soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

implemented a lot of security measures

Browse Source
This commit is contained in:
Codex Agent
2025-12-09 20:29:32 +01:00
parent 4bdb93c171
commit 928d28fcaf
21 changed files with 953 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
resources/views/admin.blade.php
View File

@@ -23,19 +23,26 @@
]
: ['enabled' => false];
@endphp
<script>
<script nonce="{{ $cspNonce }}">
window.__MATOMO_ADMIN__ = {!! json_encode($matomoAdmin) !!};
</script>
<style nonce="{{ $cspStyleNonce }}">
#root { min-height: 100vh; }
.ns-admin-bg { background: #0b1224; color: #fff; }
.ns-btn-primary { color: #fff; text-decoration: none; background: #ec4899; }
.ns-btn-outline { color: #e5e7eb; text-decoration: none; border: 1px solid rgba(255,255,255,0.2); }
.ns-card-border { border: 1px solid rgba(255,255,255,0.12); background: rgba(255,255,255,0.05); }
</style>
</head>
<body>
@php
$noscriptLocale = in_array(app()->getLocale(), ['de', 'en'], true) ? app()->getLocale() : 'de';
@endphp
<noscript>
<style>
<style nonce="{{ $cspStyleNonce }}">
#root { display: none !important; }
</style>
<div class="min-h-screen bg-slate-950 text-white" style="background:#0b1224;color:#fff;">
<div class="min-h-screen bg-slate-950 text-white ns-admin-bg">
<div class="mx-auto flex max-w-4xl flex-col gap-10 px-6 py-14">
<header class="space-y-2">
<p class="text-xs font-semibold uppercase tracking-[0.2em] text-pink-300">Fotospiel Admin</p>
@@ -44,7 +51,7 @@
</header>
<section class="grid gap-4 sm:grid-cols-2">
<div class="rounded-2xl border border-white/10 bg-white/5 p-5 shadow-lg backdrop-blur" style="border:1px solid rgba(255,255,255,0.12);background:rgba(255,255,255,0.05);">
<div class="rounded-2xl border border-white/10 bg-white/5 p-5 shadow-lg backdrop-blur ns-card-border">
<h2 class="text-xl font-semibold text-white">Warum JS?</h2>
<ul class="mt-3 space-y-2 text-sm text-white/80">
<li> Echtzeit-Listen für Fotos, Tasks und Emotion-Tags</li>
@@ -53,7 +60,7 @@
<li> Sichere OAuth2-Session mit PKCE</li>
</ul>
</div>
<div class="rounded-2xl border border-white/10 bg-white/5 p-5 shadow-lg backdrop-blur" style="border:1px solid rgba(255,255,255,0.12);background:rgba(255,255,255,0.05);">
<div class="rounded-2xl border border-white/10 bg-white/5 p-5 shadow-lg backdrop-blur ns-card-border">
<h2 class="text-xl font-semibold text-white">Nächste Schritte</h2>
<ol class="mt-3 space-y-2 text-sm text-white/80">
<li>1) JavaScript im Browser aktivieren</li>
@@ -61,13 +68,13 @@
<li>3) Optional: Admin-App zum Homescreen hinzufügen</li>
</ol>
<div class="mt-4 flex flex-wrap gap-3">
<a href="{{ route('marketing.contact', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full bg-pink-500 px-4 py-2 text-sm font-semibold text-white shadow-lg transition hover:bg-pink-400" style="color:#fff;text-decoration:none;background:#ec4899;">
<a href="{{ route('marketing.contact', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full bg-pink-500 px-4 py-2 text-sm font-semibold text-white shadow-lg transition hover:bg-pink-400 ns-btn-primary">
Support kontaktieren
</a>
<a href="{{ route('impressum', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40" style="color:#e5e7eb;text-decoration:none;border:1px solid rgba(255,255,255,0.2);">
<a href="{{ route('impressum', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40 ns-btn-outline">
Impressum
</a>
<a href="{{ route('datenschutz', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40" style="color:#e5e7eb;text-decoration:none;border:1px solid rgba(255,255,255,0.2);">
<a href="{{ route('datenschutz', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40 ns-btn-outline">
Datenschutz
</a>
</div>

18
resources/views/guest.blade.php
View File

@@ -24,20 +24,26 @@
]
: ['enabled' => false];
@endphp
<script>
<script nonce="{{ $cspNonce }}">
window.__GUEST_RUNTIME_CONFIG__ = {!! json_encode($guestRuntimeConfig) !!};
window.__MATOMO_GUEST__ = {!! json_encode($matomoGuest) !!};
</script>
<style nonce="{{ $cspStyleNonce }}">
#root { min-height: 100vh; }
.ns-bg { background: linear-gradient(180deg,#0f172a 0%,#111827 50%,#0b1224 100%); color: #fff; }
.ns-btn-primary { color: #fff; text-decoration: none; background: #ec4899; }
.ns-btn-outline { color: #e5e7eb; text-decoration: none; border: 1px solid rgba(255,255,255,0.2); }
</style>
</head>
<body>
@php
$noscriptLocale = in_array(app()->getLocale(), ['de', 'en'], true) ? app()->getLocale() : 'de';
@endphp
<noscript>
<style>
<style nonce="{{ $cspStyleNonce }}">
#root { display: none !important; }
</style>
<div class="min-h-screen bg-gradient-to-b from-[#0f172a] via-[#111827] to-[#0b1224] text-white" style="background:linear-gradient(180deg,#0f172a 0%,#111827 50%,#0b1224 100%);color:#fff;">
<div class="min-h-screen bg-gradient-to-b from-[#0f172a] via-[#111827] to-[#0b1224] text-white ns-bg">
<div class="mx-auto flex max-w-5xl flex-col gap-12 px-6 py-14">
<header class="space-y-3 text-center">
<p class="text-sm font-semibold uppercase tracking-[0.18em] text-pink-300">Fotospiel</p>
@@ -65,13 +71,13 @@
<li>3) Optional: Füge die App deinem Homescreen hinzu</li>
</ol>
<div class="mt-4 flex flex-wrap gap-3">
<a href="{{ route('marketing.contact', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full bg-pink-500 px-4 py-2 text-sm font-semibold text-white shadow-lg transition hover:bg-pink-400" style="color:#fff;text-decoration:none;background:#ec4899;">
<a href="{{ route('marketing.contact', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full bg-pink-500 px-4 py-2 text-sm font-semibold text-white shadow-lg transition hover:bg-pink-400 ns-btn-primary">
Support kontaktieren
</a>
<a href="{{ route('impressum', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40" style="color:#e5e7eb;text-decoration:none;border:1px solid rgba(255,255,255,0.2);">
<a href="{{ route('impressum', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40 ns-btn-outline">
Impressum
</a>
<a href="{{ route('datenschutz', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40" style="color:#e5e7eb;text-decoration:none;border:1px solid rgba(255,255,255,0.2);">
<a href="{{ route('datenschutz', ['locale' => $noscriptLocale]) }}" class="inline-flex items-center justify-center rounded-full border border-white/20 px-4 py-2 text-sm font-semibold text-white/80 transition hover:border-white/40 ns-btn-outline">
Datenschutz
</a>
</div>