Merge pull request #354 from dshoreman/laravel-upgrade

Upgrades from Laravel 6.x to 8.x

.env.example

@@ -7,12 +7,14 @@ APP_REGISTRATION=false
 DB_PASSWORD=vagrant
 
 LOG_CHANNEL=stack
+LOG_LEVEL=debug
 
-MAIL_DRIVER=smtp
+MAIL_MAILER=smtp
 MAIL_HOST=smtp.mailtrap.io
 MAIL_PORT=2525
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
 
 PASSPORT_CLIENT_ID=
 PASSPORT_CLIENT_SECRET=

app/Console/Commands/Version.php

@@ -16,7 +16,7 @@ class Version extends Command
     /**
      * The console command description.
      *
-     * @var string
+     * @var ?string
      */
     protected $description = 'Print the current version of Servidor.';
 

app/Exceptions/Handler.php

@@ -2,9 +2,7 @@
 
 namespace Servidor\Exceptions;
 
-use Exception;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
-use Symfony\Component\HttpFoundation\Response;
 
 class Handler extends ExceptionHandler
 {
@@ -19,32 +17,11 @@ class Handler extends ExceptionHandler
     /**
      * A list of the inputs that are never flashed for validation exceptions.
      *
-     * @var array
+     * @var string[]
      */
     protected $dontFlash = [
+        'current_password',
         'password',
         'password_confirmation',
     ];
-
-    /**
-     * Report or log an exception.
-     *
-     * @throws Exception
-     */
-    public function report(Exception $exception): void
-    {
-        parent::report($exception);
-    }
-
-    /**
-     * Render an exception into an HTTP response.
-     *
-     * @param \Illuminate\Http\Request $request
-     *
-     * @throws Exception
-     */
-    public function render($request, Exception $e): Response
-    {
-        return parent::render($request, $e);
-    }
 }

app/Http/Controllers/Auth/RegisterController.php

@@ -27,9 +27,9 @@ public function __construct()
     protected function validator(array $data): ValidatorContract
     {
         return Validator::make($data, [
-            'name' => 'required|string|max:255',
-            'email' => 'required|string|email|max:255|unique:users',
-            'password' => 'required|string|min:8|confirmed',
+            'name' => ['required', 'string', 'max:255'],
+            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
+            'password' => ['required', 'string', 'min:8', 'confirmed'],
         ]);
     }
 

app/Http/Kernel.php

@@ -15,7 +15,8 @@ class Kernel extends HttpKernel
      */
     protected $middleware = [
         \Servidor\Http\Middleware\TrustProxies::class,
-        \Servidor\Http\Middleware\CheckForMaintenanceMode::class,
+        \Fruitcake\Cors\HandleCors::class,
+        \Servidor\Http\Middleware\PreventRequestsDuringMaintenance::class,
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \Servidor\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
@@ -38,7 +39,7 @@ class Kernel extends HttpKernel
         ],
 
         'api' => [
-            'throttle:60,1',
+            'throttle:api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
     ];
@@ -53,7 +54,6 @@ class Kernel extends HttpKernel
     protected $routeMiddleware = [
         'auth' => \Servidor\Http\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
         'can' => \Illuminate\Auth\Middleware\Authorize::class,
         'guest' => \Servidor\Http\Middleware\RedirectIfAuthenticated::class,
@@ -63,21 +63,4 @@ class Kernel extends HttpKernel
         'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
     ];
-
-    /**
-     * The priority-sorted list of middleware.
-     *
-     * This forces non-global middleware to always be in the given order.
-     *
-     * @var array
-     */
-    protected $middlewarePriority = [
-        \Illuminate\Session\Middleware\StartSession::class,
-        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \Servidor\Http\Middleware\Authenticate::class,
-        \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        \Illuminate\Session\Middleware\AuthenticateSession::class,
-        \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        \Illuminate\Auth\Middleware\Authorize::class,
-    ];
 }

app/Http/Middleware/Authenticate.php

@@ -13,10 +13,12 @@ class Authenticate extends Middleware
      *
      * @param \Illuminate\Http\Request $request @unused-param
      *
-     * @return string|null
+     * @return string|void
      */
     protected function redirectTo($request)
     {
-        return '/login';
+        if (!$request->expectsJson()) {
+            return route('login');
+        }
     }
 }

app/Http/Middleware/CheckForMaintenanceMode.php → app/Http/Middleware/PreventRequestsDuringMaintenance.php

