remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7bd30fd34cf7f1a601418770755ac274897aaa9
Atomcms-edit/app/Http/Controllers/Miscellaneous/InstallationController.php
T
root 4094f0fb14 Fix 40+ codebase issues: security, performance, duplication, dead code, and routes 
HIGH:
- Add missing import RadioSongRequestFormRequest (fixes crash on POST)
- Add Purify XSS sanitization for article full_story
- Fix duplicate radio API routes (/api/radio vs /api/radio/v2)
- Add try-catch guards in InstallationController for missing records

MEDIUM:
- Fix N+1: eager load comments.user in ArticleController::show()
- Fix GuestbookController authorization logic
- Remove dead doSetup() method and duplicate route
- Extract shared HasRadioDefaults trait (remove code duplication)
- Use named routes in ForceStaffTwoFactorMiddleware
- Fix WebsiteHelpCenterTicket::isOpen() (no permission leak)
- Enable  on WebsiteHelpCenterTicket (matches schema)
- Replace WebsiteTeam::all()->pluck() with direct pluck()
- Replace CatalogPage::all()->pluck() with direct pluck()
- Replace WebsiteBadge::all() with direct pluck()
- Add throttle middleware to guestbook store, logo-generator, radio embed

LOW:
- Remove unused imports
- Remove dead /inertia-test route
- Consolidate cache keys in RadioController
2026-06-08 18:56:34 +02:00

146 lines
4.3 KiB
PHP
Executable File
Raw Blame History

<?php
namespace App\Http\Controllers\Miscellaneous;
use App\Http\Controllers\Controller;
use App\Models\Miscellaneous\WebsiteInstallation;
use App\Models\Miscellaneous\WebsiteSetting;
use App\Rules\ValidateInstallationKeyRule;
use Exception;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Str;
use Illuminate\View\View;
class InstallationController extends Controller
{
private const array ALLOWED_SETTINGS = [
'hotel_name', 'hotel_url', 'emulator_database_host', 'emulator_database_port',
'emulator_database_name', 'emulator_database_username', 'emulator_database_password',
'theme', 'start_credits', 'start_pixels', 'start_diamonds',
'social_login_google_enabled', 'social_login_discord_enabled', 'social_login_github_enabled',
];
public function index(): View
{
return view('installation.index');
}
public function storeInstallationKey(Request $request): RedirectResponse
{
$request->validate([
'installation_key' => ['required', 'string', 'max:255', new ValidateInstallationKeyRule],
]);
try {
WebsiteInstallation::firstOrFail()->update([
'step' => 1,
'user_ip' => $request->ip(),
]);
} catch (\Exception $e) {
return back()->withErrors(['message' => 'Installation record not found. Please restart.']);
}
return to_route('installation.show-step', 1);
}
public function showStep(int $currentStep): View
{
$settings = $this->getSettingsForStep($currentStep);
return view('installation.step-' . $currentStep, [
'settings' => $settings,
]);
}
public function saveStepSettings(Request $request): RedirectResponse
{
$this->updateSettings($request);
$installation = WebsiteInstallation::firstOrFail();
$installation->increment('step');
return to_route('installation.show-step', $installation->step);
}
public function previousStep(): RedirectResponse
{
$installation = WebsiteInstallation::firstOrFail();
$installation->decrement('step');
return to_route('installation.show-step', $installation->step);
}
public function restartInstallation(): RedirectResponse
{
try {
WebsiteInstallation::firstOrFail()->update([
'step' => 0,
'installation_key' => Str::uuid(),
'user_ip' => null,
]);
} catch (\Exception $e) {
return to_route('installation.index');
}
WebsiteSetting::where('key', 'theme')->update([
'value' => 'atom',
]);
return to_route('installation.index');
}
public function completeInstallation(): RedirectResponse
{
Cache::forget('website_permissions');
Cache::forget('website_settings');
try {
WebsiteInstallation::latest()->firstOrFail()->update([
'completed' => true,
]);
} catch (\Exception $e) {
return to_route('installation.index');
}
return to_route('welcome');
}
private function updateSettings(Request $request): void
{
$data = $request->except(['_token', '_method']);
foreach ($data as $key => $value) {
if (! in_array($key, self::ALLOWED_SETTINGS)) {
continue;
}
WebsiteSetting::where('key', $key)->update([
'value' => is_array($value) ? json_encode($value) : (string) $value,
]);
}
}
private function getSettingsForStep(int $step): Collection
{
$allKeys = WebsiteSetting::pluck('key')->toArray();
$settingsData = array_chunk($allKeys, (int) ceil(count($allKeys) / 4));
$settings = match ($step) {
1 => $settingsData[0] ?? [],
2 => $settingsData[1] ?? [],
3 => $settingsData[2] ?? [],
4 => $settingsData[3] ?? [],
5 => [],
default => throw new Exception('Step does not exist'),
};
return WebsiteSetting::query()
->whereIn('key', $settings)
->select(['key', 'value', 'comment'])
->get();
}
}
Reference in New Issue View Git Blame Copy Permalink