klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
547215cbe86f5acd66239145c22858eba36eff16
SkinbaseNova/app/Http/Requests/Uploads/UploadFinishRequest.php
Gregor Klevze dc51d65440 feat: forum rich-text editor, emoji picker, mentions, discover nav, feed, uploads, profile 
Forum:
- TipTap WYSIWYG editor with full toolbar
- @emoji-mart/react emoji picker (consistent with tweets)
- @mention autocomplete with user search API
- Fix PHP 8.4 parse errors in Blade templates
- Fix thread data display (paginator items)
- Align forum page widths to max-w-5xl

Discover:
- Extract shared _nav.blade.php partial
- Add missing nav links to for-you page
- Add Following link for authenticated users

Feed/Posts:
- Post model, controllers, policies, migrations
- Feed page components (PostComposer, FeedCard, etc)
- Post reactions, comments, saves, reports, sharing
- Scheduled publishing support
- Link preview controller

Profile:
- Profile page components (ProfileHero, ProfileTabs)
- Profile API controller

Uploads:
- Upload wizard enhancements
- Scheduled publish picker
- Studio status bar and readiness checklist
2026-03-03 09:48:31 +01:00

110 lines
3.2 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Http\Requests\Uploads;
use App\Models\Artwork;
use App\Repositories\Uploads\UploadSessionRepository;
use App\Services\Uploads\UploadTokenService;
use Illuminate\Foundation\Http\FormRequest;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
final class UploadFinishRequest extends FormRequest
{
private ?Artwork $artwork = null;
public function authorize(): bool
{
$user = $this->user();
if (! $user) {
$this->logUnauthorized('missing_user');
$this->denyAsNotFound();
}
$sessionId = (string) $this->input('session_id');
if ($sessionId === '') {
$this->logUnauthorized('missing_session_id');
$this->denyAsNotFound();
}
$sessions = $this->container->make(UploadSessionRepository::class);
$session = $sessions->get($sessionId);
if (! $session || $session->userId !== $user->id) {
$this->logUnauthorized('not_owned_or_missing');
$this->denyAsNotFound();
}
$token = $this->header('X-Upload-Token') ?: $this->input('upload_token');
if ($token) {
$tokens = $this->container->make(UploadTokenService::class);
$payload = $tokens->get((string) $token);
if (! $payload) {
$this->logUnauthorized('invalid_token');
$this->denyAsNotFound();
}
if (($payload['session_id'] ?? null) !== $sessionId) {
$this->logUnauthorized('token_session_mismatch');
$this->denyAsNotFound();
}
if ((int) ($payload['user_id'] ?? 0) !== (int) $user->id) {
$this->logUnauthorized('token_user_mismatch');
$this->denyAsNotFound();
}
}
$artworkId = (int) $this->input('artwork_id');
if ($artworkId <= 0) {
$this->logUnauthorized('missing_artwork_id');
$this->denyAsNotFound();
}
$artwork = Artwork::query()->find($artworkId);
if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
$this->logUnauthorized('artwork_not_owned_or_missing');
$this->denyAsNotFound();
}
$this->artwork = $artwork;
return true;
}
public function rules(): array
{
return [
'session_id' => 'required|uuid',
'artwork_id' => 'required|integer',
'upload_token' => 'nullable|string|min:40|max:200',
'file_name' => 'nullable|string|max:255',
];
}
public function artwork(): Artwork
{
if (! $this->artwork) {
$this->denyAsNotFound();
}
return $this->artwork;
}
private function denyAsNotFound(): void
{
throw new NotFoundHttpException();
}
private function logUnauthorized(string $reason): void
{
logger()->warning('Upload finish unauthorized access', [
'reason' => $reason,
'session_id' => (string) $this->input('session_id'),
'artwork_id' => $this->input('artwork_id'),
'user_id' => $this->user()?->id,
'ip' => $this->ip(),
]);
}
}
Reference in New Issue View Git Blame Copy Permalink