@@ -2,9 +2,9 @@
 
 namespace Servidor\Http\Middleware;
 
-use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode as Middleware;
+use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance as Middleware;
 
-class CheckForMaintenanceMode extends Middleware
+class PreventRequestsDuringMaintenance extends Middleware
 {
     /**
      * The URIs that should be reachable while maintenance mode is enabled.

app/Http/Middleware/RedirectIfAuthenticated.php

@@ -3,23 +3,25 @@
 namespace Servidor\Http\Middleware;
 
 use Closure;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Servidor\Providers\RouteServiceProvider;
 
 class RedirectIfAuthenticated
 {
     /**
-     * Handle an incoming request.
-     *
-     * @param \Illuminate\Http\Request $request
-     * @param string|null              $guard
+     * Redirect authed users to home for guest-only routes.
      *
      * @return mixed
      */
-    public function handle($request, Closure $next, $guard = null)
+    public function handle(Request $request, Closure $next, ?string ...$guards)
     {
-        if (Auth::guard($guard)->check()) {
-            return redirect(RouteServiceProvider::HOME);
+        $guards = empty($guards) ? [null] : $guards;
+
+        foreach ($guards as $guard) {
+            if (Auth::guard($guard)->check()) {
+                return redirect(RouteServiceProvider::HOME);
+            }
         }
 
         return $next($request);

app/Http/Middleware/TrustProxies.php

@@ -10,14 +10,16 @@ class TrustProxies extends Middleware
     /**
      * The trusted proxies for this application.
      *
-     * @var array|string
+     * @var array|string|null
      */
     protected $proxies = [];
 
     /**
      * The headers that should be used to detect proxies.
      *
-     * @var int
+     * @var int|string|null
      */
-    protected $headers = Request::HEADER_X_FORWARDED_ALL;
+    protected $headers = Request::HEADER_X_FORWARDED_FOR
+        | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT
+        | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB;
 }

app/Http/Middleware/VerifyCsrfToken.php

@@ -6,13 +6,6 @@
 
 class VerifyCsrfToken extends Middleware
 {
-    /**
-     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
-     *
-     * @var bool
-     */
-    protected $addHttpCookie = true;
-
     /**
      * The URIs that should be excluded from CSRF verification.
      *

app/Providers/RouteServiceProvider.php

@@ -2,20 +2,14 @@
 
 namespace Servidor\Providers;
 
+use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Facades\Route;
 
 class RouteServiceProvider extends ServiceProvider
 {
-    /**
-     * This namespace is applied to your controller routes.
-     *
-     * In addition, it is set as the URL generator's root namespace.
-     *
-     * @var string
-     */
-    protected $namespace = 'Servidor\Http\Controllers';
-
     /**
      * The path to the "home" route for your application.
      *
@@ -28,41 +22,30 @@ class RouteServiceProvider extends ServiceProvider
      */
     public function boot(): void
     {
-        parent::boot();
-    }
+        $this->configureRateLimiting();
 
-    /**
-     * Define the routes for the application.
-     */
-    public function map(): void
-    {
-        $this->mapApiRoutes();
+        $this->routes(function (): void {
+            Route::prefix('api')
+                ->middleware('api')
+                ->group(base_path('routes/api.php'));
 
-        $this->mapWebRoutes();
+            Route::middleware('web')
+                ->group(base_path('routes/web.php'));
+        });
     }
 
