mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
chore: configure auth (#7571)
This commit is contained in:
commit
da96c7885c
11 changed files with 144 additions and 23 deletions
10
CHANGELOG.md
10
CHANGELOG.md
|
|
@ -16,14 +16,15 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### Changed
|
||||
|
||||
- Upgraded all Composer and Node dependencies, most notably: PHP to 8.5 (from 8.4), TailwindCSS to v4.0 (from v3) and Laravel to v12 (from v10)
|
||||
- Upgraded all Composer and Node dependencies, most notably: PHP to 8.5 (previously 8.4), TailwindCSS to v4.0 (previously v3) and Laravel to v12 (previously v10)
|
||||
- **Docker:**
|
||||
- Upgraded all Docker dependencies, most notably: Postgres to v18 (from v15) and Redis to v8 (from v7)
|
||||
- Upgraded all Docker dependencies, most notably: Postgres to v18 (previously v15) and Redis to v8 (previously v7)
|
||||
-
|
||||
- **Laravel Configurations:**
|
||||
- Changed hashing algorithm from `bcrypt` to `argon2id` for enhanced security
|
||||
- Use Redis for sessions and expire inactive sessions after 24h
|
||||
- Use Redis for sessions and expire inactive sessions after 24h (previously 14 days)
|
||||
- Encrypt user sessions data
|
||||
- Expire password reset tokens after 10 minutes (previously 60 minutes)
|
||||
- Redirect Laravel logs to `stderr` so they can be viewed in docker logs
|
||||
- Configured production logging to rotate automatically and keep only the last 10 days of logs to reduce disk usage
|
||||
- Changed production log level from `debug` to `warning` to reduce disk usage and avoid logging sensitive information
|
||||
|
|
@ -87,7 +88,8 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
### Refactored
|
||||
|
||||
- Completely refactored all database migrations for a cleaner, more consistent and optimized schema
|
||||
- Completely refactored all database migrations for a cleaner, more consistent and stable database schema
|
||||
- Completely refactored all database models
|
||||
|
||||
## Issues
|
||||
|
||||
|
|
|
|||
47
app/Models/User.php
Normal file
47
app/Models/User.php
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use Carbon\CarbonInterface;
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Foundation\Auth\User as Authenticatable;
|
||||
|
||||
/**
|
||||
* @property int $id
|
||||
* @property string $name
|
||||
* @property string $email
|
||||
* @property CarbonInterface|null $email_verified_at
|
||||
* @property string $password
|
||||
* @property CarbonInterface $created_at
|
||||
* @property CarbonInterface $updated_at
|
||||
*/
|
||||
final class User extends Authenticatable
|
||||
{
|
||||
/** @use HasFactory<\Database\Factories\UserFactory> */
|
||||
use HasFactory;
|
||||
|
||||
/**
|
||||
* The attributes that should be hidden for serialization.
|
||||
*
|
||||
* @var list<string>
|
||||
*/
|
||||
protected $hidden = [
|
||||
'password',
|
||||
'remember_token',
|
||||
];
|
||||
|
||||
/**
|
||||
* Get the attributes that should be cast.
|
||||
*
|
||||
* @return array<string, string>
|
||||
*/
|
||||
protected function casts(): array
|
||||
{
|
||||
return [
|
||||
'email_verified_at' => 'datetime',
|
||||
'password' => 'hashed',
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
@ -90,7 +90,7 @@ return [
|
|||
'users' => [
|
||||
'provider' => 'users',
|
||||
'table' => env('AUTH_PASSWORD_RESET_TOKEN_TABLE', 'password_reset_tokens'),
|
||||
'expire' => 60,
|
||||
'expire' => 10,
|
||||
'throttle' => 60,
|
||||
],
|
||||
],
|
||||
|
|
|
|||
|
|
@ -18,23 +18,6 @@ return [
|
|||
|
||||
'driver' => env('HASH_DRIVER', 'argon2id'),
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Bcrypt Options
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Here you may specify the configuration options that should be used when
|
||||
| passwords are hashed using the Bcrypt algorithm. This will allow you
|
||||
| to control the amount of time it takes to hash the given password.
|
||||
|
|
||||
*/
|
||||
|
||||
'bcrypt' => [
|
||||
'rounds' => env('BCRYPT_ROUNDS', 14),
|
||||
'verify' => env('HASH_VERIFY', true),
|
||||
'limit' => env('BCRYPT_LIMIT'),
|
||||
],
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Argon Options
|
||||
|
|
|
|||
42
database/factories/UserFactory.php
Normal file
42
database/factories/UserFactory.php
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Database\Factories;
|
||||
|
||||
use Illuminate\Database\Eloquent\Factories\Factory;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
|
||||
/**
|
||||
* @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\User>
|
||||
*/
|
||||
final class UserFactory extends Factory
|
||||
{
|
||||
/**
|
||||
* The current password being used by the factory.
|
||||
*/
|
||||
private static string $password;
|
||||
|
||||
/**
|
||||
* Define the model's default state.
|
||||
*/
|
||||
public function definition(): array
|
||||
{
|
||||
return [
|
||||
'name' => fake()->name(),
|
||||
'email' => fake()->unique()->safeEmail(),
|
||||
'email_verified_at' => now(),
|
||||
'password' => self::$password ??= Hash::make('password'),
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Indicate that the model's email address should be unverified.
|
||||
*/
|
||||
public function unverified(): static
|
||||
{
|
||||
return $this->state(fn (array $attributes): array => [
|
||||
'email_verified_at' => null,
|
||||
]);
|
||||
}
|
||||
}
|
||||
25
database/migrations/2025_12_10_154334_create_users_table.php
Normal file
25
database/migrations/2025_12_10_154334_create_users_table.php
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
Schema::create('users', function (Blueprint $table): void {
|
||||
$table->id();
|
||||
$table->string('name');
|
||||
$table->string('email')->unique();
|
||||
$table->timestamp('email_verified_at')->nullable();
|
||||
$table->string('password');
|
||||
$table->timestamps();
|
||||
});
|
||||
}
|
||||
};
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
Schema::create('password_reset_tokens', function (Blueprint $table): void {
|
||||
$table->string('email')->primary();
|
||||
$table->string('token');
|
||||
$table->timestamp('created_at')->nullable();
|
||||
});
|
||||
}
|
||||
};
|
||||
|
|
@ -192,8 +192,8 @@ arch('Models')
|
|||
->expect('App\Models')
|
||||
->toBeClasses()
|
||||
->toExtend(\Illuminate\Database\Eloquent\Model::class)
|
||||
->ignoring('App\Models\Scopes')
|
||||
->not->toUseTrait(\Illuminate\Database\Eloquent\SoftDeletes::class)
|
||||
->toOnlyUse('Illuminate\Database')
|
||||
->toHaveLineCountLessThan(250)
|
||||
->not->toHaveSuffix('Model');
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue