diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index eeef139..70232d9 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -13,8 +13,7 @@ class Kernel extends HttpKernel * * @var array */ - protected $middleware = [ - // \App\Http\Middleware\TrustHosts::class, + protected $middleware = [ \App\Http\Middleware\TrustProxies::class, \Illuminate\Http\Middleware\HandleCors::class, \App\Http\Middleware\PreventRequestsDuringMaintenance::class, diff --git a/composer.json b/composer.json index 892bdce..2854a67 100644 --- a/composer.json +++ b/composer.json @@ -12,6 +12,7 @@ "astrotomic/laravel-translatable": "^11.11", "darkaonline/l5-swagger": "^8.3", "doctrine/dbal": "^3.3", + "enlightn/enlightn": "^2.10", "guzzlehttp/guzzle": "^7.2", "intervention/image": "^2.7", "jzonta/faker-restaurant": "^2.0", diff --git a/composer.lock b/composer.lock index c08462e..df1617b 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "85672bde0ed70d5e256b5c38379f6292", + "content-hash": "c9f5fdbad69b2711f7fa6d16d48ca80b", "packages": [ { "name": "astrotomic/laravel-translatable", @@ -1239,6 +1239,159 @@ ], "time": "2023-06-01T07:04:22+00:00" }, + { + "name": "enlightn/enlightn", + "version": "v2.10.0", + "source": { + "type": "git", + "url": "https://github.com/enlightn/enlightn.git", + "reference": "983ce84674609be77a1723475f8d2bd205575af2" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/enlightn/enlightn/zipball/983ce84674609be77a1723475f8d2bd205575af2", + "reference": "983ce84674609be77a1723475f8d2bd205575af2", + "shasum": "" + }, + "require": { + "enlightn/security-checker": "^1.1|^2.0", + "ext-json": "*", + "guzzlehttp/guzzle": "^7.0", + "larastan/larastan": "^2.0", + "laravel/framework": "^9.0|^10.0|^11.0", + "nikic/php-parser": "^4.0|^5.0", + "php": "^8.0", + "phpstan/phpstan": ">=1.10.48", + "phpstan/phpstan-deprecation-rules": "^1.1", + "symfony/finder": "^4.0|^5.0|^6.0|^7.0" + }, + "require-dev": { + "barryvdh/laravel-ide-helper": "^2.8|^3.0", + "brianium/paratest": "^6.1|^7.0", + "friendsofphp/php-cs-fixer": "^2.18|^3.0", + "mockery/mockery": "^1.3", + "orchestra/testbench": "^7.0|^8.0|^9.0", + "phpunit/phpunit": "^9.0|^10.0", + "predis/predis": "*" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Enlightn\\Enlightn\\EnlightnServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "Enlightn\\Enlightn\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-3.0-or-later" + ], + "authors": [ + { + "name": "Paras Malhotra", + "email": "paras@laravel-enlightn.com" + }, + { + "name": "Miguel Piedrafita", + "email": "soy@miguelpiedrafita.com" + }, + { + "name": "Lars Klopstra", + "email": "lars@flowframe.nl" + } + ], + "description": "Enlightn - Your performance & security consultant, an artisan command away.", + "homepage": "https://www.laravel-enlightn.com/", + "keywords": [ + "Audit", + "analysis tool", + "dynamic analysis", + "dynamic analyzer", + "laravel", + "package", + "performance", + "security", + "static analysis", + "static analyzer" + ], + "support": { + "docs": "https://www.laravel-enlightn.com/docs/", + "issues": "https://github.com/enlightn/enlightn/issues", + "source": "https://github.com/enlightn/enlightn/tree/v2.10.0" + }, + "time": "2024-04-05T10:49:23+00:00" + }, + { + "name": "enlightn/security-checker", + "version": "v1.11.0", + "source": { + "type": "git", + "url": "https://github.com/enlightn/security-checker.git", + "reference": "68df5c7256c84b428bf8fcff0d249de06ce362d2" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/enlightn/security-checker/zipball/68df5c7256c84b428bf8fcff0d249de06ce362d2", + "reference": "68df5c7256c84b428bf8fcff0d249de06ce362d2", + "shasum": "" + }, + "require": { + "ext-json": "*", + "guzzlehttp/guzzle": "^6.3|^7.0", + "php": ">=5.6", + "symfony/console": "^3.4|^4|^5|^6|^7", + "symfony/finder": "^3|^4|^5|^6|^7", + "symfony/process": "^3.4|^4|^5|^6|^7", + "symfony/yaml": "^3.4|^4|^5|^6|^7" + }, + "require-dev": { + "ext-zip": "*", + "friendsofphp/php-cs-fixer": "^2.18|^3.0", + "phpunit/phpunit": "^5.5|^6|^7|^8|^9" + }, + "bin": [ + "security-checker" + ], + "type": "library", + "autoload": { + "psr-4": { + "Enlightn\\SecurityChecker\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paras Malhotra", + "email": "paras@laravel-enlightn.com" + }, + { + "name": "Miguel Piedrafita", + "email": "soy@miguelpiedrafita.com" + } + ], + "description": "A PHP dependency vulnerabilities scanner based on the Security Advisories Database.", + "keywords": [ + "package", + "php", + "scanner", + "security", + "security advisories", + "vulnerability scanner" + ], + "support": { + "issues": "https://github.com/enlightn/security-checker/issues", + "source": "https://github.com/enlightn/security-checker/tree/v1.11.0" + }, + "time": "2023-11-17T07:53:29+00:00" + }, { "name": "fakerphp/faker", "version": "v1.23.0", @@ -2038,6 +2191,102 @@ }, "time": "2021-11-15T11:21:22+00:00" }, + { + "name": "larastan/larastan", + "version": "v2.6.4", + "source": { + "type": "git", + "url": "https://github.com/larastan/larastan.git", + "reference": "6c5e8820f3db6397546f3ce48520af9d312aed27" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/larastan/larastan/zipball/6c5e8820f3db6397546f3ce48520af9d312aed27", + "reference": "6c5e8820f3db6397546f3ce48520af9d312aed27", + "shasum": "" + }, + "require": { + "ext-json": "*", + "illuminate/console": "^9.47.0 || ^10.0.0", + "illuminate/container": "^9.47.0 || ^10.0.0", + "illuminate/contracts": "^9.47.0 || ^10.0.0", + "illuminate/database": "^9.47.0 || ^10.0.0", + "illuminate/http": "^9.47.0 || ^10.0.0", + "illuminate/pipeline": "^9.47.0 || ^10.0.0", + "illuminate/support": "^9.47.0 || ^10.0.0", + "php": "^8.0.2", + "phpmyadmin/sql-parser": "^5.6.0", + "phpstan/phpstan": "~1.10.6" + }, + "require-dev": { + "nikic/php-parser": "^4.15.2", + "orchestra/testbench": "^7.19.0 || ^8.0.0", + "phpunit/phpunit": "^9.5.27" + }, + "suggest": { + "orchestra/testbench": "Using Larastan for analysing a package needs Testbench" + }, + "type": "phpstan-extension", + "extra": { + "branch-alias": { + "dev-master": "2.0-dev" + }, + "phpstan": { + "includes": [ + "extension.neon" + ] + } + }, + "autoload": { + "psr-4": { + "NunoMaduro\\Larastan\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nuno Maduro", + "email": "enunomaduro@gmail.com" + } + ], + "description": "Larastan - Discover bugs in your code without running it. A phpstan/phpstan wrapper for Laravel", + "keywords": [ + "PHPStan", + "code analyse", + "code analysis", + "larastan", + "laravel", + "package", + "php", + "static analysis" + ], + "support": { + "issues": "https://github.com/larastan/larastan/issues", + "source": "https://github.com/larastan/larastan/tree/v2.6.4" + }, + "funding": [ + { + "url": "https://www.paypal.com/paypalme/enunomaduro", + "type": "custom" + }, + { + "url": "https://github.com/canvural", + "type": "github" + }, + { + "url": "https://github.com/nunomaduro", + "type": "github" + }, + { + "url": "https://www.patreon.com/nunomaduro", + "type": "patreon" + } + ], + "time": "2023-07-29T12:13:13+00:00" + }, { "name": "laravel/framework", "version": "v9.52.12", @@ -4298,6 +4547,94 @@ }, "time": "2020-10-15T08:29:30+00:00" }, + { + "name": "phpmyadmin/sql-parser", + "version": "5.9.0", + "source": { + "type": "git", + "url": "https://github.com/phpmyadmin/sql-parser.git", + "reference": "011fa18a4e55591fac6545a821921dd1d61c6984" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpmyadmin/sql-parser/zipball/011fa18a4e55591fac6545a821921dd1d61c6984", + "reference": "011fa18a4e55591fac6545a821921dd1d61c6984", + "shasum": "" + }, + "require": { + "php": "^7.2 || ^8.0", + "symfony/polyfill-mbstring": "^1.3", + "symfony/polyfill-php80": "^1.16" + }, + "conflict": { + "phpmyadmin/motranslator": "<3.0" + }, + "require-dev": { + "phpbench/phpbench": "^1.1", + "phpmyadmin/coding-standard": "^3.0", + "phpmyadmin/motranslator": "^4.0 || ^5.0", + "phpstan/extension-installer": "^1.1", + "phpstan/phpstan": "^1.9.12", + "phpstan/phpstan-phpunit": "^1.3.3", + "phpunit/php-code-coverage": "*", + "phpunit/phpunit": "^7.5 || ^8.5 || ^9.5", + "psalm/plugin-phpunit": "^0.16.1", + "vimeo/psalm": "^4.11", + "zumba/json-serializer": "~3.0.2" + }, + "suggest": { + "ext-mbstring": "For best performance", + "phpmyadmin/motranslator": "Translate messages to your favorite locale" + }, + "bin": [ + "bin/highlight-query", + "bin/lint-query", + "bin/sql-parser", + "bin/tokenize-query" + ], + "type": "library", + "autoload": { + "psr-4": { + "PhpMyAdmin\\SqlParser\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "GPL-2.0-or-later" + ], + "authors": [ + { + "name": "The phpMyAdmin Team", + "email": "developers@phpmyadmin.net", + "homepage": "https://www.phpmyadmin.net/team/" + } + ], + "description": "A validating SQL lexer and parser with a focus on MySQL dialect.", + "homepage": "https://github.com/phpmyadmin/sql-parser", + "keywords": [ + "analysis", + "lexer", + "parser", + "query linter", + "sql", + "sql lexer", + "sql linter", + "sql parser", + "sql syntax highlighter", + "sql tokenizer" + ], + "support": { + "issues": "https://github.com/phpmyadmin/sql-parser/issues", + "source": "https://github.com/phpmyadmin/sql-parser" + }, + "funding": [ + { + "url": "https://www.phpmyadmin.net/donate/", + "type": "other" + } + ], + "time": "2024-01-20T20:34:02+00:00" + }, { "name": "phpoption/phpoption", "version": "1.9.1", @@ -4483,6 +4820,112 @@ ], "time": "2023-07-09T15:24:48+00:00" }, + { + "name": "phpstan/phpstan", + "version": "1.10.67", + "source": { + "type": "git", + "url": "https://github.com/phpstan/phpstan.git", + "reference": "16ddbe776f10da6a95ebd25de7c1dbed397dc493" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/16ddbe776f10da6a95ebd25de7c1dbed397dc493", + "reference": "16ddbe776f10da6a95ebd25de7c1dbed397dc493", + "shasum": "" + }, + "require": { + "php": "^7.2|^8.0" + }, + "conflict": { + "phpstan/phpstan-shim": "*" + }, + "bin": [ + "phpstan", + "phpstan.phar" + ], + "type": "library", + "autoload": { + "files": [ + "bootstrap.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "PHPStan - PHP Static Analysis Tool", + "keywords": [ + "dev", + "static analysis" + ], + "support": { + "docs": "https://phpstan.org/user-guide/getting-started", + "forum": "https://github.com/phpstan/phpstan/discussions", + "issues": "https://github.com/phpstan/phpstan/issues", + "security": "https://github.com/phpstan/phpstan/security/policy", + "source": "https://github.com/phpstan/phpstan-src" + }, + "funding": [ + { + "url": "https://github.com/ondrejmirtes", + "type": "github" + }, + { + "url": "https://github.com/phpstan", + "type": "github" + } + ], + "time": "2024-04-16T07:22:02+00:00" + }, + { + "name": "phpstan/phpstan-deprecation-rules", + "version": "1.1.4", + "source": { + "type": "git", + "url": "https://github.com/phpstan/phpstan-deprecation-rules.git", + "reference": "089d8a8258ed0aeefdc7b68b6c3d25572ebfdbaa" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpstan/phpstan-deprecation-rules/zipball/089d8a8258ed0aeefdc7b68b6c3d25572ebfdbaa", + "reference": "089d8a8258ed0aeefdc7b68b6c3d25572ebfdbaa", + "shasum": "" + }, + "require": { + "php": "^7.2 || ^8.0", + "phpstan/phpstan": "^1.10.3" + }, + "require-dev": { + "php-parallel-lint/php-parallel-lint": "^1.2", + "phpstan/phpstan-php-parser": "^1.1", + "phpstan/phpstan-phpunit": "^1.0", + "phpunit/phpunit": "^9.5" + }, + "type": "phpstan-extension", + "extra": { + "phpstan": { + "includes": [ + "rules.neon" + ] + } + }, + "autoload": { + "psr-4": { + "PHPStan\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "PHPStan rules for detecting usage of deprecated classes, methods, properties, constants and traits.", + "support": { + "issues": "https://github.com/phpstan/phpstan-deprecation-rules/issues", + "source": "https://github.com/phpstan/phpstan-deprecation-rules/tree/1.1.4" + }, + "time": "2023-08-05T09:02:04+00:00" + }, { "name": "psr/cache", "version": "3.0.0", diff --git a/config/enlightn.php b/config/enlightn.php new file mode 100644 index 0000000..7ea3bcb --- /dev/null +++ b/config/enlightn.php @@ -0,0 +1,186 @@ + ['*'], + + // If you wish to skip running some analyzers, list the classes in the array below. + 'exclude_analyzers' => [], + + // If you wish to skip running some analyzers in CI mode, list the classes below. + 'ci_mode_exclude_analyzers' => [], + + /* + |-------------------------------------------------------------------------- + | Enlightn Analyzer Paths + |-------------------------------------------------------------------------- + | + | The following array lists the "analyzer" paths that will be searched + | recursively to find analyzer classes. This option will only be used + | if the analyzers option above is set to the asterisk wildcard. The + | key is the base namespace to resolve the class name. + | + */ + 'analyzer_paths' => [ + 'Enlightn\\Enlightn\\Analyzers' => base_path('vendor/enlightn/enlightn/src/Analyzers'), + 'Enlightn\\EnlightnPro\\Analyzers' => base_path('vendor/enlightn/enlightnpro/src/Analyzers'), + ], + + /* + |-------------------------------------------------------------------------- + | Enlightn Base Path + |-------------------------------------------------------------------------- + | + | The following array lists the directories that will be scanned for + | application specific code. By default, we are scanning your app + | folder, migrations folder and the seeders folder. + | + */ + 'base_path' => [ + app_path(), + database_path('migrations'), + database_path('seeders'), + ], + + /* + |-------------------------------------------------------------------------- + | Environment Specific Analyzers + |-------------------------------------------------------------------------- + | + | There are some analyzers that are meant to be run for specific environments. + | The options below specify whether we should skip environment specific + | analyzers if the environment does not match. + | + */ + 'skip_env_specific' => env('ENLIGHTN_SKIP_ENVIRONMENT_SPECIFIC', false), + + /* + |-------------------------------------------------------------------------- + | Guest URL + |-------------------------------------------------------------------------- + | + | Specify any guest url or path (preferably your app's login url) here. This + | would be used by Enlightn to inspect your application HTTP headers. + | Example: '/login'. + | + */ + 'guest_url' => null, + + /* + |-------------------------------------------------------------------------- + | Exclusions From Reporting + |-------------------------------------------------------------------------- + | + | Specify the analyzer classes that you wish to exclude from reporting. This + | means that if any of these analyzers fail, they will not be counted + | towards the exit status of the Enlightn command. This is useful + | if you wish to run the command in your CI/CD pipeline. + | Example: [\Enlightn\Enlightn\Analyzers\Security\XSSAnalyzer::class]. + | + */ + 'dont_report' => [], + + /* + |-------------------------------------------------------------------------- + | Ignoring Errors + |-------------------------------------------------------------------------- + | + | Use this config option to ignore specific errors. The key of this array + | would be the analyzer class and the value would be an associative + | array with path and details. Run php artisan enlightn:baseline + | to auto-generate this. Patterns are supported in details. + | + */ + 'ignore_errors' => [], + + /* + |-------------------------------------------------------------------------- + | Analyzer Configurations + |-------------------------------------------------------------------------- + | + | The following configuration options pertain to individual analyzers. + | These are recommended options but feel free to customize them based + | on your application needs. + | + */ + 'license_whitelist' => [ + 'Apache-2.0', 'Apache2', 'BSD-2-Clause', 'BSD-3-Clause', 'LGPL-2.1-only', 'LGPL-2.1', + 'LGPL-2.1-or-later', 'LGPL-3.0', 'LGPL-3.0-only', 'LGPL-3.0-or-later', 'MIT', 'ISC', + 'CC0-1.0', 'Unlicense', 'WTFPL', + ], + + /* + |-------------------------------------------------------------------------- + | Credentials + |-------------------------------------------------------------------------- + | + | The following credentials are used to share your Enlightn report with + | the Enlightn Github Bot. This allows the bot to compile the report + | and add review comments on your pull requests. + | + */ + 'credentials' => [ + 'username' => env('ENLIGHTN_USERNAME'), + 'api_token' => env('ENLIGHTN_API_TOKEN'), + ], + + // Set this value to your Github repo for integrating with the Enlightn Github Bot + // Format: "myorg/myrepo" like "laravel/framework". + 'github_repo' => env('ENLIGHTN_GITHUB_REPO'), + + // Set to true to restrict the max number of files displayed in the enlightn + // command for each check. Set to false to display all files. + 'compact_lines' => true, + + // List your commercial packages (licensed by you) below, so that they are not + // flagged by the License Analyzer. + 'commercial_packages' => [ + 'enlightn/enlightnpro', + ], + + 'allowed_permissions' => [ + base_path() => '775', + app_path() => '775', + resource_path() => '775', + storage_path() => '775', + public_path() => '775', + config_path() => '775', + database_path() => '775', + base_path('routes') => '775', + app()->bootstrapPath() => '775', + app()->bootstrapPath('cache') => '775', + app()->bootstrapPath('app.php') => '664', + base_path('artisan') => '775', + public_path('index.php') => '664', + public_path('server.php') => '664', + ], + + 'writable_directories' => [ + storage_path(), + app()->bootstrapPath('cache'), + ], + + /* + |-------------------------------------------------------------------------- + | PHPStan Runtime configurations + |-------------------------------------------------------------------------- + | + | This setting allows us to pass through memory limits from artisan to phpstan. + | using `php -d memory_limit=1G artisan enlightn`. + */ + 'phpstan' => [ + '--error-format' => 'json', + '--no-progress' => true, + '--memory-limit' => ini_get('memory_limit'), + ], +]; diff --git a/config/hashing.php b/config/hashing.php index bcd3be4..ae44a3e 100644 --- a/config/hashing.php +++ b/config/hashing.php @@ -29,7 +29,7 @@ */ 'bcrypt' => [ - 'rounds' => env('BCRYPT_ROUNDS', 10), + 'rounds' => env('BCRYPT_ROUNDS', 12), ], /* diff --git a/config/l5-swagger.php b/config/l5-swagger.php index 63b0afb..4edecb6 100644 --- a/config/l5-swagger.php +++ b/config/l5-swagger.php @@ -18,7 +18,7 @@ \Illuminate\Routing\Middleware\SubstituteBindings::class, \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class, 'auth', - 'title' => 'Modern api integration', + 'title' => env('APP_NAME').' Api integration', ], 'routes' => [ diff --git a/database/seeders/ConfigSeeder.php b/database/seeders/ConfigSeeder.php index 6607f37..0f13aa6 100644 --- a/database/seeders/ConfigSeeder.php +++ b/database/seeders/ConfigSeeder.php @@ -84,7 +84,7 @@ public function _defaultSettings() ['code' => 'enable_sms_notifications', 'label' => 'SMS Notification Enable', 'value' => config('general.enable_sms_notifications')], ['code' => 'price_with_tax', 'label' => 'Price With Tax', 'value' => true], ['code' => 'deep_link_url', 'label' => 'Deep link url', 'value' => parse_url(config('app.url'), PHP_URL_HOST)], - ['code' => 'website_title', 'label' => 'Display app name', 'value' => 'logo'], // logo/name/name_and_logo + ['code' => 'website_title', 'label' => 'Display app name', 'value' => 'name'], // logo/name/name_and_logo ]; } diff --git a/resources/views/layouts/app.blade.php b/resources/views/layouts/app.blade.php index 1192f6d..8da6850 100644 --- a/resources/views/layouts/app.blade.php +++ b/resources/views/layouts/app.blade.php @@ -3,6 +3,7 @@ +