Captcha checks

app/Broadcasting/SaveChannel.php

@@ -0,0 +1,29 @@
+<?php
+namespace App\Broadcasting;
+use App\Http\Resources\SimplestUserResource;
+use App\Models\Save;
+use App\Models\User;
+
+class SaveChannel
+{
+    /**
+     * Authenticate the user's access to the channel.
+     *
+     * @param User $user
+     * @param Save $save
+     * @return SimplestUserResource | bool
+     */
+    public function join(User $user, Save $save): SimplestUserResource | bool
+    {
+        if (
+            $save &&
+            (
+                $save->isContributor($user) ||
+                $save->owner->is($user)
+            )
+        ) {
+            return new SimplestUserResource($user);
+        }
+        return false;
+    }
+}

app/Console/Commands/PurgeDeletedSaves.php

@@ -0,0 +1,67 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Save;
+use App\Models\User;
+use Carbon\Carbon;
+use Illuminate\Console\Command;
+
+/**
+ * Kommando, welcher alle Gelöschten Speicherstände löschen, welche zu alt sind.
+ *
+ * Um festzulegen, nach welcher Zeit die User gelöscht werden sollen, muss die methode PurgeDeletedSaves::savesPurgeBefore
+ *
+ * @see PurgeDeletedSaves::savesPurgeBefore()
+ */
+class PurgeDeletedSaves extends Command
+{
+    /**
+     * Name des Kommandos.
+     *
+     * @var string
+     */
+    protected $signature = 'purge:saves';
+
+    /**
+     * Beschreibung des Kommandos
+     *
+     * @var string
+     */
+    protected $description = 'Does delete all save database entries, which are deleted and passed a speciefed time period';
+
+    /**
+     * Setzt Zeitpunkt fest vor den gelöschte Speicherstände vollständig gelöscht werden.
+     *
+     * @var Carbon
+     */
+    public static $purgedBefore;
+
+    /**
+     * Alle gelöschten Speicherstände, welche vor dem übergebenen Datum ihr Löschdatum hatten, werden gelöscht
+     * @param Carbon $date Muss in der vergangenheit liegen
+     */
+    public static function savesPurgeBefore(Carbon $date)
+    {
+        if($date->isPast())
+            static::$purgedBefore = $date;
+    }
+
+    /**
+     * Gibt den Wert von $purgedBefore oder den Zeitpunkt vor einem Monat zurück
+     * @see $purgedBefore
+     * @return Carbon
+     */
+    public static function getUserPurgedBeforeTime(){
+        return static::$purgedBefore?:Carbon::now()->subMonth();
+    }
+
+    /**
+     * Führt das Kommando aus
+     */
+    public function handle()
+    {
+        $count = Save::withTrashed()->where('deleted_at', '<', static::getUserPurgedBeforeTime())->forceDelete();
+        $this->output->success("Deleted " . $count . " rows!");
+    }
+}

app/Console/Kernel.php

@@ -26,6 +26,7 @@ protected function schedule(Schedule $schedule)
     {
         $schedule->command('purge:deleted')->weekly();
         $schedule->command('purge:anonymous')->weekly();
+        $schedule->command("purge:saves")->weekly();
         $schedule->command('passport:purge')->monthly();
         $schedule->command('notify:userCount')->daily();
     }

app/Events/LiveSaveUpdate.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Events;
+
+use App\Http\Resources\SimplerSaveResource;
+use App\Http\Resources\SimplestUserResource;
+use App\Models\Save;
+use App\Models\User;
+use Illuminate\Broadcasting\Channel;
+use Illuminate\Broadcasting\InteractsWithSockets;
+use Illuminate\Broadcasting\PresenceChannel;
+use Illuminate\Contracts\Broadcasting\ShouldBroadcastNow;
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+use JetBrains\PhpStorm\ArrayShape;
+
+class LiveSaveUpdate implements ShouldBroadcastNow
+{
+    use Dispatchable, InteractsWithSockets, SerializesModels;
+
+    public User $user;
+
+    public Save $save;
+
+    public string $patches;
+
+    /**
+     * Create a new event instance.
+     *
+     * @return void
+     */
+    public function __construct($user, $save, $patches)
+    {
+        $this->user = $user;
+        $this->save = $save;
+        $this->patches = $patches;
+    }
+
+    /**
+     * Get the data to broadcast.
+     *
+     * @return array
+     */
+    #[ArrayShape(["patches" => "string", "save" => "array", "sender" => "array"])] public function broadcastWith(): array
+    {
+        return [
+            "patches" => $this->patches,
+            "save" => SimplerSaveResource::make($this->save)->resolve(),
+            "sender" => SimplestUserResource::make($this->user)->resolve()
+        ];
+    }
+
+    /**
+     * Get the channels the event should broadcast on.
+     *
+     * @return Channel|PresenceChannel|array
+     */
+    public function broadcastOn(): Channel|PresenceChannel|array
+    {
+        return new PresenceChannel("savechannel.".$this->save->id);
+    }
+}

