Merge pull request #153 from fleetbase/dev-v1.6.13

roncodes · web-flow · commit 0f9c4e7813d5 · 2025-08-09T16:30:59.000+08:00
v1.6.13 - Configurable throttle
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "fleetbase/core-api",
-    "version": "1.6.12",
+    "version": "1.6.13",
     "description": "Core Framework and Resources for Fleetbase API",
     "keywords": [
         "fleetbase",
@@ -21,6 +21,7 @@
         "php": "^8.0",
         "aws/aws-sdk-php-laravel": "^3.7",
         "fleetbase/laravel-mysql-spatial": "^1.0.2",
+        "fleetbase/countries": "^0.8.3",
         "fleetbase/twilio": "^5.0.1",
         "giggsey/libphonenumber-for-php": "^8.13",
         "google/apiclient": "^2.18",
@@ -44,7 +45,6 @@
         "maatwebsite/excel": "^3.1",
         "phpoffice/phpspreadsheet": "^1.28",
         "phrity/websocket": "^1.7",
-        "pragmarx/countries": "^0.8.2",
         "sentry/sentry-laravel": "*",
         "spatie/laravel-activitylog": "^4.7",
         "spatie/laravel-google-cloud-storage": "^2.2",
diff --git a/config/api.php b/config/api.php
@@ -1,3 +1,8 @@
 <?php
 
-return [];
+return [
+    'throttle' => [
+        'max_attempts' => env('THROTTLE_REQUESTS_PER_MINUTE', 120),
+        'decay_minutes' => env('THROTTLE_DECAY_MINUTES', 1),
+    ],
+];
diff --git a/src/Expansions/Route.php b/src/Expansions/Route.php
@@ -4,8 +4,11 @@
 
 use Closure;
 use Fleetbase\Build\Expansion;
+use Fleetbase\Http\Controllers\Internal\v1\AuthController;
+use Fleetbase\Http\Middleware\ThrottleRequests;
 use Fleetbase\Routing\RESTRegistrar;
 use Illuminate\Routing\PendingResourceRegistration;
+use Illuminate\Routing\Router;
 use Illuminate\Support\Str;
 
 class Route implements Expansion
@@ -37,7 +40,7 @@ public function fleetbaseRestRoutes()
          * @return PendingResourceRegistration
          */
         return function (string $name, $controller = null, $options = [], ?\Closure $callback = null) {
-            /** @var \Illuminate\Routing\Router $this */
+            /** @var Router $this */
             if (is_callable($controller) && $callback === null) {
                 $callback   = $controller;
                 $controller = null;
@@ -65,7 +68,7 @@ public function fleetbaseRestRoutes()
     public function fleetbaseRoutes()
     {
         return function (string $name, callable|array|null $registerFn = null, $options = [], $controller = null) {
-            /** @var \Illuminate\Routing\Router $this */
+            /** @var Router $this */
             if (is_array($registerFn) && !empty($registerFn) && empty($options)) {
                 $options = $registerFn;
             }
@@ -112,50 +115,44 @@ function ($router) use ($registerFn, $make, $controller) {
         };
     }
 
