chore: configure auth (#7571)

This commit is contained in:
🏔️ Peak 2025-12-11 17:51:50 +01:00 committed by GitHub
commit da96c7885c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 144 additions and 23 deletions

View file

@ -16,14 +16,15 @@ All notable changes to this project will be documented in this file.
### Changed
- Upgraded all Composer and Node dependencies, most notably: PHP to 8.5 (from 8.4), TailwindCSS to v4.0 (from v3) and Laravel to v12 (from v10)
- Upgraded all Composer and Node dependencies, most notably: PHP to 8.5 (previously 8.4), TailwindCSS to v4.0 (previously v3) and Laravel to v12 (previously v10)
- **Docker:**
- Upgraded all Docker dependencies, most notably: Postgres to v18 (from v15) and Redis to v8 (from v7)
- Upgraded all Docker dependencies, most notably: Postgres to v18 (previously v15) and Redis to v8 (previously v7)
-
- **Laravel Configurations:**
- Changed hashing algorithm from `bcrypt` to `argon2id` for enhanced security
- Use Redis for sessions and expire inactive sessions after 24h
- Use Redis for sessions and expire inactive sessions after 24h (previously 14 days)
- Encrypt user sessions data
- Expire password reset tokens after 10 minutes (previously 60 minutes)
- Redirect Laravel logs to `stderr` so they can be viewed in docker logs
- Configured production logging to rotate automatically and keep only the last 10 days of logs to reduce disk usage
- Changed production log level from `debug` to `warning` to reduce disk usage and avoid logging sensitive information
@ -87,7 +88,8 @@ All notable changes to this project will be documented in this file.
### Refactored
- Completely refactored all database migrations for a cleaner, more consistent and optimized schema
- Completely refactored all database migrations for a cleaner, more consistent and stable database schema
- Completely refactored all database models
## Issues

View file

47
app/Models/User.php Normal file
View file

@ -0,0 +1,47 @@
<?php
declare(strict_types=1);
namespace App\Models;
use Carbon\CarbonInterface;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
/**
* @property int $id
* @property string $name
* @property string $email
* @property CarbonInterface|null $email_verified_at
* @property string $password
* @property CarbonInterface $created_at
* @property CarbonInterface $updated_at
*/
final class User extends Authenticatable
{
/** @use HasFactory<\Database\Factories\UserFactory> */
use HasFactory;
/**
* The attributes that should be hidden for serialization.
*
* @var list<string>
*/
protected $hidden = [
'password',
'remember_token',
];
/**
* Get the attributes that should be cast.
*
* @return array<string, string>
*/
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
];
}
}

View file

@ -90,7 +90,7 @@ return [
'users' => [
'provider' => 'users',
'table' => env('AUTH_PASSWORD_RESET_TOKEN_TABLE', 'password_reset_tokens'),
'expire' => 60,
'expire' => 10,
'throttle' => 60,
],
],

View file

@ -18,23 +18,6 @@ return [
'driver' => env('HASH_DRIVER', 'argon2id'),
/*
|--------------------------------------------------------------------------
| Bcrypt Options
|--------------------------------------------------------------------------
|
| Here you may specify the configuration options that should be used when
| passwords are hashed using the Bcrypt algorithm. This will allow you
| to control the amount of time it takes to hash the given password.
|
*/
'bcrypt' => [
'rounds' => env('BCRYPT_ROUNDS', 14),
'verify' => env('HASH_VERIFY', true),
'limit' => env('BCRYPT_LIMIT'),
],
/*
|--------------------------------------------------------------------------
| Argon Options

View file

@ -0,0 +1,42 @@
<?php
declare(strict_types=1);
namespace Database\Factories;
use Illuminate\Database\Eloquent\Factories\Factory;
use Illuminate\Support\Facades\Hash;
/**
* @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\User>
*/
final class UserFactory extends Factory
{
/**
* The current password being used by the factory.
*/
private static string $password;
/**
* Define the model's default state.
*/
public function definition(): array
{
return [
'name' => fake()->name(),
'email' => fake()->unique()->safeEmail(),
'email_verified_at' => now(),
'password' => self::$password ??= Hash::make('password'),
];
}
/**
* Indicate that the model's email address should be unverified.
*/
public function unverified(): static
{
return $this->state(fn (array $attributes): array => [
'email_verified_at' => null,
]);
}
}

View file

@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('users', function (Blueprint $table): void {
$table->id();
$table->string('name');
$table->string('email')->unique();
$table->timestamp('email_verified_at')->nullable();
$table->string('password');
$table->timestamps();
});
}
};

View file

@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('password_reset_tokens', function (Blueprint $table): void {
$table->string('email')->primary();
$table->string('token');
$table->timestamp('created_at')->nullable();
});
}
};

View file

@ -192,8 +192,8 @@ arch('Models')
->expect('App\Models')
->toBeClasses()
->toExtend(\Illuminate\Database\Eloquent\Model::class)
->ignoring('App\Models\Scopes')
->not->toUseTrait(\Illuminate\Database\Eloquent\SoftDeletes::class)
->toOnlyUse('Illuminate\Database')
->toHaveLineCountLessThan(250)
->not->toHaveSuffix('Model');