     /**
-     * Define the "web" routes for the application.
-     *
-     * These routes all receive session state, CSRF protection, etc.
+     * Configure the rate limiters for the application.
      */
-    protected function mapWebRoutes(): void
+    protected function configureRateLimiting(): void
     {
-        Route::middleware('web')
-             ->namespace($this->namespace)
-             ->group(base_path('routes/web.php'));
-    }
+        RateLimiter::for('api', function (Request $request) {
+            /** @var ?\Servidor\User */
+            $user = $request->user();
 
-    /**
-     * Define the "api" routes for the application.
-     *
-     * These routes are typically stateless.
-     */
-    protected function mapApiRoutes(): void
-    {
-        Route::prefix('api')
-             ->middleware('api')
-             ->namespace($this->namespace)
-             ->group(base_path('routes/api.php'));
+            $identifier = $user && $user->id ? $user->id : $request->ip();
+
+            return Limit::perMinute(60)->by((string) $identifier);
+        });
     }
 }

app/User.php

@@ -4,6 +4,7 @@
 
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\DatabaseNotification as Notification;
 use Illuminate\Notifications\DatabaseNotificationCollection as Notifications;
@@ -44,12 +45,13 @@
 class User extends Authenticatable
 {
     use HasApiTokens;
+    use HasFactory;
     use Notifiable;
 
     /**
      * The attributes that are mass assignable.
      *
-     * @var array
+     * @var string[]
      */
     protected $fillable = [
         'name', 'email', 'password',
@@ -63,4 +65,13 @@ class User extends Authenticatable
     protected $hidden = [
         'password', 'remember_token',
     ];
+
+    /**
+     * The attributes that should be cast to native types.
+     *
+     * @var array
+     */
+    protected $casts = [
+        'email_verified_at' => 'datetime',
+    ];
 }

bootstrap/app.php

@@ -16,7 +16,7 @@
 */
 
 $app = new Illuminate\Foundation\Application(
-    (string) realpath(__DIR__ . '/../')
+    (string) dirname(__DIR__)
 );
 
 /*

build/phan/config.php

@@ -6,12 +6,8 @@
  * This configuration file was automatically generated by 'phan --init --init-level=1'
  *
  * TODOs (added by 'phan --init'):
- *
- * - Go through this file and verify that there are no missing/unnecessary files/directories.
- *   (E.g. this only includes direct composer dependencies - You may have to manually add indirect composer dependencies to 'directory_list')
- * - Look at 'plugins' and add or remove plugins if appropriate (see https://github.com/phan/phan/tree/v4/.phan/plugins#plugins)
- * - Add global suppressions for pre-existing issues to suppress_issue_types (https://github.com/phan/phan/wiki/Tutorial-for-Analyzing-a-Large-Sloppy-Code-Base)
- *   - Consider setting up a baseline if there are a large number of pre-existing issues (see `phan --extended-help`)
+ * - Look at 'plugins' and add or remove plugins if appropriate
+ *   - See https://github.com/phan/phan/tree/v4/.phan/plugins#plugins
  *
  * This configuration will be read and overlaid on top of the
  * default configuration. Command line arguments will be applied
@@ -348,13 +344,15 @@
     'directory_list' => [
         'app',
         'database/factories',
-        'database/seeds',
+        'database/seeders',
         'vendor/doctrine/dbal/lib/Doctrine/DBAL',
         'vendor/fakerphp/faker/src/Faker',
         'vendor/fideloper/proxy/src',
+        'vendor/fruitcake/laravel-cors/src',
         'vendor/guzzlehttp/guzzle/src',
         'vendor/laravel/framework/src/Illuminate',
         'vendor/laravel/passport/src',
+        'vendor/laravel/ui/auth-backend',
         'vendor/psr/http-message/src',
         'vendor/symfony/finder',
         'vendor/symfony/http-foundation',

build/phpstan/config.neon

@@ -5,6 +5,3 @@ parameters:
   paths:
     - ../../app
     - ../../tests
-  ignoreErrors:
-    - message: '#Function factory invoked with 1 parameter, 0 required.#'
-      path: '../../tests/RequiresAuth.php'