-    public function fleetbaseAuthRoutes()
+    public function fleetbaseAuthRoutes(): \Closure
     {
-        return function (?callable $registerFn = null, ?callable $registerProtectedFn = null) {
-            /** @var \Illuminate\Routing\Router $this */
-            return $this->group(
-                ['prefix' => 'auth'],
-                function ($router) use ($registerFn, $registerProtectedFn) {
-                    $router->group(
-                        ['middleware' => ['throttle:10,1', \Spatie\ResponseCache\Middlewares\DoNotCacheResponse::class]],
-                        function ($router) use ($registerFn) {
-                            $router->post('login', 'AuthController@login');
-                            $router->post('sign-up', 'AuthController@signUp');
-                            $router->post('logout', 'AuthController@logout');
-                            $router->post('get-magic-reset-link', 'AuthController@createPasswordReset');
-                            $router->post('reset-password', 'AuthController@resetPassword');
-                            $router->post('create-verification-session', 'AuthController@createVerificationSession');
-                            $router->post('validate-verification-session', 'AuthController@validateVerificationSession');
-                            $router->post('send-verification-email', 'AuthController@sendVerificationEmail');
-                            $router->post('verify-email', 'AuthController@verifyEmail');
-                            $router->get('validate-verification', 'AuthController@validateVerificationCode');
-
-                            if (is_callable($registerFn)) {
-                                $registerFn($router);
-                            }
-                        }
-                    );
-
-                    $router->group(
-                        ['middleware' => ['fleetbase.protected', \Spatie\ResponseCache\Middlewares\DoNotCacheResponse::class]],
-                        function ($router) use ($registerProtectedFn) {
-                            $router->post('switch-organization', 'AuthController@switchOrganization');
-                            $router->post('join-organization', 'AuthController@joinOrganization');
-                            $router->post('create-organization', 'AuthController@createOrganization');
-                            $router->get('session', 'AuthController@session');
-                            $router->get('organizations', 'AuthController@getUserOrganizations');
-                            $router->get('services', 'AuthController@services');
-
-                            if (is_callable($registerProtectedFn)) {
-                                $registerProtectedFn($router);
-                            }
-                        }
-                    );
-                }
-            );
+        return function (?string $authControllerClass = null, ?callable $registerFn = null, ?callable $registerProtectedFn = null) {
+            $authControllerClass ??= AuthController::class;
+            /** @var Router $this */
+            $this->group(['prefix' => 'auth'], function (Router $router) use ($authControllerClass, $registerFn, $registerProtectedFn) {
+                // Public auth routes with throttle
+                $router->group(['middleware' => [ThrottleRequests::class]], function (Router $router) use ($authControllerClass, $registerFn) {
+                    $router->post('login', [$authControllerClass, 'login']);
+                    $router->post('sign-up', [$authControllerClass, 'signUp']);
+                    $router->post('logout', [$authControllerClass, 'logout']);
+                    $router->post('get-magic-reset-link', [$authControllerClass, 'createPasswordReset']);
+                    $router->post('reset-password', [$authControllerClass, 'resetPassword']);
+                    $router->post('create-verification-session', [$authControllerClass, 'createVerificationSession']);
+                    $router->post('validate-verification-session', [$authControllerClass, 'validateVerificationSession']);
+                    $router->post('send-verification-email', [$authControllerClass, 'sendVerificationEmail']);
+                    $router->post('verify-email', [$authControllerClass, 'verifyEmail']);
+                    $router->get('validate-verification', [$authControllerClass, 'validateVerificationCode']);
+
+                    if (is_callable($registerFn)) {
+                        $registerFn($router);
+                    }
+                });
+
+                // Protected auth routes
+                $router->group(['middleware' => ['fleetbase.protected']], function (Router $router) use ($authControllerClass, $registerProtectedFn) {
+                    $router->post('switch-organization', [$authControllerClass, 'switchOrganization']);
+                    $router->post('join-organization', [$authControllerClass, 'joinOrganization']);
+                    $router->post('create-organization', [$authControllerClass, 'createOrganization']);
+                    $router->get('session', [$authControllerClass, 'session']);
+                    $router->get('organizations', [$authControllerClass, 'getUserOrganizations']);
+                    $router->get('services', [$authControllerClass, 'services']);
+
+                    if (is_callable($registerProtectedFn)) {
+                        $registerProtectedFn($router);
+                    }
+                });
+            });
         };
     }
 
diff --git a/src/Http/Middleware/AdminGuard.php b/src/Http/Middleware/AdminGuard.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Fleetbase\Http\Middleware;
+
+use Fleetbase\Support\Auth;
+use Illuminate\Http\Request;
+
+class AdminGuard
+{
+    /**
+     * Handle an incoming request.
+     */
+    public function handle(Request $request, \Closure $next)
+    {
+        if (auth()->check()) {
+            /** @var \Fleetbase\Models\User $user */
+            $user = Auth::getUserFromSession($request);
+
+            if ($user->isAdmin()) {
+                return $next($request);
+            }
+        }
+
+        return response()->error('User is not authorized to access this resource.', 401);
+    }
+}
diff --git a/src/Http/Middleware/ThrottleRequests.php b/src/Http/Middleware/ThrottleRequests.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace Fleetbase\Http\Middleware;
+
+use Illuminate\Routing\Middleware\ThrottleRequests as ThrottleRequestsMiddleware;
+
+class ThrottleRequests extends ThrottleRequestsMiddleware
+{
+    public function handle($request, \Closure $next, $maxAttempts = null, $decayMinutes = null, $prefix = '')
+    {
+        $maxAttempts  = config('api.throttle.max_attempts', 90);
+        $decayMinutes = config('api.throttle.decay_minutes', 1);
+
+        return parent::handle($request, $next, $maxAttempts, $decayMinutes, $prefix);
+    }
+}
diff --git a/src/Notifications/UserForgotPassword.php b/src/Notifications/UserForgotPassword.php
@@ -28,10 +28,10 @@ class UserForgotPassword extends Notification implements ShouldQueue
      *
      * @return void
      */
-    public function __construct(?VerificationCode $verificationCode)
+    public function __construct(?VerificationCode $verificationCode, ?string $url = null)
     {
         $this->verificationCode = $verificationCode;
-        $this->url              = Utils::consoleUrl('auth/reset-password/' . $verificationCode->uuid, ['code' => $verificationCode->code]);
+        $this->url              = $url ?? Utils::consoleUrl('auth/reset-password/' . $verificationCode->uuid, ['code' => $verificationCode->code]);
     }
 
