Commit Graph

5 Commits

Author SHA1 Message Date
HolgerHatGarKeineNode a2a640809a Refactor components and models:
- 🔥 Removed deprecated `placeholder-pattern` component.
- 🧹 Simplified and cleaned up Blade views by removing unused comments and sections.
- 🗂️ Extracted `SetsCreatedBy` concern for DRY and reused it across models.
- 🔧 Consolidated configuration for Horizon `authorized_nostr_keys`.
- 🧪 Migrated media conversion to use new Spatie enums for clarity.
- ♻️ Replaced repetitive link rendering with dynamic rendering in meetups and services views.
2026-06-29 22:20:01 +02:00
Claude 9b81f6cd92 security: high-severity fixes (api throttle, fillable, idor, path, rel)
- Add 60 req/min throttle to the public API group and a stricter 10 req/min
  throttle to POST /highscores.
- Replace mass-assigned $guarded=[] with explicit $fillable on User, Meetup,
  Course, Lecturer, and SelfHostedService. created_by stays out of the
  whitelist; the existing creating() hooks continue to populate it.
- Require authenticated user on Api/MeetupController::index instead of
  trusting the user_id query parameter (IDOR).
- Constrain the /img and /img-public route paths to a safe character set
  and reject any path containing ".." in ImageController.
- Add rel="noopener noreferrer" to every target="_blank" link on the meetup
  and course landing pages.
2026-05-03 12:55:09 +00:00
HolgerHatGarKeineNode 32e327cd9c 🔥 Remove redundant PRD.md file, update media models with stricter MIME type validation, and refine media conversion settings. 2026-01-25 23:54:44 +01:00
HolgerHatGarKeineNode e96413d1a0 🚀 Add courses and lecturers management functionality 2025-11-21 14:23:59 +01:00
user e4a4cfae2b 🚀 initial commit 2025-11-21 04:28:08 +01:00