remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4094f0fb14a7ead96a9acca0eced8c580a105966
Atomcms-edit/routes/user.php
T
root 4094f0fb14 Fix 40+ codebase issues: security, performance, duplication, dead code, and routes 
HIGH:
- Add missing import RadioSongRequestFormRequest (fixes crash on POST)
- Add Purify XSS sanitization for article full_story
- Fix duplicate radio API routes (/api/radio vs /api/radio/v2)
- Add try-catch guards in InstallationController for missing records

MEDIUM:
- Fix N+1: eager load comments.user in ArticleController::show()
- Fix GuestbookController authorization logic
- Remove dead doSetup() method and duplicate route
- Extract shared HasRadioDefaults trait (remove code duplication)
- Use named routes in ForceStaffTwoFactorMiddleware
- Fix WebsiteHelpCenterTicket::isOpen() (no permission leak)
- Enable  on WebsiteHelpCenterTicket (matches schema)
- Replace WebsiteTeam::all()->pluck() with direct pluck()
- Replace CatalogPage::all()->pluck() with direct pluck()
- Replace WebsiteBadge::all() with direct pluck()
- Add throttle middleware to guestbook store, logo-generator, radio embed

LOW:
- Remove unused imports
- Remove dead /inertia-test route
- Consolidate cache keys in RadioController
2026-06-08 18:56:34 +02:00

46 lines
2.5 KiB
PHP
Executable File
Raw Blame History

<?php
use App\Http\Controllers\User\AccountSettingsController;
use App\Http\Controllers\User\GuestbookController;
use App\Http\Controllers\User\MeController;
use App\Http\Controllers\User\PasswordSettingsController;
use App\Http\Controllers\User\PreferencesController;
use App\Http\Controllers\User\ProfileController;
use App\Http\Controllers\User\ReferralController;
use App\Http\Controllers\User\TwoFactorAuthenticationController;
use Illuminate\Support\Facades\Route;
// User routes
Route::prefix('user')->group(function () {
Route::get('/me', MeController::class)->name('me.show');
Route::get('/claim/referral-reward', ReferralController::class)->name('claim.referral-reward');
// Public profile
Route::withoutMiddleware('auth')->group(function () {
Route::get('/profile/{user:username}', ProfileController::class)->name('profile.show');
});
// Guestbook
Route::post('/profile/{user}/guestbook', [GuestbookController::class, 'store'])->name('guestbook.store')->middleware('throttle:5,1');
Route::delete('/profile/{user}/{guestbook}/delete', [GuestbookController::class, 'destroy'])->name('guestbook.destroy');
// Settings
Route::prefix('settings')->group(function () {
Route::get('/account', [AccountSettingsController::class, 'edit'])->name('settings.account.show');
Route::put('/account', [AccountSettingsController::class, 'update'])->name('settings.account.update');
Route::get('/password', [PasswordSettingsController::class, 'edit'])->name('settings.password.show');
Route::put('/password', [PasswordSettingsController::class, 'update'])->name('settings.password.update');
Route::get('/session-logs', [AccountSettingsController::class, 'sessionLogs'])->name('settings.session-logs');
Route::get('/two-factor', [TwoFactorAuthenticationController::class, 'index'])->name('settings.two-factor');
Route::post('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'store'])->name('user.two-factor.enable');
Route::post('/2fa-verify', [TwoFactorAuthenticationController::class, 'verify'])->name('two-factor.verify');
Route::delete('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'destroy'])->name('user.two-factor.disable');
Route::get('/preferences', [PreferencesController::class, 'edit'])->name('settings.preferences.show');
Route::put('/preferences', [PreferencesController::class, 'update'])->name('settings.preferences.update');
});
});
Reference in New Issue View Git Blame Copy Permalink