php-admin

Author	SHA1	Message	Date
Snider	bcb40d4ebf	fix(dx): add strict_types, composer scripts, and fix test discovery Some checks failed CI / PHP 8.3 (pull_request) Failing after 3s Details CI / PHP 8.4 (pull_request) Failing after 2s Details - Add declare(strict_types=1) to 17 PHP files missing it (13 Livewire modals, 1 route file, 1 migration, 1 test use case, TestCase) - Add composer test/lint scripts to composer.json for monorepo consistency - Fix phpunit.xml to discover tests in src/Search/Tests and src/Mod/Hub/Tests - Update CLAUDE.md commands section to document composer test/lint Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 09:04:27 +00:00
Clotho	8922683bcf	security: validate JSON metadata fields to prevent mass assignment Some checks failed CI / PHP 8.2 (pull_request) Failing after 1s Details CI / PHP 8.3 (pull_request) Failing after 1s Details CI / PHP 8.4 (pull_request) Failing after 1s Details CI / Assets (pull_request) Failing after 1s Details Add mutators to Service and HoneypotHit models that enforce size and structure limits on JSON fields (metadata, headers). Service.setMeta() now validates key format. TeapotController pre-filters header count before passing to the model. Fixes #14 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-21 01:25:47 +00:00
Charon	ee383bbe3f	Merge pull request 'fix(security): improve TeapotController header sanitization' (#21 ) from security/improve-teapot-sanitization into main Some checks are pending CI / PHP 8.2 (push) Waiting to run Details CI / PHP 8.3 (push) Waiting to run Details CI / PHP 8.4 (push) Waiting to run Details CI / Assets (push) Waiting to run Details	2026-02-20 12:10:58 +00:00
Clotho	163d34aacf	fix(security): improve TeapotController header sanitization (#13 ) Some checks failed CI / PHP 8.2 (pull_request) Failing after 1s Details CI / PHP 8.4 (pull_request) Failing after 1s Details CI / PHP 8.3 (pull_request) Failing after 1s Details CI / Assets (pull_request) Failing after 1s Details Switch header storage from blacklist to whitelist approach, add private IP detection for auto-block bypass, and validate referer URLs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-20 11:50:04 +00:00
Clotho	9ae0055f33	security: add rate limiting to admin action endpoints (#12 ) Some checks failed CI / PHP 8.3 (pull_request) Failing after 27s Details CI / PHP 8.2 (pull_request) Failing after 30s Details CI / Assets (pull_request) Failing after 1s Details CI / PHP 8.4 (pull_request) Failing after 1s Details Add per-user rate limiting to sensitive Livewire component methods to prevent abuse from compromised admin sessions. Introduces a reusable HasRateLimiting trait and applies it to PlatformUser, Settings, and WaitlistManager components. Rate limits: - Tier changes, verification, entitlements: 10/min per admin - Profile updates, preferences: 20/min per user - Password changes: 5/min per user - Data exports: 5/min per admin - Deletions/anonymisation: 3/min per admin Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-20 11:28:26 +00:00
Snider	b7f77480d3	refactor: update namespaces for L1 package convention - Core\Mod\Tenant -> Core\Tenant Part of namespace restructure to align with L1/L2 module conventions. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-27 17:34:41 +00:00
Snider	71c0805bfd	monorepo sepration	2026-01-26 20:56:28 +00:00

7 commits