feat: add 24 model factories for Help, Shop, Community, Game, User domains
- Translate mixed Dutch/English strings in README.md and AlertSettings.php
- Add HasFactory trait to 23 models
- Create factories for Help (6), Shop (4), Community (5), Game (2), User (7)
- Replace closures in web.php and auth.php with dedicated controllers
(LoginRedirectController, LogoutController, TwoFactorChallengeController,
EmailVerificationController) to fix route caching issues
- Add migration to increase password column to VARCHAR(255) for Argon2id support
- Fix 500 error caused by route cache incompatibility with closures
- Replace all hardcoded Dutch/English strings with __() translation calls
- Update 13 Blade components to use translation keys
- Update Commandocentrum.php controller with translation calls
- Add comprehensive Dutch (nl.json) and English (en.json) translations
- 150+ translation keys for UI labels, messages, and notifications
- Supports all 21 languages available in the lang/ directory
- Create EmulatorControlAction and NitroControlAction classes
- Extract business logic from Commandocentrum controller methods
- Add Blade components for status cards, diagnostics, and summary cards
- Replace shell_exec with file_get_contents in config reading
- Remove duplicate methods and unused code
- Commandocentrum reduced from 2033 to 1780 lines
- Add DiagnosticRunner integration to Commandocentrum for system health display
- Refactor EmulatorUpdateService from 2524 lines to 395 lines (facade pattern)
- Extract EmulatorStatusService, EmulatorJarService, EmulatorSourceService
- Extract EmulatorBuildService, EmulatorSqlService, EmulatorBackupService
- Add shared EmulatorConfiguration trait for dependency injection
- Preserve backward compatibility on all public methods
- SystemFixService: removed ALL shell_exec/sudo calls (30+ instances), replaced with
safe PHP alternatives (mkdir, chmod, disk_total_space, Artisan calls)
- InstallationController: added ALLOWED_SETTINGS whitelist to prevent arbitrary
settings manipulation via request data
- ExceptionHandler: removed dangerous npm run build execution and hardcoded
chown/chmod paths from auto-recovery
- AuthController: fixed user enumeration timing attack by running Hash::make()
even when user doesn't exist (constant-time comparison)
- DDoSDetectionCommand: added IP validation (FILTER_VALIDATE_IP) before blocking
to prevent iptables manipulation with spoofed/malicious IPs
- trackRequest: now validates IP before storing in cache
Added proper return types (View, RedirectResponse, JsonResponse, Collection)
to 40+ controller methods across 16 controllers. Also added missing
imports for Illuminate response types and tightened parameter types
(e.g. InstallationController::showStep now uses int instead of mixed).
root