Skip to content

Pre-Release Audit for v1.1.2 (PRs #1275–#1299) - AUDIT V1 #1303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
simbabimba-dev wants to merge 38 commits into from
Closed

Pre-Release Audit for v1.1.2 (PRs #1275–#1299) - AUDIT V1 #1303

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
5eb7b59
bugfix: reinstate dash cache invalidation fixes and use better cachelock
simbabimba-dev Jan 28, 2026
fa009de
bugfix: reinstate referral abuse trace mechanism
simbabimba-dev Jan 28, 2026
aceb209
feat: remove manual logging and let tapActivity handle api mod reason…
simbabimba-dev Jan 28, 2026
6ebfc73
bugfix: remove manual logging, handover to tapactivity, restore dockb…
simbabimba-dev Jan 28, 2026
017d1fc
bugfix: fix initial creds being 1000x the db value due reapplying pre…
simbabimba-dev Jan 28, 2026
a497f08
feat: let tapactivity do the api mod reason logging
simbabimba-dev Jan 28, 2026
569b35b
bugfix: fix referral return pointing to unknown method instead of rec…
simbabimba-dev Jan 28, 2026
0ecafdd
fix: make sure cache lock is always released
simbabimba-dev Jan 28, 2026
661c384
bugfix: ensure credits are always formatted as strings in activity logs
simbabimba-dev Jan 28, 2026
839b22d
bugfix: simplify 'Via' attribute assignment for web requests in Serve…
simbabimba-dev Jan 28, 2026
3742890
bugfix: change referral ID from 'N/A' to null for better data handling
simbabimba-dev Jan 28, 2026
eeb2530
bugfix: remove unnecessary local variable assignment for reason in se…
simbabimba-dev Jan 28, 2026
7f6a3fe
bugfix: optimize referral retrieval and deletion logic in UserControl…
simbabimba-dev Jan 29, 2026
ccbeefa
fix: better coupon handling and use max uses per user limit locally
simbabimba-dev Jan 30, 2026
8d75875
bugfix: correct handling of minimum credits for server unsuspension t…
simbabimba-dev Jan 30, 2026
e451422
bugfix: enhance locale handling and formatting in CurrencyHelper; fix…
simbabimba-dev Jan 30, 2026
49aca6e
bugfix: implement atomic credit deduction and post-creation job for s…
simbabimba-dev Jan 30, 2026
9a74a66
bugfix: optimize coupon usage increment logic to handle race conditio…
simbabimba-dev Jan 31, 2026
515e753
bugfix: enhance locale-aware formatting in CurrencyHelper; improve us…
simbabimba-dev Jan 31, 2026
d4a0f19
bugfix: add unique constraint to user_coupons; consolidate duplicate …
simbabimba-dev Feb 2, 2026
788e29c
bugfix: implement server reconciliation job; enhance server creation …
simbabimba-dev Feb 2, 2026
19f02eb
refactor: remove global setting for minimum credit and use local mini…
simbabimba-dev Feb 2, 2026
673d9ab
fix users being debited 2x
simbabimba-dev Feb 2, 2026
179c84e
docs: refactor Old documentation links
simbabimba-dev Feb 3, 2026
e648f68
Update README.md
simbabimba-dev Feb 3, 2026
e654807
Fix installation instructions link in README
simbabimba-dev Feb 3, 2026
de3ccf6
Merge pull request #9 from LakshmiBhaskarPVL/old-doc-links
simbabimba-dev Feb 3, 2026
a5d295e
create minimum credits old column and let admins be able to revert mi…
simbabimba-dev Feb 3, 2026
7bdd64c
refactor: fix activity log deletion query in RegisterController (issu…
simbabimba-dev Feb 3, 2026
bcfcd21
refactor: replace DB statements with schema facade
simbabimba-dev Feb 4, 2026
7f0ffc8
fix: required variables swal2 modal having random html in it
simbabimba-dev Feb 4, 2026
5d691a9
refactor: update minimum credits logic to handle default value case
simbabimba-dev Feb 4, 2026
cb9ac75
fix the incorrect formatting for required var model made by laravel b…
simbabimba-dev Feb 4, 2026
0475dad
refactor: update product credit checks to use effective minimum credits
simbabimba-dev Feb 4, 2026
5b84649
refactor: actually update local usercredits tracker alongside db upda…
simbabimba-dev Feb 4, 2026
cd92506
Update app/Models/Product.php
simbabimba-dev Feb 4, 2026
3504834
refactor: remove global setting for minimum credit and use local mini…
simbabimba-dev Feb 5, 2026
23fb69b
Merge development into PR branch with our changes preserved
simbabimba-dev Feb 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 43 additions & 6 deletions app/Http/Controllers/Admin/UserController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,13 +86,50 @@ public function show(User $user, LocaleSettings $locale_settings, GeneralSetting
$this->checkPermission(self::READ_PERMISSION);

