feat: add captcha-backed forum security hardening

2026-03-17 16:06:28 +01:00
parent 980a15f66e
commit b3fc889452
40 changed files with 2849 additions and 108 deletions
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -12,6 +12,11 @@ return Application::configure(basePath: dirname(__DIR__))
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware): void {
+        $middleware->validateCsrfTokens(except: [
+            'chat_post',
+            'chat_post/*',
+        ]);
+
        $middleware->web(append: [
            \App\Http\Middleware\HandleInertiaRequests::class,
            // Runs on every web request; no-ops for guests, redirects authenticated
@@ -23,6 +28,11 @@ return Application::configure(basePath: dirname(__DIR__))
            'admin.moderation'          => \App\Http\Middleware\EnsureAdminOrModerator::class,
            'creator.access'            => \App\Http\Middleware\EnsureCreatorAccess::class,
            'ensure.onboarding.complete'=> \App\Http\Middleware\EnsureOnboardingComplete::class,
+            'forum.ai.moderation'       => \App\Http\Middleware\ForumAIModerationMiddleware::class,
+            'forum.bot.protection'      => \App\Http\Middleware\ForumBotProtectionMiddleware::class,
+            'forum.spam.detection'      => \App\Http\Middleware\ForumSpamDetectionMiddleware::class,
+            'forum.security.firewall'   => \App\Http\Middleware\ForumSecurityFirewallMiddleware::class,
+            'forum.rate_limit'          => \App\Http\Middleware\ForumRateLimitMiddleware::class,
            'onboarding'                => \App\Http\Middleware\EnsureOnboardingComplete::class,
            'normalize.username'        => \App\Http\Middleware\NormalizeUsername::class,
        ]);