app/Http/Controllers/EmailController.php

@@ -4,6 +4,7 @@
 
 use App\Models\EmailVerification;
 use Carbon\Carbon;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Symfony\Component\HttpFoundation\Response as ResponseAlias;
@@ -17,18 +18,18 @@ class EmailController extends Controller
     /**
      * Übernimmt die E-Mail aus der EmailVerification-Tabelle in die User-Tabelle
      * @param string $token token des E-Mail verifikation Prozesses
-     * @return Response Code 200 bei erfolgreicher Übernahme
+     * @return JsonResponse Code 200 bei erfolgreicher Übernahme
      */
-    function verify(string $token): Response
+    function verify(string $token): JsonResponse
     {
-
         $email_verification = EmailVerification::whereToken($token)->firstOrFail();
         $user = $email_verification->user;
         $user->email_verified_at = Carbon::now();
         $user->email = $email_verification->email;
         $user->save();
 
-
-        return response()->noContent(ResponseAlias::HTTP_OK);
+        return response()->json([
+            "email" => $email_verification->email
+        ], Response::HTTP_OK);
     }
 }

app/Http/Controllers/SaveController.php

@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Events\LiveSaveUpdate;
 use App\Http\Resources\SaveResource;
 use App\Http\Resources\SimpleSaveResource;
 use App\Models\Save;
@@ -43,12 +44,11 @@ public function index(): AnonymousResourceCollection
      */
     public function store(Request $request): JsonResponse
     {
-
         $this->authorize("create", Save::class);
 
         $validate = $request->validate([
-            "name" => "required|string",
-            "description" => "string",
+            "name" => "required|string|max:255",
+            "description" => "string|max:300",
             "data" => "nullable|json",
             "tool_id" => "required|exists:tools,id"
         ]);
@@ -86,6 +86,22 @@ public function show(Request $request, Save $save): SaveResource
         return new SaveResource($save);
     }
 
+    /**
+     * @throws AuthorizationException
+     */
+    public function broadcastPatches(Request $request, Save $save): Response
+    {
+        $this->authorize("broadcast", $save);
+        $validate = $request->validate([
+            "data" => "required|string",
+        ]);
+        $patches = $validate["data"];
+
+        broadcast(new LiveSaveUpdate($request->user(), $save, $patches))->toOthers();
+
+        return response()->noContent(Response::HTTP_OK);
+    }
+
     /** Aktualisiert den ausgewählten Speicherstand mit den übergebenen Daten
      *
      *  Response-Codes:
@@ -126,8 +142,8 @@ public function update(Request $request, Save $save): Response
         } else {
             $validated = $request->validate([
                 "data" => "nullable|json",
-                "name" => "string",
-                "description" => "string",
+                "name" => "string|max:255",
+                "description" => "string|max:300",
                 "lock" => "prohibited"
             ]);
 

app/Http/Controllers/UserController.php

@@ -28,14 +28,12 @@
  */
 class UserController extends Controller
 {
-
     /**
      * Das regex, welches Benutzt wird um sicherzustellen, dass das User Password valide ist
      * @var string
      */
     public static $passwordRegex = "/^(?=.*[a-zäöüß])(?=.*[A-ZÄÖÜ])(?=.*\d)(?=.*[$&§+,:;=?@#|'<>.^*()%!_-])[A-Za-zäöüßÄÖÜ\d$&§+,:;=?@#|'<>.^*()%!_-].+$/";
 
-
     /**
      * Zeigt alle User an
      * @return AnonymousResourceCollection Alle User als ResourceCollection
@@ -153,6 +151,35 @@ public function update(Request $request, User $user, EmailService $emailService,
         return response()->noContent(Response::HTTP_OK);
     }
 
