feat: harden tenant settings and import pipeline

2025-09-25 11:50:18 +02:00
parent b22d91ed32
commit 9248d7a3f5
29 changed files with 577 additions and 293 deletions
--- a/app/Http/Controllers/Api/Tenant/SettingsController.php
+++ b/app/Http/Controllers/Api/Tenant/SettingsController.php
@@ -5,21 +5,18 @@ namespace App\Http\Controllers\Api\Tenant;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\Tenant\SettingsStoreRequest;
 use App\Models\Tenant;
-use Illuminate\Http\Request;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;

 class SettingsController extends Controller
 {
    /**
     * Get the tenant's settings.
-     *
-     * @param Request $request
-     * @return JsonResponse
     */
    public function index(Request $request): JsonResponse
    {
        $tenant = $request->tenant;
-        
+
        return response()->json([
            'message' => 'Settings erfolgreich abgerufen.',
            'data' => [
@@ -32,20 +29,14 @@ class SettingsController extends Controller

    /**
     * Update the tenant's settings.
-     *
-     * @param SettingsStoreRequest $request
-     * @return JsonResponse
     */
    public function update(SettingsStoreRequest $request): JsonResponse
    {
        $tenant = $request->tenant;
-        
-        // Merge new settings with existing ones
-        $currentSettings = $tenant->settings ?? [];
-        $newSettings = array_merge($currentSettings, $request->validated()['settings']);
-        
+        $settings = $request->validated()['settings'];
+
        $tenant->update([
-            'settings' => $newSettings,
+            'settings' => $settings,
            'settings_updated_at' => now(),
        ]);

@@ -53,7 +44,7 @@ class SettingsController extends Controller
            'message' => 'Settings erfolgreich aktualisiert.',
            'data' => [
                'id' => $tenant->id,
-                'settings' => $newSettings,
+                'settings' => $settings,
                'updated_at' => now()->toISOString(),
            ],
        ]);
@@ -61,14 +52,11 @@ class SettingsController extends Controller

    /**
     * Reset tenant settings to defaults.
-     *
-     * @param Request $request
-     * @return JsonResponse
     */
    public function reset(Request $request): JsonResponse
    {
        $tenant = $request->tenant;
-        
+
        $defaultSettings = [
            'branding' => [
                'logo_url' => null,
@@ -93,7 +81,7 @@ class SettingsController extends Controller
        ]);

        return response()->json([
-            'message' => 'Settings auf Standardwerte zurückgesetzt.',
+            'message' => 'Settings auf Standardwerte zurueckgesetzt.',
            'data' => [
                'id' => $tenant->id,
                'settings' => $defaultSettings,
@@ -104,32 +92,34 @@ class SettingsController extends Controller

    /**
     * Validate custom domain availability.
-     *
-     * @param Request $request
-     * @return JsonResponse
     */
    public function validateDomain(Request $request): JsonResponse
    {
        $domain = $request->input('domain');
-        
-        if (!$domain) {
+
+        if (! $domain) {
            return response()->json(['error' => 'Domain ist erforderlich.'], 400);
        }

-        // Simple validation - in production, check DNS records or database uniqueness
-        if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]\.[a-zA-Z]{2,}$/', $domain)) {
+        if (! $this->isValidDomain($domain)) {
            return response()->json([
                'available' => false,
-                'message' => 'Ungültiges Domain-Format.',
+                'message' => 'Ungueltiges Domain-Format.',
            ]);
        }

-        // Check if domain is already taken by another tenant
-        $taken = Tenant::where('custom_domain', $domain)->where('id', '!=', $request->tenant->id)->exists();
+        $taken = Tenant::where('custom_domain', $domain)
+            ->where('id', '!=', $request->tenant->id)
+            ->exists();

        return response()->json([
-            'available' => !$taken,
-            'message' => $taken ? 'Domain ist bereits vergeben.' : 'Domain ist verfügbar.',
+            'available' => ! $taken,
+            'message' => $taken ? 'Domain ist bereits vergeben.' : 'Domain ist verfuegbar.',
        ]);
    }
-}
+
+    private function isValidDomain(string $domain): bool
+    {
+        return filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) !== false;
+    }
+}
--- a/app/Http/Middleware/TenantTokenGuard.php
+++ b/app/Http/Middleware/TenantTokenGuard.php
@@ -70,8 +70,12 @@ class TenantTokenGuard
        Auth::setUser($principal);
        $request->setUserResolver(fn () => $principal);

-        $request->merge(['tenant_id' => $tenant->id]);
+        $request->merge([
+            'tenant_id' => $tenant->id,
+            'tenant' => $tenant,
+        ]);
        $request->attributes->set('tenant_id', $tenant->id);
+        $request->attributes->set('tenant', $tenant);
        $request->attributes->set('decoded_token', $decoded);

        return $next($request);
--- a/app/Http/Requests/Settings/ProfileUpdateRequest.php
+++ b/app/Http/Requests/Settings/ProfileUpdateRequest.php
@@ -50,10 +50,15 @@ class ProfileUpdateRequest extends FormRequest
            ],