//QUERY ALL REFERRALS A USER HAS
//i am not proud of this at all.
$referralRecords = DB::table('user_referrals')->where('referral_id', '=', $user->id)->get();
$allReferrals = [];
$referrals = DB::table('user_referrals')->where('referral_id', '=', $user->id)->get();
foreach ($referrals as $referral) {
array_push($allReferrals, $allReferrals['id'] = User::query()->findOrFail($referral->registered_user_id));

foreach ($referralRecords as $referral) {
$deleted = $referral->deleted_at !== null;

if ($deleted) {
$deletedId = $referral->deleted_user_id;
$name = $referral->deleted_username ? $referral->deleted_username . ' (deleted)' : 'Deleted User';

$allReferrals[] = (object)[
'id' => $deletedId,
'name' => $name,
'created_at' => \Carbon\Carbon::parse($referral->created_at),
'deleted' => true,
];
} else {
$userObj = User::query()->find($referral->registered_user_id);
if ($userObj) {
$allReferrals[] = (object)[
'id' => $userObj->id,
'name' => $userObj->name,
'created_at' => $userObj->created_at,
'deleted' => false,
];
} else {
if ($referral->deleted_user_id) {
$allReferrals[] = (object)[
'id' => $referral->deleted_user_id,
'name' => ($referral->deleted_username ? $referral->deleted_username . ' (deleted)' : 'Deleted User'),
'created_at' => \Carbon\Carbon::parse($referral->created_at),
'deleted' => true,
];
} else {
$allReferrals[] = (object)[
'id' => null,
'name' => 'Unknown (deleted)',
'created_at' => \Carbon\Carbon::parse($referral->created_at),
'deleted' => true,
];
}
}
}
Comment thread
simbabimba-dev marked this conversation as resolved.
}
array_pop($allReferrals);

return view('admin.users.show')->with([
'user' => $user,
Expand Down Expand Up @@ -385,7 +422,7 @@ public function notify(Request $request)
try {
$user->notify(new DynamicNotification($data['via'], $database, $mail));
$successCount++;
} catch (\Throwable $e)
} catch (\Throwable $e) {
Log::error('Mass notification error for user ' . $user->id . ': ' . $e->getMessage());
}
}
Expand Down
56 changes: 33 additions & 23 deletions app/Http/Controllers/Api/ServerController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@ class ServerController extends Controller

public const ALLOWED_FILTERS = ['name', 'suspended', 'identifier', 'pterodactyl_id', 'user_id', 'product_id'];

/**
* Display a listing of the resource.
*
* @param Request $request
* @return LengthAwarePaginator
*/
public function index(Request $request)
{
$query = QueryBuilder::for(Server::class)
Expand All @@ -27,6 +33,12 @@ public function index(Request $request)
return $query->paginate($request->input('per_page') ?? 50);
}

/**
* Display the specified resource.
*
* @param Server $server
* @return Server|Collection|Model
*/
public function show(Server $server)
{
$query = QueryBuilder::for(Server::class)
Expand All @@ -38,71 +50,69 @@ public function show(Server $server)

/**
* Remove the specified resource from storage.
*
* @param Request $request
* @param Server $server
* @return Server
*/
public function destroy(Request $request, Server $server)
{
$request->validate([
'reason' => 'sometimes|string|max:320',
]);

$reason = $request->input('reason');

$logMessage = "The server with ID: " . $server->id . " was deleted via API";

if ($reason) {
$logMessage .= ". Reason: " . e($reason);
}

activity()->performedOn($server)->log($logMessage);
// Reason is captured by the model's activity log (tapActivity) — no local use required here.