+    /**
+     * Portiert einen anonymen Benutzer in einen vollwertigen Benutzer
+     *
+     * @param Request $request
+     * @param EmailService $emailService
+     * @param UserService $userService
+     * @return Response
+     * @throws AuthorizationException
+     * @throws ValidationException
+     */
+    public function portAnonymousUser(Request $request, EmailService $emailService, UserService $userService)
+    {
+        $user = \Auth::user();
+        $this->authorize("anonport", $user);
+
+        $validated = Validator::validate($request->all(), [
+            "email" => ["email", "unique:users,email"],
+            "username" => ["string", "unique:users"],
+            "password" => ["string", "min:8", "max:120", "regex:" . UserController::$passwordRegex]
+        ], [
+            "password.regex" => __("passwords.invalid_regex")
+        ]);
+
+        $user->anonymous = false;
+        $userService->updateUser($user, $validated, $emailService);
+
+        return response()->noContent(Response::HTTP_OK);
+    }
+
     /** Löscht den ausgewählten User
      * @param User $user Den in der Url definierten User
      * @return Response Code 200, wenn das Löschen erfolgreich war

app/Http/Controllers/UserSavesController.php

@@ -37,6 +37,7 @@ public function index(Request $request, User $user)
             "tool_id" => ["integer", "exists:tools,id"],
             "name" => ["string"],
             "description" => ["string"],
+            "deleted" => ["sometimes", "boolean"],
             "search_both" => ["boolean"]
         ]);
 
@@ -51,7 +52,9 @@ public function index(Request $request, User $user)
             if (key_exists("tool_id", $validated)) {
                 $query->where("tool_id", $validated["tool_id"]);
             }
-
+            if (!key_exists("deleted", $validated)) {
+                $query->where("deleted_at", null);
+            }
             if (key_exists("name", $validated)) {
                 $query->where("name", "Like", "%" . $validated["name"] . "%");
             }

app/Http/Controllers/UserSettingController.php

@@ -23,7 +23,7 @@ public function index(User $user): AnonymousResourceCollection
     public function store(Request $request, User $user): Response
     {
 
-        $this->authorize("create",[UserSetting::class,$user]);
+        $this->authorize("create", [UserSetting::class, $user]);
 
         $validated = $request->validate([
             "setting" => ["required","exists:settings,id"],
@@ -39,22 +39,23 @@ public function store(Request $request, User $user): Response
 
     public function show(User $user, Setting $setting): UserSettingResource
     {
-        $m = $user->settings($setting->id)->firstOrFail();
-        $this->authorize("view",$m);
-        return new UserSettingResource($m);
+        $userSetting = $user->getUserSetting($setting->id);
+        $this->authorize("view", [UserSetting::class, $userSetting]);
+        return new UserSettingResource($userSetting);
     }
 
     public function update(Request $request, User $user, Setting $setting)
     {
+        $userSetting = $user->getUserSetting($setting->id);
 
+         $this->authorize("update", [UserSetting::class, $userSetting]);
 
-        $m = $user->getSetting($setting->id)->firstOrFail();
-        $this->authorize("update",$m);
         $validated = $request->validate([
             "value" => ["json"]
         ]);
-        $m->fill($validated);
-        $m->save();
+        $userSetting->fill($validated);
+        $userSetting->save();
+
         return \response()->noContent(Response::HTTP_OK);
     }
 

app/Models/Setting.php

@@ -30,11 +30,13 @@
  */
 class Setting extends Model
 {
-    use HasFactory,Limitable;
-
+    use HasFactory, Limitable;
 
     public $timestamps = false;
 
+    protected $fillable = [
+
+    ];
 
     public function users(): \Illuminate\Database\Eloquent\Relations\BelongsToMany
     {

app/Models/User.php

@@ -223,9 +223,9 @@ public function settings($setting_id = -1): BelongsToMany
         return $q;
     }
 
-    public function getSetting($setting_id)
+    public function getUserSetting(int $setting_id): \Illuminate\Database\Eloquent\Model|HasMany
     {
-        return $this->hasMany(UserSetting::class);
+        return $this->hasMany(UserSetting::class)->where("setting_id", "=", $setting_id)->firstOrFail();
     }