- Trust the Forge reverse proxy and force https URLs in production so
generated absolute URLs match the actual TLS termination.
- Reject Nostr profile photo URLs that aren't http(s) or that resolve to
loopback / private (RFC1918) addresses to close an SSRF vector in
FetchNostrProfileJob.
- Tighten image upload validation across meetup, course, and lecturer
create/edit components: explicit mimes whitelist (jpeg, png, webp),
max 5 MiB, and dimension cap of 4000x4000.
- Replace the silent "skip if exists" branch in LnurlAuthController with
updateOrCreate so concurrent callers cannot race on the k1 record.
- Validate github_data on Meetup edit, decoding the JSON, and keep only
the whitelisted keys (top, left, state) with strict type coercion to
prevent storing arbitrary attacker-controlled JSON.
- Introduced `FetchNostrProfileJob` for retrieving and updating user Nostr profiles.
- Added Hungarian translations (`auth.php`, `passwords.php`, `validation.php`, and others) for improved localization.
- Integrated Laravel Horizon for enhanced queue management (`HorizonServiceProvider` added, `composer.json` updated).
- Updated German and Spanish language files to fix duplicate keys.
- Minor route addition for testing Nostr profile job dispatch.
- Added `DomainMiddleware` to dynamically set locale, language-country session, and app name based on domain.
- Updated views and components to leverage `lang_country` session for language and region-specific content.
- Enhanced country parameter retrieval with `config('app.domain_country')` as fallback.
- Refined language filtering by scanning available language files dynamically.
- Added language-specific assets and translations (`nl.json`, `es.json`) with improved language-region associations.
- Updated `app-logo-icon` to display region-specific images or default SVGs.
- Improved views with cleaner, dynamic rendering and session-aware functionalities.
- Introduced a `SetTimezone` middleware to dynamically apply user-specific timezones.
- Added a `timezone chooser` component for users to select their timezone.
- Enhanced date and time display in views with `asDate`, `asTime`, and `asDateTime` methods.
- Updated `AppServiceProvider` to leverage `preventLazyLoading` in local environments and set custom `Carbon` instance for dates.
- Expanded configuration with `user-timezone`.
- Integrated timezone support into meetups and events for consistent scheduling.
- Added `publicDisk` configuration to `filesystems.php`.
- Expanded locale translations in `es.json` and `de.json`.
- Implemented RSS, Atom, and JSON feed views.
- Added `feed.php` configuration for feed generation.
- Introduced `ImageController` for image handling.
- Updated application routing to include `api.php`.
Claude