From 0c92d19eb76d6aae1ee0826789b9aabf2e6565bd Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 15:39:26 +0100 Subject: [PATCH 1/8] chore(config): remove unused bcrypt hashing options --- config/hashing.php | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/config/hashing.php b/config/hashing.php index 94db9645a..e0db28ada 100644 --- a/config/hashing.php +++ b/config/hashing.php @@ -18,23 +18,6 @@ return [ 'driver' => env('HASH_DRIVER', 'argon2id'), - /* - |-------------------------------------------------------------------------- - | Bcrypt Options - |-------------------------------------------------------------------------- - | - | Here you may specify the configuration options that should be used when - | passwords are hashed using the Bcrypt algorithm. This will allow you - | to control the amount of time it takes to hash the given password. - | - */ - - 'bcrypt' => [ - 'rounds' => env('BCRYPT_ROUNDS', 14), - 'verify' => env('HASH_VERIFY', true), - 'limit' => env('BCRYPT_LIMIT'), - ], - /* |-------------------------------------------------------------------------- | Argon Options From b77d404673993e19a258265d7f8d30984d508f2f Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 16:59:33 +0100 Subject: [PATCH 2/8] feat(auth): create users and password_reset_tokens table --- database/migrations/.gitkeep | 0 .../2025_12_10_154334_create_users_table.php | 25 +++++++++++++++++++ ...403_create_password_reset_tokens_table.php | 22 ++++++++++++++++ 3 files changed, 47 insertions(+) delete mode 100644 database/migrations/.gitkeep create mode 100644 database/migrations/2025_12_10_154334_create_users_table.php create mode 100644 database/migrations/2025_12_10_154403_create_password_reset_tokens_table.php diff --git a/database/migrations/.gitkeep b/database/migrations/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/database/migrations/2025_12_10_154334_create_users_table.php b/database/migrations/2025_12_10_154334_create_users_table.php new file mode 100644 index 000000000..ff437717f --- /dev/null +++ b/database/migrations/2025_12_10_154334_create_users_table.php @@ -0,0 +1,25 @@ +id(); + $table->string('name'); + $table->string('email')->unique(); + $table->timestamp('email_verified_at')->nullable(); + $table->string('password'); + $table->timestamps(); + }); + } +}; diff --git a/database/migrations/2025_12_10_154403_create_password_reset_tokens_table.php b/database/migrations/2025_12_10_154403_create_password_reset_tokens_table.php new file mode 100644 index 000000000..895fb8b04 --- /dev/null +++ b/database/migrations/2025_12_10_154403_create_password_reset_tokens_table.php @@ -0,0 +1,22 @@ +string('email')->primary(); + $table->string('token'); + $table->timestamp('created_at')->nullable(); + }); + } +}; From 60388a832cf2fe3afd38acb7ed5f71e2f2c7db22 Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 17:23:15 +0100 Subject: [PATCH 3/8] feat(auth): add user model --- app/Models/.gitkeep | 0 app/Models/User.php | 47 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) delete mode 100644 app/Models/.gitkeep create mode 100644 app/Models/User.php diff --git a/app/Models/.gitkeep b/app/Models/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/app/Models/User.php b/app/Models/User.php new file mode 100644 index 000000000..513481ef3 --- /dev/null +++ b/app/Models/User.php @@ -0,0 +1,47 @@ + */ + use HasFactory; + + /** + * The attributes that should be hidden for serialization. + * + * @var list + */ + protected $hidden = [ + 'password', + 'remember_token', + ]; + + /** + * Get the attributes that should be cast. + * + * @return array + */ + protected function casts(): array + { + return [ + 'email_verified_at' => 'datetime', + 'password' => 'hashed', + ]; + } +} From 5e4eae13ae6cd229136fe43fd619f056c8d58e84 Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 17:24:01 +0100 Subject: [PATCH 4/8] test(auth): add UserFactory for testing --- database/factories/.gitkeep | 0 database/factories/UserFactory.php | 42 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) delete mode 100644 database/factories/.gitkeep create mode 100644 database/factories/UserFactory.php diff --git a/database/factories/.gitkeep b/database/factories/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php new file mode 100644 index 000000000..0383a7e03 --- /dev/null +++ b/database/factories/UserFactory.php @@ -0,0 +1,42 @@ + + */ +final class UserFactory extends Factory +{ + /** + * The current password being used by the factory. + */ + private static string $password; + + /** + * Define the model's default state. + */ + public function definition(): array + { + return [ + 'name' => fake()->name(), + 'email' => fake()->unique()->safeEmail(), + 'email_verified_at' => now(), + 'password' => self::$password ??