Flycro/bookclub-manager
1
0
Fork 0
generated from Flycro/laravel-nuxt
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Flycro
2024-03-17 14:07:38 +01:00
commit 22ea1930c4
133 changed files with 24036 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
app/Console/Commands/TemporaryClear.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
namespace App\Console\Commands;
use App\Models\TemporaryUpload;
use Illuminate\Console\Command;
use Storage;
class TemporaryClear extends Command
{
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'temporary:clear';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Temporary uploads clear';
/**
* Execute the console command.
*/
public function handle()
{
$uploads = TemporaryUpload::where('created_at', '<', now()->subHour())->get();
foreach ($uploads as $upload) {
Storage::disk('public')->delete($upload->path);
$upload->delete();
}
}
}

37
app/Helpers/Image.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
namespace App\Helpers;
use Intervention\Image\ImageManager;
use Intervention\Image\Drivers\Gd\Driver as GdDriver;
class Image
{
/**
* Convert image to webp, jpeg or png format and resize it
*/
public static function convert(string $source, string $target, int $width = null, int $height = null, string $extension = 'webp', int $quality = 90): void
{
$manager = new ImageManager(new GdDriver);
$image = $manager->read($source);
$maxSize = 1920;
if ($width && $height) {
$image->cover($width, $height);
} elseif ($width || $image->width() > $maxSize) {
$image->scale(width: $width ?? $maxSize);
} elseif ($height || $image->height() > $maxSize) {
$image->scale(height: $height ?? $maxSize);
}
if ($extension === 'webp') {
$image->toWebp($quality)->save($target);
} else if ($extension === 'jpeg') {
$image->toJpeg($quality)->save($target);
} else if ($extension === 'png') {
$image->toPng()->save($target);
}
}
}

84
app/Http/Controllers/AccountController.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
namespace App\Http\Controllers;
use App\Models\TemporaryUpload;
use App\Rules\TemporaryFileExists;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;
use Illuminate\Validation\ValidationException;
use Storage;
use Str;
class AccountController extends Controller
{
/**
* Update the user's profile information.
*/
public function update(Request $request): JsonResponse
{
$request->merge([
// Remove extra spaces and non-word characters
'name' => $request->name ? Str::squish(Str::onlyWords($request->name)) : '',
]);
$user = $request->user();
$request->validate([
'name' => ['required', 'string', 'min:3', 'max:100'],
'email' => ['required', 'email', 'unique:users,email,'.$user->id],
'avatar' => ['nullable', 'string', Rule::excludeIf($request->avatar === $user->avatar), 'regex:/^avatars\/[a-z0-9]{26}\.([a-z]++)$/i', new TemporaryFileExists],
]);
if ($user->avatar && Str::startsWith($user->avatar, 'avatars/') && $user->avatar !== $request->avatar) {
Storage::disk('public')->delete($user->avatar);
}
$email = $user->email;
$user->update($request->only(['name', 'email', 'avatar']));
if ($email !== $request->email) {
$user->email_verified_at = null;
$user->save(['timestamps' => false]);
$user->sendEmailVerificationNotification();
}
// Delete temporary upload record
TemporaryUpload::where('path', $request->avatar)->delete();
return response()->json([
'ok' => true,
]);
}
/**
* Update the user's password.
*/
public function password(Request $request): JsonResponse
{
$request->validate([
'current_password' => ['required', 'string', 'min:8', 'max:100'],
'password' => ['required', 'string', 'min:8', 'max:100', 'confirmed'],
]);
$user = $request->user();
abort_unless($user->has_password, 403, __('Access denied.'));
if (! Hash::check($request->current_password, $user->password)) {
throw ValidationException::withMessages([
'current_password' => __('auth.password'),
]);
}
$user->update([
'password' => Hash::make($request->password),
]);
return response()->json([
'ok' => true,
]);
}
}

355
app/Http/Controllers/AuthController.php Normal file
View File

@@ -0,0 +1,355 @@
<?php
namespace App\Http\Controllers;
use App\Http\Requests\Auth\LoginRequest;
use App\Models\User;
use App\Models\UserProvider;
use Browser;
use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Auth\Events\Registered;
use Illuminate\Auth\Events\Verified;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Illuminate\Validation\Rules;
use Illuminate\Validation\ValidationException;
use Illuminate\View\View;
use Laravel\Socialite\Facades\Socialite;
class AuthController extends Controller
{
/**
* Register new user
*/
public function register(Request $request): JsonResponse
{
$request->validate([
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class],
'password' => ['required', 'confirmed', Rules\Password::defaults()],
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
$user->ulid = Str::ulid()->toBase32();
$user->save();
$user->assignRole('user');
event(new Registered($user));
return response()->json([
'ok' => true,
], 201);
}
/**
* Redirect to provider for authentication
*/
public function redirect(Request $request, $provider)
{
return Socialite::driver($provider)->stateless()->redirect();
}
/**
* Handle callback from provider
*/
public function callback(Request $request, string $provider): View
{
$oAuthUser = Socialite::driver($provider)->stateless()->user();
if (! $oAuthUser?->token) {
return view('oauth', [
'message' => [
'ok' => false,
'message' => __('Unable to authenticate with :provider', ['provider' => $provider]),
],
]);
}
$userProvider = UserProvider::select('id', 'user_id')
->where('name', $provider)
->where('provider_id', $oAuthUser->id)
->first();
if (! $userProvider) {
if (User::where('email', $oAuthUser->email)->exists()) {
return view('oauth', [
'message' => [
'ok' => false,
'message' => __('Unable to authenticate with :provider. User with email :email already exists. To connect a new service to your account, you can go to your account settings and go through the process of linking your account.', [
'provider' => $provider,
'email' => $oAuthUser->email,
]),
],
]);
}
$user = new User();
$user->ulid = Str::ulid()->toBase32();
$user->avatar = $oAuthUser->picture ?? $oAuthUser->avatar_original ?? $oAuthUser->avatar;
$user->name = $oAuthUser->name;
$user->email = $oAuthUser->email;
$user->password = Hash::make(Str::random(32));
$user->has_password = false;
$user->email_verified_at = now();
$user->save();
$user->assignRole('user');
$user->userProviders()->create([
'provider_id' => $oAuthUser->id,
'name' => $provider,
]);
} else {
$user = $userProvider->user;
}
$browser = Browser::parse($request->userAgent());
$device = $browser->platformName() . ' / ' . $browser->browserName();
$sanctumToken = $user->createToken(
$device,
['*'],
now()->addMonth()
);
$sanctumToken->accessToken->ip = $request->ip();
$sanctumToken->accessToken->save();
return view('oauth', [
'message' => [
'ok' => true,
'provider' => $provider,
'token' => $sanctumToken->plainTextToken,
],
]);
}
/**
* Generate sanctum token on successful login
*/
public function login(LoginRequest $request): JsonResponse
{
$user = User::where('email', $request->email)->first();
$request->authenticate($user);
$browser = Browser::parse($request->userAgent());
$device = $browser->platformName() . ' / ' . $browser->browserName();
$sanctumToken = $user->createToken(
$device,
['*'],
$request->remember ?
now()->addMonth() :
now()->addDay()
);
$sanctumToken->accessToken->ip = $request->ip();
$sanctumToken->accessToken->save();
return response()->json([
'ok' => true,
'token' => $sanctumToken->plainTextToken,
]);
}
/**
* Revoke token; only remove token that is used to perform logout (i.e. will not revoke all tokens)
*/
public function logout(Request $request): JsonResponse
{
$request->user()->currentAccessToken()->delete();
return response()->json([
'ok' => true,
]);
}
/**
* Get authenticated user details
*/
public function user(Request $request): JsonResponse
{
$user = $request->user();
return response()->json([
'ok' => true,
'user' => [
...$user->toArray(),
'must_verify_email' => $user->mustVerifyEmail(),
'roles' => $user->roles()->select('name')->pluck('name'),
'providers' => $user->userProviders()->select('name')->pluck('name'),
],
]);
}
/**
* Handle an incoming password reset link request.
*/
public function sendResetPasswordLink(Request $request): JsonResponse
{
$request->validate([
'email' => ['required', 'email'],
]);
// We will send the password reset link to this user. Once we have attempted
// to send the link, we will examine the response then see the message we
// need to show to the user. Finally, we'll send out a proper response.
$status = Password::sendResetLink(
$request->only('email')
);
if ($status != Password::RESET_LINK_SENT) {
throw ValidationException::withMessages([
'email' => [__($status)],
]);
}
return response()->json([
'ok' => true,
'message' => __($status),
]);
}
/**
* Handle an incoming new password request.
*/
public function resetPassword(Request $request): JsonResponse
{
$request->validate([
'token' => ['required'],
'email' => ['required', 'email', 'exists:'.User::class],
'password' => ['required', 'confirmed', Rules\Password::defaults()],
]);
// Here we will attempt to reset the user's password. If it is successful we
// will update the password on an actual user model and persist it to the
// database. Otherwise we will parse the error and return the response.
$status = Password::reset(
$request->only('email', 'password', 'password_confirmation', 'token'),
function ($user) use ($request) {
$user->forceFill([
'password' => Hash::make($request->password),
'remember_token' => Str::random(60),
'has_password' => true,
])->save();
event(new PasswordReset($user));
}
);
if ($status != Password::PASSWORD_RESET) {
throw ValidationException::withMessages([
'email' => [__($status)],
]);
}
return response()->json([
'ok' => true,
'message' => __($status),
]);
}
/**
* Mark the authenticated user's email address as verified.
*/
public function verifyEmail(Request $request, $ulid, $hash): JsonResponse
{
$user = User::whereUlid($ulid)->first();
abort_unless(!!$user, 404);
abort_unless(hash_equals(sha1($user->getEmailForVerification()), $hash), 403, __('Invalid verification link'));
if (! $user->hasVerifiedEmail()) {
$user->markEmailAsVerified();
event(new Verified($user));
}
return response()->json([
'ok' => true,
]);
}
/**
* Send a new email verification notification.
*/
public function verificationNotification(Request $request): JsonResponse
{
$request->validate([
'email' => ['required', 'email'],
]);
$user = User::where('email', $request->email)->whereNull('email_verified_at')->first();
abort_unless(!!$user, 400);
$user->sendEmailVerificationNotification();
return response()->json([
'ok' => true,
'message' => __('Verification link sent!'),
]);
}
/**
* Get authenticated user devices
*/
public function devices(Request $request): JsonResponse
{
$user = $request->user();
$devices = $user->tokens()
->select('id', 'name', 'ip', 'last_used_at')
->orderBy('last_used_at', 'DESC')
->get();
$currentToken = $user->currentAccessToken();
foreach ($devices as $device) {
$device->hash = Crypt::encryptString($device->id);
if ($currentToken->id === $device->id) {
$device->is_current = true;
}
unset($device->id);
}
return response()->json([
'ok' => true,
'devices' => $devices,
]);
}
/**
* Revoke token by id
*/
public function deviceDisconnect(Request $request): JsonResponse
{
$request->validate([
'hash' => 'required',
]);
$user = $request->user();
$id = (int) Crypt::decryptString($request->hash);
if (!empty($id)) {
$user->tokens()->where('id', $id)->delete();
}
return response()->json([
'ok' => true,
]);
}
}

