: removed ALL shell_exec/sudo calls (30+ instances), replaced with
safe PHP alternatives (mkdir, chmod, disk_total_space, Artisan calls)
- InstallationController: added ALLOWED_SETTINGS whitelist to prevent arbitrary
settings manipulation via request data
- ExceptionHandler: removed dangerous npm run build execution and hardcoded
chown/chmod paths from auto-recovery
- AuthController: fixed user enumeration timing attack by running Hash::make()
even when user doesn't exist (constant-time comparison)
- DDoSDetectionCommand: added IP validation (FILTER_VALIDATE_IP) before blocking
to prevent iptables manipulation with spoofed/malicious IPs
- trackRequest: now validates IP before storing in cache
2026-05-19 19:46:38 +02:00
81e99933e4
refactor: improve code quality across controllers and services
...
- DRY FurniEditorController: extract duplicate try/catch blocks into handleApiError(),
formatItemData(), buildUpdateData(), buildInsertData(), castValue() methods
- ProfileController: replace 45 lines of manual date formatting with Carbon's diffForHumans()
- Replace custom Password rule (180 lines) with Laravel's built-in Password::min() rule
- RadioController: extract RadioStreamService and RadioScheduleService, reducing from 608 to 323 lines
- Add RadioSettings enum to replace magic strings throughout radio feature
- Add CurrencyTypes::columnName() helper method
- Add consistent return types (JsonResponse, View, RedirectResponse) to all controller methods
2026-05-19 19:16:59 +02:00
9d73f82529
Initial commit
2026-05-09 17:32:17 +02:00
root