fix: Panel Inconsistencies and issues (#952)

.env.example

@@ -28,6 +28,17 @@ DB_DATABASE=dashboard
 DB_USERNAME=dashboarduser
 DB_PASSWORD=
 
+### --- Discord Settings (required for Discord OAuth) --- ###
+DISCORD_CLIENT_ID=
+DISCORD_CLIENT_SECRET=
+
+### --- Discord Settings End --- ###
+
+### --- Google Recaptcha Settings --- ###
+RECAPTCHA_SITE_KEY=6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
+RECAPTCHA_SECRET_KEY=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
+### --- Google Recaptcha Settings End --- ###
+
 # No-SQL
 MEMCACHED_HOST=127.0.0.1
 
@@ -36,6 +47,7 @@ REDIS_PASSWORD=null
 REDIS_PORT=6379
 ### --- Database Settings End --- ###
 
+
 ### --- Mail Server Settings --- ###
 MAIL_MAILER=smtp
 MAIL_HOST=mailhog

.gitignore

@@ -33,3 +33,6 @@ Homestead.yaml
 public/install/logs.txt
 install.lock
 public/install/logs/installer.log
+
+/.idea
+cpggdatabase.sql

app/Http/Controllers/Admin/SettingsController.php

@@ -101,7 +101,7 @@ public function update(Request $request)
 
         $this->checkPermission("settings." . strtolower($category) . ".write");
 
-        $settings_class = request()->get('settings_class');
+        $settings_class = (string) request()->get('settings_class');
 
         if (method_exists($settings_class, 'getValidations')) {
             $validations = $settings_class::getValidations();
@@ -122,7 +122,6 @@ public function update(Request $request)
             $rp = new \ReflectionProperty($settingsClass, $key);
             $rpType = $rp->getType();
 
-
             if ($rpType == 'bool') {
                 $settingsClass->$key = $request->has($key);
                 continue;

app/Http/Controllers/TicketsController.php

@@ -18,7 +18,9 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Notification;
+use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Str;
+use App\Settings\GeneralSettings;
 
 class TicketsController extends Controller
 {
@@ -34,8 +36,13 @@ public function index(LocaleSettings $locale_settings, TicketSettings $ticketSet
         ]);
     }
 
+
     public function store(Request $request, GeneralSettings $generalSettings)
     {
+        if (RateLimiter::tooManyAttempts('ticket-send:'.Auth::user()->id, $perMinute = 1)) {
+            return redirect()->back()->with('error', __('Please wait before creating a new Ticket'));
+        }
+
         $validateData = [
             'title' => 'required|string|max:255',
             'ticketcategory' => 'required|numeric',
@@ -48,6 +55,7 @@ public function store(Request $request, GeneralSettings $generalSettings)
         }
 
         $this->validate($request, $validateData);
+
         $ticket = new Ticket(
             [
                 'title' => $request->input('title'),
@@ -70,6 +78,7 @@ public function store(Request $request, GeneralSettings $generalSettings)
 
 
         $user->notify(new CreateNotification($ticket));
+        RateLimiter::hit('ticket-send:'.Auth::user()->id);
 
         return redirect()->route('ticket.index')->with('success', __('A ticket has been opened, ID: #') . $ticket->ticket_id);
     }
@@ -92,6 +101,9 @@ public function show($ticket_id, PterodactylSettings $ptero_settings)
 
     public function reply(Request $request)
     {
+        if (RateLimiter::tooManyAttempts('ticket-reply:'.Auth::user()->id, $perMinute = 1)) {
+            return redirect()->back()->with('error', __('Please wait before answering a Ticket'));
+        }
         //check in blacklist
         $check = TicketBlacklist::where('user_id', Auth::user()->id)->first();
         if ($check && $check->status == 'True') {
@@ -104,6 +116,7 @@ public function reply(Request $request)
             return redirect()->back()->with('warning', __('Ticket not found on the server. It potentially got deleted earlier'));
         }
         $ticket->status = 'Client Reply';
+        $ticket->updated_at = now();
         $ticket->update();
         $ticketcomment = TicketComment::create([
             'ticket_id' => $request->input('ticket_id'),
@@ -118,7 +131,7 @@ public function reply(Request $request)
         foreach($staffNotify as $staff){
             Notification::send($staff, new AdminReplyNotification($ticket, $user, $newmessage));
         }
-
+        RateLimiter::hit('ticket-reply:'.Auth::user()->id);
         return redirect()->back()->with('success', __('Your comment has been submitted'));
     }
 

app/Models/User.php

@@ -14,6 +14,7 @@
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\RateLimiter;
 use Spatie\Activitylog\LogOptions;
 use Spatie\Activitylog\Traits\CausesActivity;
 use Spatie\Activitylog\Traits\LogsActivity;
@@ -188,7 +189,19 @@ public function discordUser()
 
     public function sendEmailVerificationNotification()
     {
-        $this->notify(new QueuedVerifyEmail);
+        // Rate limit the email verification notification to 1 attempt per 30 minutes
+        $executed = RateLimiter::attempt(
+            key: 'verify-mail'. $this->id,
+            maxAttempts: 1,
+            callback: function() {
+                $this->notify(new QueuedVerifyEmail);
+            },
+            decaySeconds: 1800
+        );
+
+        if (! $executed) {
+            return response()->json(['message' => 'Too many requests, try again in: ' . RateLimiter::availableIn('verify-mail:'. $this->id) . ' seconds'], 429);
+        }
     }
 
     /**

routes/web.php

@@ -114,9 +114,11 @@
     Route::get('ticket', [TicketsController::class, 'index'])->name('ticket.index');
     Route::get('ticket/datatable', [TicketsController::class, 'datatable'])->name('ticket.datatable');
     Route::get('ticket/new', [TicketsController::class, 'create'])->name('ticket.new');
+
     Route::post('ticket/new', [TicketsController::class, 'store'])->middleware(['throttle:1,1'])->name('ticket.new.store');
     Route::get('ticket/show/{ticket_id}', [TicketsController::class, 'show'])->name('ticket.show');
     Route::post('ticket/reply', [TicketsController::class, 'reply'])->middleware(['throttle:10,1'])->name('ticket.reply');
+
     Route::post('ticket/status/{ticket_id}', [TicketsController::class, 'changeStatus'])->name('ticket.changeStatus');
 
 

themes/BlueInfinity/views/layouts/main.blade.php

@@ -85,6 +85,7 @@ class="mr-2 fab fa-discord"></i>{{ __('Discord') }}</a>
                                 </button>
                             @endforeach
 
+                            <input type="hidden" name="_token" value="{{ csrf_token() }}">
                         </form>
                     </div>
                 </li>
@@ -190,6 +191,8 @@ class="dropdown-item dropdown-footer">{{ __('Mark all as read') }}</a>
                             <i class="mr-2 text-gray-400 fas fa-sign-out-alt fa-sm fa-fw"></i>
                             {{ __('Logout') }}
                         </button>
+
+                        <input type="hidden" name="_token" value="{{ csrf_token() }}">
                     </form>
                 </div>
             </li>

themes/default/views/admin/activitylogs/index.blade.php

@@ -56,6 +56,8 @@
                                         <button class="btn btn-light btn-sm" type="submit"><i class="fa fa-search"></i></button>
                                     </div>
                                 </div>
+
+                                <input type="hidden" name="_token" value="{{ csrf_token() }}">
                             </form>
                         </div>
                     </div>

themes/default/views/admin/api/create.blade.php

@@ -50,6 +50,8 @@ class="form-control @error('memo') is-invalid @enderror">
                                         {{__('Submit')}}
                                     </button>
                                 </div>
+
+                                <input type="hidden" name="_token" value="{{ csrf_token() }}">
                             </form>
                         </div>
                     </div>

themes/default/views/admin/api/edit.blade.php

@@ -51,6 +51,8 @@ class="form-control @error('memo') is-invalid @enderror">
                                         {{__('Submit')}}
                                     </button>
                                 </div>
+
+                                <input type="hidden" name="_token" value="{{ csrf_token() }}">
                             </form>
                         </div>
                     </div>

themes/default/views/admin/coupons/create.blade.php

@@ -233,6 +233,8 @@ class="input-group-append"
                     {{__('Submit')}}
                   </button>
                 </div>
+
+                <input type="hidden" name="_token" value="{{ csrf_token() }}">
               </form>
             </div>
           </div>

themes/default/views/admin/coupons/edit.blade.php

@@ -234,6 +234,8 @@ class="input-group-append"
                                 {{__('Submit')}}
                               </button>
                             </div>
+
+                            <input type="hidden" name="_token" value="{{ csrf_token() }}">
                           </form>
                         </div>
                     </div>

themes/default/views/admin/legal/index.blade.php

@@ -96,6 +96,8 @@ class="form-control @error('imprint') is-invalid @enderror">
                 <div class="row">
                     <button class="btn btn-primary ml-3 mt-3">{{ __('Save') }}</button>
                 </div>
+
+                <input type="hidden" name="_token" value="{{ csrf_token() }}">
             </form>
         </div>
         <!-- END CUSTOM CONTENT -->