= Hash::make('password'), + ]; + } + + /** + * Indicate that the model's email address should be unverified. + */ + public function unverified(): static + { + return $this->state(fn (array $attributes): array => [ + 'email_verified_at' => null, + ]); + } +} From 285c6dd10aa9de5efec7fab4d48e16a6e8047446 Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 15:44:56 +0100 Subject: [PATCH 5/8] chore(config): expire password reset tokens after 10min --- config/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/auth.php b/config/auth.php index 57130512d..b23fa2b71 100644 --- a/config/auth.php +++ b/config/auth.php @@ -90,7 +90,7 @@ return [ 'users' => [ 'provider' => 'users', 'table' => env('AUTH_PASSWORD_RESET_TOKEN_TABLE', 'password_reset_tokens'), - 'expire' => 60, + 'expire' => 10, 'throttle' => 60, ], ], From f8a02e16056837416fa1da27c158b1c68f735d8c Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 17:28:09 +0100 Subject: [PATCH 6/8] test: improve ArchTest for models - remove toOnlyUse() from model ArchTest as it is too strict in some cases - ignore scopes as they do not have to extend Model::class --- tests/ArchTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ArchTest.php b/tests/ArchTest.php index 1223c741f..6b23cd499 100644 --- a/tests/ArchTest.php +++ b/tests/ArchTest.php @@ -192,8 +192,8 @@ arch('Models') ->expect('App\Models') ->toBeClasses() ->toExtend(\Illuminate\Database\Eloquent\Model::class) + ->ignoring('App\Models\Scopes') ->not->toUseTrait(\Illuminate\Database\Eloquent\SoftDeletes::class) - ->toOnlyUse('Illuminate\Database') ->toHaveLineCountLessThan(250) ->not->toHaveSuffix('Model'); From 95b2809e849c60cda141b72c9ded0e86574f8789 Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 17:29:25 +0100 Subject: [PATCH 7/8] docs: replace "from" with "previously" in changelog --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b76317344..d59fa9c59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,13 +16,13 @@ All notable changes to this project will be documented in this file. ### Changed -- Upgraded all Composer and Node dependencies, most notably: PHP to 8.5 (from 8.4), TailwindCSS to v4.0 (from v3) and Laravel to v12 (from v10) +- Upgraded all Composer and Node dependencies, most notably: PHP to 8.5 (previously 8.4), TailwindCSS to v4.0 (previously v3) and Laravel to v12 (previously v10) - **Docker:** - - Upgraded all Docker dependencies, most notably: Postgres to v18 (from v15) and Redis to v8 (from v7) + - Upgraded all Docker dependencies, most notably: Postgres to v18 (previously v15) and Redis to v8 (previously v7) - - **Laravel Configurations:** - Changed hashing algorithm from `bcrypt` to `argon2id` for enhanced security - - Use Redis for sessions and expire inactive sessions after 24h + - Use Redis for sessions and expire inactive sessions after 24h (previously 14 days) - Encrypt user sessions data - Redirect Laravel logs to `stderr` so they can be viewed in docker logs - Configured production logging to rotate automatically and keep only the last 10 days of logs to reduce disk usage From dd5219f4746e8add58904a27812e3ad92b701407 Mon Sep 17 00:00:00 2001 From: peaklabs-dev <122374094+peaklabs-dev@users.noreply.github.com> Date: Wed, 10 Dec 2025 17:52:09 +0100 Subject: [PATCH 8/8] docs: add v5.x-chore/configure-auth changes to changelog --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d59fa9c59..785c3cd3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ All notable changes to this project will be documented in this file. - Changed hashing algorithm from `bcrypt` to `argon2id` for enhanced security - Use Redis for sessions and expire inactive sessions after 24h (previously 14 days) - Encrypt user sessions data + - Expire password reset tokens after 10 minutes (previously 60 minutes) - Redirect Laravel logs to `stderr` so they can be viewed in docker logs - Configured production logging to rotate automatically and keep only the last 10 days of logs to reduce disk usage - Changed production log level from `debug` to `warning` to reduce disk usage and avoid logging sensitive information @@ -87,7 +88,8 @@ All notable changes to this project will be documented in this file. ### Refactored -- Completely refactored all database migrations for a cleaner, more consistent and optimized schema +- Completely refactored all database migrations for a cleaner, more consistent and stable database schema +- Completely refactored all database models ## Issues