einundzwanzig-app

mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-05-05 04:54:53 +00:00

T

Claude d46c0161fe security: medium-severity fixes (proxies, ssrf, uploads, lnurl, github_data)

- Trust the Forge reverse proxy and force https URLs in production so
  generated absolute URLs match the actual TLS termination.
- Reject Nostr profile photo URLs that aren't http(s) or that resolve to
  loopback / private (RFC1918) addresses to close an SSRF vector in
  FetchNostrProfileJob.
- Tighten image upload validation across meetup, course, and lecturer
  create/edit components: explicit mimes whitelist (jpeg, png, webp),
  max 5 MiB, and dimension cap of 4000x4000.
- Replace the silent "skip if exists" branch in LnurlAuthController with
  updateOrCreate so concurrent callers cannot race on the k1 record.
- Validate github_data on Meetup edit, decoding the JSON, and keep only
  the whitelisted keys (top, left, state) with strict type coercion to
  prevent storing arbitrary attacker-controlled JSON.

2026-05-03 12:57:57 +00:00

.ai/mcp

🎨 **Style:** Fixed indentation inconsistencies in meetup_user migration file.

2026-05-02 19:17:02 +01:00

.continue

🚀 Refactor Laravel Boost MCP server configuration and enhance routing structure with new endpoints, redirects, and country-specific route groups

2025-12-09 04:08:38 +01:00

.cursor

🛠️ Enhance service index: Add link tooltips, improve button spacing, and clean up component formatting

2025-12-07 03:51:40 +01:00

.gitea/workflows

🚀 initial commit

2025-11-21 04:28:08 +01:00

.junie

🔥 **Cleanup:** Removed BookCase and OrangePill models, factories, migrations, and related references. Added tests for new service and meetup creation flows. Updated PHPUnit settings and browser-specific configurations.

2026-05-02 22:00:26 +01:00

.playwright-mcp

🎨 **Style:** Fixed indentation inconsistencies in meetup_user migration file.

2026-05-02 19:17:02 +01:00

app

security: medium-severity fixes (proxies, ssrf, uploads, lnurl, github_data)

2026-05-03 12:57:57 +00:00

bootstrap

security: medium-severity fixes (proxies, ssrf, uploads, lnurl, github_data)

2026-05-03 12:57:57 +00:00

config

2026-05-02 22:00:26 +01:00

database

🛠️ **Migration:** Added hasTable check to meetup_user migration to prevent redundant table creation.

2026-05-02 22:06:35 +01:00

lang

📚 **Docs:** Updated PHP version in guidelines and agent documentation + added --format agent to Laravel Pint commands

2026-05-02 19:22:58 +01:00

public

🔧 Add .gitignore for static assets and update comment language in DomainMiddleware

2025-12-14 20:53:09 +01:00

resources

security: medium-severity fixes (proxies, ssrf, uploads, lnurl, github_data)

2026-05-03 12:57:57 +00:00

routes

security: high-severity fixes (api throttle, fillable, idor, path, rel)

2026-05-03 12:55:09 +00:00

storage

🚀 initial commit

2025-11-21 04:28:08 +01:00

tests

✨ **Middleware & Tests:** Improved exception handling for stale Livewire asset requests to return 404 instead of 500. Added feature tests to validate these scenarios. 🚀

2026-05-03 12:15:36 +02:00

.editorconfig

🚀 initial commit

2025-11-21 04:28:08 +01:00

.env.example

🎨 **Style:** Fixed indentation inconsistencies in meetup_user migration file.

2026-05-02 19:17:02 +01:00

.gitattributes

🚀 initial commit

2025-11-21 04:28:08 +01:00

.gitignore

2026-05-02 22:00:26 +01:00

.mcp.json

🔥 Remove Laravel Sail, Docker, and related setup, migrate to simplified local development environment

2026-02-11 21:10:09 +01:00

AGENTS.md

2026-05-02 22:00:26 +01:00

artisan

🚀 initial commit

2025-11-21 04:28:08 +01:00

boost.json

🔥 Remove Laravel Sail, Docker, and related setup, migrate to simplified local development environment

2026-02-11 21:10:09 +01:00

CLAUDE.md

2026-05-02 22:00:26 +01:00

composer.json

2026-05-02 22:00:26 +01:00

composer.lock

2026-05-02 22:00:26 +01:00

opencode.json

🔥 Remove Laravel Sail, Docker, and related setup, migrate to simplified local development environment

2026-02-11 21:10:09 +01:00

package.json

2026-05-02 22:00:26 +01:00

phpunit.xml

2026-05-02 22:00:26 +01:00

README.md

🔥 Remove Laravel Sail, Docker, and related setup, migrate to simplified local development environment

2026-02-11 21:10:09 +01:00

vite.config.js

⚙️ Refactor Vite config import and tidy Tailwind CSS setup

2025-12-09 21:43:59 +01:00

yarn.lock

2026-05-02 22:00:26 +01:00

README.md

Hosted:

de-DE: https://portal.einundzwanzig.space/de/meetups
de-AT: https://portal.einundzwanzig.space/at/meetups
de-CH: https://portal.einundzwanzig.space/ch/meetups
pl-PL: https://portal.dwadziesciajeden.pl/pl/meetups
hu-HU: https://portal.huszonegy.world/hu/meetups

Host your national domain?

To add your national domain, you need to create a CNAME record pointing to portal.einundzwanzig.space.

Here's how:

Add a subdomain like portal.yourdomain.tld
Create a CNAME record pointing to portal.einundzwanzig.space

DNS provider CNAME settings:

Type: CNAME Name/Host/Alias: portal Target/Value/Destination: portal.einundzwanzig.space

After setting up your CNAME, please notify the repository owner to refresh SSL certificates to include your domain.

Contributing and Proposals

https://gitworkshop.dev

Development

Prerequisites

PHP 8.3+
PostgreSQL (running locally or as a container)
Redis (running locally or as a container)
Node.js + Yarn

Installation

cp .env.example .env

composer install (you need a valid Flux Pro license or send a message to Nostr - The Ben)

Migrate and seed the database

php artisan migrate:fresh --seed

Laravel storage link

php artisan storage:link

Install node dependencies

yarn

Start development environment

composer run dev

This starts the PHP dev server, queue worker, Pail log viewer, and Vite concurrently.

Update dependencies

yarn

Security Vulnerabilities

If you discover a security vulnerability within this project, please go to https://gitworkshop.dev. All security vulnerabilities will be promptly addressed.

License

Open-sourced software licensed under the MIT license.