$server->delete();

return $server;
}

/**
* suspend server
*
* @param Request $request
* @param Server $server
* @return Server|JsonResponse
*/
public function suspend(Request $request, Server $server)
{
$request->validate([
'reason' => 'sometimes|string|max:320',
]);

$reason = $request->input('reason');
// Reason is captured by the model's activity log (tapActivity) — no local use required here.

try {
$server->suspend();
} catch (Exception $exception) {
return response()->json(['message' => $exception->getMessage()], 500);
}

$logMessage = "The server with ID: " . $server->id . " was suspended via API";
if ($reason) {
$logMessage .= ". Reason: " . e($reason);
}
activity()->performedOn($server)->log($logMessage);

return $server->load('product');
}

/**
* unsuspend server
*
* @param Request $request
* @param Server $server
* @return Server|JsonResponse
*/
public function unSuspend(Request $request, Server $server)
{
$request->validate([
'reason' => 'sometimes|string|max:320',
]);

$reason = $request->input('reason');
// Reason is captured by the model's activity log (tapActivity) — no local use required here.

try {
$server->unSuspend();
} catch (Exception $exception) {
return response()->json(['message' => $exception->getMessage()], 500);
}

$logMessage = "The server with ID: " . $server->id . " was unsuspended via API";
if ($reason) {
$logMessage .= ". Reason: " . e($reason);
}
activity()->performedOn($server)->log($logMessage);

return $server->load('product');
}
}
59 changes: 34 additions & 25 deletions app/Http/Controllers/Api/UserController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,12 @@ public function update(Request $request, int $id)

/**
* increments the users credits or/and server_limit
*
* @param Request $request
* @param int $id
* @return User
*
* @throws ValidationException
*/
public function increment(Request $request, int $id)
{
Expand Down Expand Up @@ -158,6 +164,12 @@ public function increment(Request $request, int $id)

/**
* decrements the users credits or/and server_limit
*
* @param Request $request
* @param int $id
* @return User
*
* @throws ValidationException
*/
public function decrement(Request $request, int $id)
{
Expand Down Expand Up @@ -192,16 +204,22 @@ public function decrement(Request $request, int $id)

/**
* Suspends the user
*
* @param Request $request
* @param int $id
* @return User
*
* @throws ValidationException
*/
public function suspend(Request $request, int $id)
{
$discordUser = DiscordUser::find($id);
$user = $discordUser ? $discordUser->user : User::findOrFail($id);

$request->validate([
'reason' => 'sometimes|string|max:320',
]);

$reason = $request->input('reason');

if ($user->isSuspended()) {
Expand All @@ -211,27 +229,27 @@ public function suspend(Request $request, int $id)
}
$user->suspend();

$logMessage = "The user " . $user->name . " (ID: " . $user->id . ") was suspended via API";
if ($reason) {
$logMessage .= ". Reason: " . e($reason);
}
activity()->performedOn($user)->log($logMessage);

return $user;
}

/**
* Unsuspend the user
*
* @param Request $request
* @param int $id
* @return User
*
* @throws ValidationException
*/
public function unsuspend(Request $request, int $id)
{
$discordUser = DiscordUser::find($id);
$user = $discordUser ? $discordUser->user : User::findOrFail($id);

$request->validate([
'reason' => 'sometimes|string|max:320',
]);

$reason = $request->input('reason');

if (! $user->isSuspended()) {
Expand All @@ -242,35 +260,26 @@ public function unsuspend(Request $request, int $id)

$user->unSuspend();

$logMessage = "The user " . $user->name . " (ID: " . $user->id . ") was unsuspended via API";
if ($reason) {
$logMessage .= ". Reason: " . e($reason);
}
activity()->performedOn($user)->log($logMessage);

return $user;
}

/**
* Remove the specified resource from storage.
*
* @param Request $request
* @param int $id
* @return Response
*/
public function destroy(Request $request, int $id)
{
$discordUser = DiscordUser::find($id);
$user = $discordUser ? $discordUser->user : User::findOrFail($id);

$request->validate([
'reason' => 'sometimes|string|max:320',
]);

$reason = $request->input('reason');

$logMessage = "The user " . $user->name . " (ID: " . $user->id . ") was deleted via API";
if ($reason) {
$logMessage .= ". Reason: " . e($reason);
}

activity()->performedOn($user)->log($logMessage);
$reason = $request->input('reason');

$user->delete();

Expand Down
2 changes: 1 addition & 1 deletion app/Http/Controllers/Auth/RegisterController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ protected function create(array $data)
$user = User::create([
'name' => $data['name'],
'email' => $data['email'],
'credits' => Currency::prepareForDatabase($this->initial_credits),
'credits' => $this->initial_credits,
'server_limit' => $this->initial_server_limit,
'password' => Hash::make($data['password']),
'referral_code' => $this->createReferralCode(),
Expand Down
Loading