            'preferred_locale' => [
-                'required',
+                'nullable',
                'string',
                Rule::in($supportedLocales),
            ],
        ];
    }
 }
+
+
+
+
+
--- a/app/Http/Requests/Tenant/SettingsStoreRequest.php
+++ b/app/Http/Requests/Tenant/SettingsStoreRequest.php
@@ -33,7 +33,7 @@ class SettingsStoreRequest extends FormRequest
            'settings.features.event_checklist' => ['nullable', 'boolean'],
            'settings.features.custom_domain' => ['nullable', 'boolean'],
            'settings.features.advanced_analytics' => ['nullable', 'boolean'],
-            'settings.custom_domain' => ['nullable', 'string', 'max:255', 'regex:/^[a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9]\.[a-zA-Z]{2,}$/'],
+            'settings.custom_domain' => ['nullable', 'string', 'max:255', 'regex:/^(?!-)(?:[a-zA-Z0-9-]{1,63}\.)+[a-zA-Z]{2,}$/'],
            'settings.contact_email' => ['nullable', 'email', 'max:255'],
            'settings.event_default_type' => ['nullable', 'string', 'max:50'],
        ];
@@ -46,11 +46,11 @@ class SettingsStoreRequest extends FormRequest
    {
        return [
            'settings.required' => 'Settings-Daten sind erforderlich.',
-            'settings.branding.logo_url.url' => 'Die Logo-URL muss eine gültige URL sein.',
-            'settings.branding.primary_color.regex' => 'Die Primärfarbe muss ein gültiges Hex-Format (#RRGGBB) haben.',
-            'settings.branding.secondary_color.regex' => 'Die Sekundärfarbe muss ein gültiges Hex-Format (#RRGGBB) haben.',
-            'settings.custom_domain.regex' => 'Das Custom Domain muss ein gültiges Domain-Format haben.',
-            'settings.contact_email.email' => 'Die Kontakt-E-Mail muss eine gültige E-Mail-Adresse sein.',
+            'settings.branding.logo_url.url' => 'Die Logo-URL muss eine gOltige URL sein.',
+            'settings.branding.primary_color.regex' => 'Die Prim??rfarbe muss ein gOltiges Hex-Format (#RRGGBB) haben.',
+            'settings.branding.secondary_color.regex' => 'Die Sekund??rfarbe muss ein gOltiges Hex-Format (#RRGGBB) haben.',
+            'settings.custom_domain.regex' => 'Das Custom Domain muss ein gOltiges Domain-Format haben.',
+            'settings.contact_email.email' => 'Die Kontakt-E-Mail muss eine gOltige E-Mail-Adresse sein.',
        ];
    }

@@ -63,4 +63,5 @@ class SettingsStoreRequest extends FormRequest
            'settings' => $this->input('settings', []),
        ]);
    }
-}
+}
+
--- a/app/Http/Resources/Tenant/TaskResource.php
+++ b/app/Http/Resources/Tenant/TaskResource.php
@@ -2,7 +2,6 @@

 namespace App\Http\Resources\Tenant;

-use App\Http\Resources\Tenant\EventResource;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\JsonResource;

@@ -15,28 +14,27 @@ class TaskResource extends JsonResource
     */
    public function toArray(Request $request): array
    {
+        $assignedEventsCount = $this->relationLoaded('assignedEvents')
+            ? $this->assignedEvents->count()
+            : $this->assignedEvents()->count();
+
        return [
            'id' => $this->id,
+            'tenant_id' => $this->tenant_id,
            'title' => $this->title,
            'description' => $this->description,
            'priority' => $this->priority,
            'due_date' => $this->due_date?->toISOString(),
-            'is_completed' => $this->is_completed,
+            'is_completed' => (bool) $this->is_completed,
            'collection_id' => $this->collection_id,
-            'assigned_events_count' => $this->assignedEvents()->count(),
-            // TaskCollectionResource wird später implementiert
-            // 'collection' => $this->whenLoaded('taskCollection', function () {
-            //     return new TaskCollectionResource($this->taskCollection);
-            // }),
-            'assigned_events' => $this->whenLoaded('assignedEvents', function () {
-                return EventResource::collection($this->assignedEvents);
-            }),
-            // UserResource wird später implementiert
-            // 'assigned_to' => $this->whenLoaded('assignedTo', function () {
-            //     return new UserResource($this->assignedTo);
-            // }),
-            'created_at' => $this->created_at->toISOString(),
-            'updated_at' => $this->updated_at->toISOString(),
+            'assigned_events_count' => $assignedEventsCount,
+            'assigned_events' => $this->whenLoaded(
+                'assignedEvents',
+                fn () => EventResource::collection($this->assignedEvents)
+            ),
+            'created_at' => $this->created_at?->toISOString(),
+            'updated_at' => $this->updated_at?->toISOString(),
        ];
    }
-}
+}
+