     /**
diff --git a/src/Providers/CoreServiceProvider.php b/src/Providers/CoreServiceProvider.php
@@ -57,7 +57,7 @@ class CoreServiceProvider extends ServiceProvider
             \Fleetbase\Http\Middleware\TrackPresence::class,
         ],
         'fleetbase.api' => [
-            'throttle:80,1',
+            \Fleetbase\Http\Middleware\ThrottleRequests::class,
             \Illuminate\Session\Middleware\StartSession::class,
             \Fleetbase\Http\Middleware\AuthenticateOnceWithBasicAuth::class,
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
diff --git a/src/Support/CacheHelper.php b/src/Support/CacheHelper.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace Fleetbase\Support;
+
+use Illuminate\Cache\RedisStore;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Redis;
+
+class CacheHelper extends Cache
+{
+    /**
+     * Delete cache keys matching a given pattern.
+     *
+     * Works only when the cache driver is Redis.
+     * Uses SCAN for production safety instead of KEYS.
+     *
+     * @param string $pattern Pattern for matching keys (supports wildcards, e.g., "deployments:index:*").
+     *
+     * @return int number of keys deleted
+     */
+    public static function forgetByPattern(string $pattern): int
+    {
+        // Only works for Redis
+        if (Cache::getStore() instanceof RedisStore) {
+            $deletedCount = 0;
+            $cursor       = 0;
+
+            do {
+                [$cursor, $keys] = Redis::scan($cursor, [
+                    'match' => $pattern,
+                    'count' => 100,
+                ]);
+
+                if (!empty($keys)) {
+                    $deletedCount += Redis::del(...$keys);
+                }
+            } while ($cursor != 0);
+
+            return $deletedCount;
+        }
+
+        // Fallback: throw error for unsupported drivers
+        throw new \RuntimeException('forgetByPattern only works with Redis cache store.');
+    }
+}
diff --git a/src/Traits/DisablesSoftDeletes.php b/src/Traits/DisablesSoftDeletes.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace Fleetbase\Traits;
+
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\SoftDeletingScope;
+
+trait DisablesSoftDeletes
+{
+    /**
+     * Override default delete behavior to always hard delete.
+     */
+    protected function performDeleteOnModel()
+    {
+        $this->forceDelete();
+    }
+
+    /**
+     * Remove the SoftDeletes global scope during model boot.
+     */
+    protected static function bootDisablesSoftDeletes()
+    {
+        static::addGlobalScope('disablesSoftDeletes', function (Builder $builder) {
+            $builder->withoutGlobalScope(SoftDeletingScope::class);
+        });
+    }
+
+    /**
+     * Disables soft delete scrop for all eloquent queries.
+     */
+    public function newEloquentBuilder($query)
+    {
+        return parent::newEloquentBuilder($query)->withoutGlobalScope(SoftDeletingScope::class);
+    }
+
+    /**
+     * Prevent the model from reporting as trashed.
+     */
+    public function trashed()
+    {
+        return false;
+    }
+
+    /**
+     * Prevent restore operations.
+     */
+    public function restore()
+    {
+        return $this;
+    }
+}
diff --git a/src/routes.php b/src/routes.php

Original file line number	Diff line number	Diff line change
`@@ -28,10 +28,10 @@ class UserForgotPassword extends Notification implements ShouldQueue`
`28`	`28`	`*`
`29`	`29`	`* @return void`
`30`	`30`	`*/`
`31`		`- public function __construct(?VerificationCode $verificationCode)`
	`31`	`+ public function __construct(?VerificationCode $verificationCode, ?string $url = null)`
`32`	`32`	`{`
`33`	`33`	`$this->verificationCode = $verificationCode;`
`34`		`- $this->url = Utils::consoleUrl('auth/reset-password/' . $verificationCode->uuid, ['code' => $verificationCode->code]);`
	`34`	`+ $this->url = $url ?? Utils::consoleUrl('auth/reset-password/' . $verificationCode->uuid, ['code' => $verificationCode->code]);`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`/**`