You've already forked Atomcms-edit
root
f29ba72591
Security:
- Replace unescaped {!! !!} with Purify::clean() in 15+ Blade templates (XSS)
- Add rate limiting to register (3/hr), upload (10/min), SSE (6/min)
- Add max:5000 validation on article comments
- Remove duplicate exception handler callback
Hardcoded paths:
- Replace ~44 /var/www/ hardcoded paths with env() configs
- CatalogService (13), AutoDetectService (18), Commandocentrum (11), AppServiceProvider (2)
Performance:
- Add 10 missing database indexes (radio_song_requests, help_center_tickets, etc.)
- Replace Cache::flush() with targeted Cache::forget() in RadioSettings
- Cache getCachedCategories() in TicketController (N+1 fix)
- Remove redundant top-3 leaderboard query
Bug fixes:
- Fix undefined $enabled variable → $isOnline in radio index view
- Add getAvatarAttribute() accessor for non-existent avatar column
- Fix User::guilds() from wrong HasMany to HasManyThrough
Code quality:
- Replace file_get_contents with Http::timeout(10) in TraxService
- Remove commented Echo/Pusher boilerplate in bootstrap.js
- Remove TODO/FIXME comments from logo-generator templates
- Replace hardcoded Turnstile CDN URL with config()
- Restore QUEUE_CONNECTION=redis in .env.example files
141 lines
4.1 KiB
PHP
Executable File
141 lines
4.1 KiB
PHP
Executable File
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use App\Actions\Fortify\CreateNewUser;
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Requests\Api\ArticleCommentRequest;
|
|
use App\Http\Requests\Api\LoginRequest;
|
|
use App\Http\Requests\Api\RegisterRequest;
|
|
use App\Http\Requests\Api\UpdatePasswordRequest;
|
|
use App\Http\Requests\Api\UpdateUserRequest;
|
|
use App\Http\Resources\Api\ArticleResource;
|
|
use App\Http\Resources\Api\PhotoResource;
|
|
use App\Http\Resources\Api\UserApiResource;
|
|
use App\Models\Articles\WebsiteArticle;
|
|
use App\Models\Miscellaneous\CameraWeb;
|
|
use App\Models\User;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class AuthController extends Controller
|
|
{
|
|
public function login(LoginRequest $request): JsonResponse
|
|
{
|
|
$username = $request->input('username');
|
|
$user = User::where('username', $username)
|
|
->orWhere('mail', $username)
|
|
->first();
|
|
|
|
$credentialsValid = $user && Hash::check($request->input('password'), $user->password);
|
|
|
|
if (! $credentialsValid) {
|
|
Hash::check($request->input('password'), Hash::make('timing-attack-prevention'));
|
|
|
|
throw ValidationException::withMessages([
|
|
'username' => ['The provided credentials are incorrect.'],
|
|
]);
|
|
}
|
|
|
|
if ($user->is_banned) {
|
|
throw ValidationException::withMessages([
|
|
'username' => ['Your account has been banned.'],
|
|
]);
|
|
}
|
|
|
|
$user->update(['last_login' => time()]);
|
|
|
|
$token = $user->createToken('auth-token')->plainTextToken;
|
|
|
|
return response()->json([
|
|
'user' => new UserApiResource($user),
|
|
'token' => $token,
|
|
]);
|
|
}
|
|
|
|
public function register(RegisterRequest $request): JsonResponse
|
|
{
|
|
$createNewUser = new CreateNewUser;
|
|
|
|
$user = $createNewUser->create($request->validated());
|
|
|
|
$token = $user->createToken('auth-token')->plainTextToken;
|
|
|
|
return response()->json([
|
|
'user' => new UserApiResource($user),
|
|
'token' => $token,
|
|
], 201);
|
|
}
|
|
|
|
public function user(Request $request): JsonResponse
|
|
{
|
|
return response()->json(new UserApiResource($request->user()));
|
|
}
|
|
|
|
public function logout(Request $request): JsonResponse
|
|
{
|
|
$request->user()->currentAccessToken()->delete();
|
|
|
|
return response()->json(['message' => 'Logged out successfully']);
|
|
}
|
|
|
|
public function home(): JsonResponse
|
|
{
|
|
$articles = WebsiteArticle::with(['user:id,username,look'])
|
|
->latest('id')
|
|
->take(4)
|
|
->get();
|
|
|
|
$photos = CameraWeb::query()
|
|
->latest('id')
|
|
->take(4)
|
|
->where('visible', true)
|
|
->with('user:id,username,look')
|
|
->get();
|
|
|
|
return response()->json([
|
|
'articles' => ArticleResource::collection($articles),
|
|
'photos' => PhotoResource::collection($photos),
|
|
]);
|
|
}
|
|
|
|
public function updateUser(UpdateUserRequest $request): JsonResponse
|
|
{
|
|
$user = $request->user();
|
|
$user->update($request->validated());
|
|
|
|
return response()->json(new UserApiResource($user));
|
|
}
|
|
|
|
public function updatePassword(UpdatePasswordRequest $request): JsonResponse
|
|
{
|
|
$request->user()->update([
|
|
'password' => Hash::make($request->input('password')),
|
|
]);
|
|
|
|
return response()->json(['message' => 'Password updated successfully']);
|
|
}
|
|
|
|
public function articleComment(ArticleCommentRequest $request, string $slug): JsonResponse
|
|
{
|
|
$article = WebsiteArticle::where('slug', $slug)->firstOrFail();
|
|
|
|
$request->validate([
|
|
'comment' => ['required', 'string', 'max:5000'],
|
|
]);
|
|
|
|
$comment = $article->comments()->create([
|
|
'user_id' => $request->user()->id,
|
|
'comment' => strip_tags((string) $request->input('comment')),
|
|
]);
|
|
|
|
return response()->json([
|
|
'data' => $comment->load('user:id,username,look'),
|
|
], 201);
|
|
}
|
|
}
|