remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1acd96b78ab9a3f8983ab1f6d23e06880e8b8585
Atomcms-edit/app/Providers/RouteServiceProvider.php
T
root f29ba72591 Fix security, performance, and code quality issues across CMS 
Security:
- Replace unescaped {!! !!} with Purify::clean() in 15+ Blade templates (XSS)
- Add rate limiting to register (3/hr), upload (10/min), SSE (6/min)
- Add max:5000 validation on article comments
- Remove duplicate exception handler callback

Hardcoded paths:
- Replace ~44 /var/www/ hardcoded paths with env() configs
- CatalogService (13), AutoDetectService (18), Commandocentrum (11), AppServiceProvider (2)

Performance:
- Add 10 missing database indexes (radio_song_requests, help_center_tickets, etc.)
- Replace Cache::flush() with targeted Cache::forget() in RadioSettings
- Cache getCachedCategories() in TicketController (N+1 fix)
- Remove redundant top-3 leaderboard query

Bug fixes:
- Fix undefined $enabled variable → $isOnline in radio index view
- Add getAvatarAttribute() accessor for non-existent avatar column
- Fix User::guilds() from wrong HasMany to HasManyThrough

Code quality:
- Replace file_get_contents with Http::timeout(10) in TraxService
- Remove commented Echo/Pusher boilerplate in bootstrap.js
- Remove TODO/FIXME comments from logo-generator templates
- Replace hardcoded Turnstile CDN URL with config()
- Restore QUEUE_CONNECTION=redis in .env.example files
2026-06-29 18:28:19 +02:00

87 lines
2.8 KiB
PHP
Executable File
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Providers;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\Route;
class RouteServiceProvider extends ServiceProvider
{
/**
* The path to the "home" route for your application.
*
* Typically, users are redirected here after authentication.
*
* @var string
*/
public const HOME = '/user/me';
/**
* Define your route model bindings, pattern filters, and other route configuration.
*/
#[\Override]
public function boot(): void
{
$this->configureRateLimiting();
$this->routes(function () {
Route::middleware('api')
->prefix('api')
->group(base_path('routes/api.php'));
Route::middleware('web')
->group(base_path('routes/web.php'));
});
}
/**
* Configure the rate limiters for the application.
*/
protected function configureRateLimiting(): void
{
// API rate limit: 150 per minute for authenticated users, 100 for guests
RateLimiter::for('api', function (Request $request) {
$userId = $request->user()?->id;
$key = $userId ?: $request->ip();
$maxAttempts = $userId ? 150 : 100;
return Limit::perMinute($maxAttempts)->by($key);
});
// Web rate limit for authenticated users
RateLimiter::for('web', function (Request $request) {
$userId = $request->user()?->id;
$key = $userId ?: $request->ip();
$maxAttempts = $userId ? 200 : 100;
return Limit::perMinute($maxAttempts)->by($key);
});
// Strict rate limit for registration (prevent spam)
RateLimiter::for('register', fn (Request $request) => Limit::perHour(3)->by($request->ip()));
// Two-factor authentication rate limit
RateLimiter::for('two-factor', fn (Request $request) => Limit::perMinute(15)->by($request->ip()));
// Strict photo upload rate limit
RateLimiter::for('upload', fn (Request $request) => Limit::perMinute(10)->by($request->user()?->id ?? $request->ip()));
// Rate limit for radio endpoints (high traffic)
RateLimiter::for('radio', function (Request $request) {
$key = $request->get('radio_api_key_id')
?? $request->user()?->id
?? $request->ip();
return Limit::perMinute(120)->by((string) $key);
});
// Rate limit for SSE (long-lived connections - low rate)
RateLimiter::for('sse', fn (Request $request) => Limit::perMinute(6)->by($request->ip()));
}
}
Reference in New Issue View Git Blame Copy Permalink