8
app/Http/Controllers/Controller.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
namespace App\Http\Controllers;
abstract class Controller
{
//
}

40
app/Http/Controllers/UploadController.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
namespace App\Http\Controllers;
use App\Models\TemporaryUpload;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Str;
class UploadController extends Controller
{
public function image(Request $request): JsonResponse
{
$request->validate([
'image' => ['required', 'image', 'max:5120'],
'entity' => ['required', 'string', 'in:avatars'],
'width' => 'nullable|integer|min:1|max:1920',
'height' => 'nullable|integer|min:1|max:1920',
]);
$extension = 'webp';
$path = $request->file('image')
->convert($request->width, $request->height, $extension)
->storeAs(
$request->entity,
implode('.', [Str::ulid()->toBase32(), $extension]),
['disk' => 'public']
);
TemporaryUpload::create([
'path' => $path,
]);
return response()->json([
'ok' => true,
'path' => $path,
]);
}
}

22
app/Http/Middleware/JsonResponse.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class JsonResponse
{
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
$request->headers->set('Accept', 'application/json');
return $next($request);
}
}

85
app/Http/Requests/Auth/LoginRequest.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
namespace App\Http\Requests\Auth;
use Illuminate\Auth\Events\Lockout;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;
class LoginRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*/
public function authorize(): bool
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array<string, \Illuminate\Contracts\Validation\Rule|array|string>
*/
public function rules(): array
{
return [
'email' => ['required', 'string', 'email'],
'password' => ['required', 'string'],
];
}
/**
* Attempt to authenticate the request's credentials.
*
* @throws \Illuminate\Validation\ValidationException
*/
public function authenticate($user): void
{
$this->ensureIsNotRateLimited();
if (! $user || ! Hash::check($this->password, $user->password)) {
RateLimiter::hit($this->throttleKey());
throw ValidationException::withMessages([
'email' => __('auth.failed'),
]);
}
RateLimiter::clear($this->throttleKey());
}
/**
* Ensure the login request is not rate limited.
*
* @throws \Illuminate\Validation\ValidationException
*/
public function ensureIsNotRateLimited(): void
{
if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) {
return;
}
event(new Lockout($this));
$seconds = RateLimiter::availableIn($this->throttleKey());
throw ValidationException::withMessages([
'email' => trans('auth.throttle', [
'seconds' => $seconds,
'minutes' => ceil($seconds / 60),
]),
]);
}
/**
* Get the rate limiting throttle key for the request.
*/
public function throttleKey(): string
{
return Str::transliterate(Str::lower($this->input('email')).'|'.$this->ip());
}
}

15
app/Models/TemporaryUpload.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class TemporaryUpload extends Model
{
use HasFactory;
protected $fillable = [
'path',
];
}

