Pre-Release Audit for v1.1.2 (PRs #1275–#1299) - AUDIT V1#1303
Closed
simbabimba-dev wants to merge 38 commits into
Closed
Pre-Release Audit for v1.1.2 (PRs #1275–#1299) - AUDIT V1#1303simbabimba-dev wants to merge 38 commits into
simbabimba-dev wants to merge 38 commits into
Conversation
… logging + restore docblocks
…pareForDatabase on db value
…ursive generation of codes
simbabimba-dev
requested review from
1day2die,
AGuyNamedJens,
Ferks-FK and
Copilot
and removed request for
Copilot
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request consolidates 7 months of development work spanning PRs #1275-#1299 into a pre-release audit for v1.1.2. The changes address critical bugs, improve system stability, and enhance auditability across server management, user administration, and billing systems.
Changes:
- Implemented cache-based locking to prevent duplicate server creation requests with improved race condition handling
- Enhanced activity logging with API metadata tracking (memo, reason) for server/user moderation actions via API endpoints
- Fixed mass notification system to continue sending emails when individual failures occur, preventing complete failure cascades
- Improved referral tracking to preserve deleted user information for admin audit trails and abuse detection
- Fixed dashboard cache invalidation after server creation/deletion to prevent stale credit display
- Corrected credit initialization for new users by removing double conversion (already stored as integer)
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| app/Traits/Referral.php | Fixed recursive call bug (was calling wrong method name) |
| app/Models/User.php | Added comprehensive activity log metadata for API actions, reason tracking, and credit formatting |
| app/Models/Server.php | Added activity log metadata capture for API-driven suspend/unsuspend/delete actions |
| app/Http/Middleware/ApiAuthToken.php | Attached API token memo to request for activity log context |
| app/Http/Controllers/ServerController.php | Implemented cache lock for duplicate prevention, added cache invalidation after credit changes |
| app/Http/Controllers/Auth/RegisterController.php | Fixed credit initialization to use raw integer instead of double-converted value |
| app/Http/Controllers/Api/UserController.php | Removed manual activity logging (now handled by model), added reason validation |
| app/Http/Controllers/Api/ServerController.php | Removed manual activity logging (now handled by model), added reason validation |
| app/Http/Controllers/Admin/UserController.php | Enhanced referral display to show deleted users, fixed mass notification error handling |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…er retrieval with trashed records in User model; set default value for max uses per user in coupon forms
…entries and ensure proper usage tracking
…flow with credit handling and remote verification
…mum credit w.r.t each product, default set to price
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Updated the installation instructions link in the README.
docs: refactor Old documentation links
This was
linked to
issues
Feb 3, 2026
…te, and update price input formatting
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…mum credits instead of global refactor: remove global setting for minimum credit and use local minimum credits instead of global
simbabimba-dev
added a commit
to simbabimba-dev/cpgg
that referenced
this pull request
Feb 9, 2026
Merged dev-bugfixes-pre1.1.2 into development with full integration of Ferks' service architecture and simbabimba's atomic safety improvements. ## FERKS' ARCHITECTURE (Preserved & Integrated) ✅ ServerCreationService - Unified provisioning logic ✅ ServerCreatedEvent → AssociateDiscordRoles pattern ✅ NotificationService with sendToUsers/sendToAll ✅ API FormRequest validation + Resource responses ✅ ProcessReferralAction extraction ## SAFETY IMPROVEMENTS (Applied Everywhere) ✅ Atomic credit reservation BEFORE Pterodactyl API calls (race-safe) ✅ Credit refund on provisioning failure ✅ ReconcileServerCreationJob for orphaned servers ✅ Cache invalidation (user_credits_left) ## ARCHITECTURAL CHANGES ✅ Per-product minimum_credits (removed global min_credits_to_make_server) ✅ Per-coupon max_uses_per_user (removed global setting) ✅ Race-safe coupon pivot updates with unique constraint ✅ CurrencyHelper intl fallback (handles missing PHP extension) ✅ API activity logging (reason/memo via tapActivity) ✅ Efficient referral queries (handles deleted users) ## INTEGRATION POINTS Both API and Web controllers now: - Use ServerCreationService for provisioning - Reserve credits atomically BEFORE provisioning - Fire ServerCreatedEvent on success (Ferks' pattern) - Refund credits on failure with proper logging ## FILES MODIFIED Controllers: - app/Http/Controllers/Api/ServerController.php (atomic + service) - app/Http/Controllers/ServerController.php (refactored to use service) - app/Http/Controllers/Admin/CouponController.php (per-coupon limits) - app/Http/Controllers/Admin/ProductController.php (per-product min) - app/Http/Controllers/Admin/UserController.php (referral efficiency) Services: - app/Services/ServerCreationService.php (per-product minimum_credits) Models: - app/Models/Coupon.php (per-coupon max_uses_per_user) - app/Models/Product.php (minimum_credits attribute) - app/Models/User.php (tapActivity for API tracking) - app/Models/Server.php (tapActivity) Settings: - app/Settings/UserSettings.php (removed min_credits cast) - app/Settings/CouponSettings.php (removed max_uses_per_user) Listeners/Jobs: - app/Listeners/CouponUsed.php (race-safe pivot updates) - app/Listeners/UnsuspendServers.php (race-safe local tracker) - app/Jobs/HandlePostServerCreationJob.php (fires ServerCreatedEvent) - app/Jobs/ReconcileServerCreationJob.php (NEW - orphan cleanup) Helpers: - app/Helpers/CurrencyHelper.php (intl fallback + caching) - app/Classes/PterodactylClient.php (findServerByExternalId) ## MIGRATIONS - 2026_01_30_102816_add_uses_to_user_coupons.php - 2026_01_30_102817_add_max_uses_per_user_to_coupons.php - 2026_02_02_135629_add_unique_constraint_to_user_coupons.php - 2026_02_02_175351_migrate_product_minimum_credits_values.php Settings migrations: - 2026_01_30_103325_remove_coupon_max_uses_per_user.php - 2026_02_02_182405_remove_min_credits_setting.php ## BREAKING CHANGES⚠️ UserSettings::min_credits_to_make_server REMOVED (use Product->minimum_credits)⚠️ CouponSettings::max_uses_per_user REMOVED (use Coupon->max_uses_per_user)⚠️ Credits now deducted BEFORE Pterodactyl API (safer, prevents orphans) ## TESTING NOTES All critical paths verified: ✅ Atomic credit logic in API and Web ✅ ServerCreatedEvent fires in both paths ✅ ServerCreationService used by both controllers ✅ No references to removed global settings ✅ Per-product/coupon settings working ✅ Event listeners properly registered Co-authored-by: Ferks <ferks@example.com> Co-authored-by: simbabimba-dev <simbabimba@example.com>
Collaborator
Author
|
Closing PR for now, will reopen when Ferks is done with #1309 |
simbabimba-dev
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Full-Sweep Audit — PRs #1275–#1299 - AUDIT V1
Purpose:
This document tracks the review, testing, and verification of all merged pull requests from #1275 to #1299. These PRs span roughly 7 months of development and are being consolidated into a single release (v1.1.2) due to the high number of bugs and regressions affecting older versions.
Context:
Because these changes were merged over a long period and not released incrementally, the actual impact of each PR is not fully known. Every change must therefore be discovered, tested, and verified before release. This audit serves as a structured checklist to ensure stability, correctness, and compatibility before shipping.
Outcome:
Only after all items are reviewed and confirmed should this batch be released as v1.1.2.
Quick Links (PR → Author)
Files to Inspect (by area)
app/Http/Controllers/ServerController.phpapp/Http/Controllers/ServerController.php(post-create/delete handlers)app/Http/Controllers/Admin/UserController.phpapp/Http/Controllers/Api/ServerController.php,app/Http/Controllers/Api/UserController.phpapp/Http/Controllers/Admin/UserController.php,app/Traits/Referral.phpthemes/default/views/admin/products/create.blade.php,themes/default/views/admin/products/edit.blade.phpapp/Http/Controllers/ServerController.php(upgrade options method)themes/default/views/admin/tickets/index.blade.phpapp/Console/Kernel.php,app/Console/Commands,app/Notificationsroutes/web.phpapp/Helpers/CurrencyHelper.php,app/Settings/GeneralSettings.php,database/settingsapp/Http/Controllers/Admin/ProductController.php,app/Http/Controllers/Admin/CouponController.php,app/Modelslang/ru.json,lang/uk.json, other locale JSONsRisk Map (What Can Still Bite)
user_credits_left:*invalidation are critical; race conditions may create duplicate servers or stale dashboards.