64
app/Models/User.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
namespace App\Models;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens;
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable implements MustVerifyEmail
{
use HasApiTokens, HasFactory, HasRoles, Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array<int, string>
*/
protected $fillable = [
'name',
'email',
'avatar',
'password',
];
/**
* The attributes that should be hidden for serialization.
*
* @var array<int, string>
*/
protected $hidden = [
'id',
'password',
'remember_token',
'email_verified_at',
];
/**
* Get the attributes that should be cast.
*
* @return array<string, string>
*/
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
'has_password' => 'boolean',
];
}
public function userProviders(): HasMany
{
return $this->hasMany(UserProvider::class);
}
public function mustVerifyEmail(): bool
{
return $this instanceof MustVerifyEmail && !$this->hasVerifiedEmail();
}
}

21
app/Models/UserProvider.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class UserProvider extends Model
{
use HasFactory;
protected $fillable = [
'provider_id',
'name',
];
public function user()
{
return $this->belongsTo(User::class);
}
}

83
app/Providers/AppServiceProvider.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
namespace App\Providers;
use App\Helpers\Image;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Str;
use Illuminate\Auth\Notifications\ResetPassword;
use Illuminate\Auth\Notifications\VerifyEmail;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request;
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
// Register Telescope only in local environment
if ($this->app->environment('local') && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) {
$this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class);
$this->app->register(TelescopeServiceProvider::class);
}
}
/**
* Bootstrap any application services.
*/
public function boot(): void
{
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});
RateLimiter::for('verification-notification', function (Request $request) {
return Limit::perMinute(1)->by($request->user()?->email ?: $request->ip());
});
RateLimiter::for('uploads', function (Request $request) {
return $request->user()?->hasRole('admin')
? Limit::none()
: Limit::perMinute(10)->by($request->ip());
});
ResetPassword::createUrlUsing(function (object $notifiable, string $token) {
return config('app.frontend_url') . "/password-reset/{$token}?email={$notifiable->getEmailForPasswordReset()}";
});
VerifyEmail::createUrlUsing(function (object $notifiable) {
$url = url()->temporarySignedRoute(
'verification.verify',
now()->addMinutes(config('auth.verification.expire', 60)),
[
'ulid' => $notifiable->ulid,
'hash' => sha1($notifiable->getEmailForVerification()),
]
);
return config('app.frontend_url') . '/auth/verify?verify_url=' . urlencode($url);
});
/**
* Convert uploaded image to webp, jpeg or png format and resize it
*/
UploadedFile::macro('convert', function (int $width = null, int $height = null, string $extension = 'webp', int $quality = 90): UploadedFile {
return tap($this, function (UploadedFile $file) use ($width, $height, $extension, $quality) {
Image::convert($file->path(), $file->path(), $width, $height, $extension, $quality);
});
});
/**
* Remove all special characters from a string
*/
Str::macro('onlyWords', function (string $text): string {
// \p{L} matches any kind of letter from any language
// \d matches a digit in any script
return Str::replaceMatches('/[^\p{L}\d ]/u', '', $text);
});
}
}

62
app/Providers/TelescopeServiceProvider.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
namespace App\Providers;
use Illuminate\Support\Facades\Gate;
use Laravel\Telescope\IncomingEntry;
use Laravel\Telescope\Telescope;
use Laravel\Telescope\TelescopeApplicationServiceProvider;
class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
Telescope::night();
$this->hideSensitiveRequestDetails();
$isLocal = $this->app->environment('local');
Telescope::filter(function (IncomingEntry $entry) use ($isLocal) {
return $isLocal ||
$entry->isReportableException() ||
$entry->isFailedRequest() ||
$entry->isFailedJob() ||
$entry->isScheduledTask() ||
$entry->hasMonitoredTag();
});
}
/**
* Prevent sensitive request details from being logged by Telescope.
*/
protected function hideSensitiveRequestDetails(): void
{
if ($this->app->environment('local')) {
return;
}
Telescope::hideRequestParameters(['_token']);
Telescope::hideRequestHeaders([
'cookie',
'x-csrf-token',
'x-xsrf-token',
]);
}
/**
* Register the Telescope gate.
*
* This gate determines who can access Telescope in non-local environments.
*/
protected function gate(): void
{
Gate::define('viewTelescope', function ($user) {
return $user->hasRole('admin');
});
}
}

23
app/Rules/TemporaryFileExists.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
namespace App\Rules;
use App\Models\TemporaryUpload;
use Closure;
use Illuminate\Contracts\Validation\ValidationRule;
use Storage;
class TemporaryFileExists implements ValidationRule
{
/**
* Run the validation rule.
*
* @param \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString $fail
*/
public function validate(string $attribute, mixed $value, Closure $fail): void
{
if (! Storage::disk('public')->exists($value) || ! TemporaryUpload::where('path', $value)->exists()) {
$fail(__('The :attribute does not exist.', ['attribute' => $attribute]));
}
}
}