4.7.0 Release

Author: samuelwei

.github/workflows/ci.yml

@@ -17,6 +17,15 @@ jobs:
     runs-on: ubuntu-latest
 
     services:
+      redis:
+        image: redis
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6379
       postgres:
         image: postgres
         env:
@@ -108,6 +117,8 @@ jobs:
           DB_DATABASE: test
           DB_USERNAME: root
           DB_PASSWORD: password
+          REDIS_HOST: 127.0.0.1
+          REDIS_PORT: ${{ job.services.redis.ports[6379] }}
           LOG_CHANNEL: stack
         run: php artisan test --parallel --testsuite=Unit,Feature --coverage-clover=coverage.xml
       - name: Execute tests (Unit, Feature and Integration tests) via PHPUnit
@@ -118,6 +129,8 @@ jobs:
           DB_DATABASE: test
           DB_USERNAME: root
           DB_PASSWORD: password
+          REDIS_HOST: 127.0.0.1
+          REDIS_PORT: ${{ job.services.redis.ports[6379] }}
           LOG_CHANNEL: stack
           BBB_TEST_SERVER_HOST: ${{ secrets.BBB_TEST_SERVER_HOST }}
           BBB_TEST_SERVER_SECRET: ${{ secrets.BBB_TEST_SERVER_SECRET }}
@@ -132,6 +145,8 @@ jobs:
           DB_DATABASE: test
           DB_USERNAME: user
           DB_PASSWORD: password
+          REDIS_HOST: 127.0.0.1
+          REDIS_PORT: ${{ job.services.redis.ports[6379] }}
           LOG_CHANNEL: stack
         run: php artisan test --parallel --testsuite=Unit,Feature
       - name: Upload coverage
@@ -311,6 +326,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name: Fetch develop branch
+        if: github.ref != 'refs/heads/develop'
+        run: git fetch origin develop:develop
       - name: Download artifact
         uses: actions/download-artifact@v4
         with:
@@ -351,6 +369,8 @@ jobs:
           NODE_OPTIONS: "--experimental-require-module"
           HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }}
           HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }}
+          HAPPO_DELETE_OLD_COMMENTS: true
+          BASE_BRANCH: origin/develop
           CYPRESS_PROJECT_ID: ${{ env.CYPRESS_PROJECT_ID }}
           CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

CHANGELOG.md

@@ -7,6 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v4.7.0] - 2025-07-21
+
+### Added
+
+- Show meeting ended reason ([#2223])
+- Show BBB join errors ([#2223])
+- Pass color-scheme preference to BigBlueButton ([#2153], [#2154])
+- Metrics endpoint (`/metrics`) ([#2165])
+- Virus Scanning using ClamAV for all file uploads ([#77], [#1133])
+
+### Fixed
+
+- Logout session_expired warning message style ([68abce8](https://github.com/THM-Health/PILOS/commit/68abce87bcd241db3261a448cf53e430bd639e28))
+- Show unavailable room types in create room dialog ([#2265], [#2279])
+- Show unavailable room types in change room type dialog ([#2265], [#2279])
+- Infinite loading when navigating back after logout redirect due to bfcache ([#2282])
+
 ## [v4.6.1] - 2025-06-16
 
 ### Fixed
@@ -354,6 +371,7 @@ You can find the changelog for older versions there [here](https://github.com/TH
 
 [#31]: https://github.com/THM-Health/PILOS/issues/31
 [#75]: https://github.com/THM-Health/PILOS/issues/75
+[#77]: https://github.com/THM-Health/PILOS/issues/77
 [#315]: https://github.com/THM-Health/PILOS/issues/315
 [#372]: https://github.com/THM-Health/PILOS/issues/372
 [#373]: https://github.com/THM-Health/PILOS/pull/373
@@ -401,6 +419,7 @@ You can find the changelog for older versions there [here](https://github.com/TH
 [#1102]: https://github.com/THM-Health/PILOS/pull/1102
 [#1120]: https://github.com/THM-Health/PILOS/pull/1120
 [#1126]: https://github.com/THM-Health/PILOS/pull/1126
+[#1133]: https://github.com/THM-Health/PILOS/pull/1133
 [#1150]: https://github.com/THM-Health/PILOS/issues/1150
 [#1159]: https://github.com/THM-Health/PILOS/pull/1159
 [#1166]: https://github.com/THM-Health/PILOS/pull/1166
@@ -495,8 +514,15 @@ You can find the changelog for older versions there [here](https://github.com/TH
 [#2134]: https://github.com/THM-Health/PILOS/pull/2134
 [#2150]: https://github.com/THM-Health/PILOS/pull/2150
 [#2151]: https://github.com/THM-Health/PILOS/pull/2151
+[#2153]: https://github.com/THM-Health/PILOS/issues/2153
+[#2154]: https://github.com/THM-Health/PILOS/pull/2154
+[#2165]: https://github.com/THM-Health/PILOS/pull/2165
 [#2222]: https://github.com/THM-Health/PILOS/pull/2222
-[unreleased]: https://github.com/THM-Health/PILOS/compare/v4.6.1...develop
+[#2223]: https://github.com/THM-Health/PILOS/pull/2223
+[#2265]: https://github.com/THM-Health/PILOS/issues/2265
+[#2279]: https://github.com/THM-Health/PILOS/pull/2279
+[#2282]: https://github.com/THM-Health/PILOS/pull/2282
+[unreleased]: https://github.com/THM-Health/PILOS/compare/v4.7.0...develop
 [v3.0.0]: https://github.com/THM-Health/PILOS/releases/tag/v3.0.0
 [v3.0.1]: https://github.com/THM-Health/PILOS/releases/tag/v3.0.1
 [v3.0.2]: https://github.com/THM-Health/PILOS/releases/tag/v3.0.2
@@ -512,3 +538,4 @@ You can find the changelog for older versions there [here](https://github.com/TH
 [v4.5.0]: https://github.com/THM-Health/PILOS/releases/tag/v4.5.0
 [v4.6.0]: https://github.com/THM-Health/PILOS/releases/tag/v4.6.0
 [v4.6.1]: https://github.com/THM-Health/PILOS/releases/tag/v4.6.1
+[v4.7.0]: https://github.com/THM-Health/PILOS/releases/tag/v4.7.0

app/Auth/LDAP/LDAPController.php

@@ -4,6 +4,7 @@
 
 use App\Auth\MissingAttributeException;
 use App\Http\Controllers\Controller;
+use App\Prometheus\Counter;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@@ -59,6 +60,8 @@ public function login(Request $request)
             return $this->ldapLogin($request);
         } catch (MissingAttributeException $e) {
             // If an attribute is missing during the login process, return error
+            Counter::get('login_failed_total')->inc('ldap');
+
             return abort(500, __('auth.error.missing_attributes'));
         }
     }
@@ -72,6 +75,7 @@ public function login(Request $request)
     protected function authenticated(Request $request, $user)
     {
         // Log successful authentication
+        Counter::get('login_total')->inc('ldap');
         Log::info('External user {user} has been successfully authenticated.', ['user' => $user->getLogLabel(), 'type' => 'ldap']);
 
         // Update the last login timestamp

app/Auth/Shibboleth/ShibbolethController.php

@@ -4,6 +4,7 @@
 
 use App\Auth\MissingAttributeException;
 use App\Http\Controllers\Controller;
+use App\Prometheus\Counter;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Log;
 
@@ -46,12 +47,15 @@ public function callback(Request $request)
         try {
             $user = $this->provider->login($request);
         } catch (MissingAttributeException $e) {
+            Counter::get('login_failed_total')->inc('shibboleth');
+
             return redirect('/external_login?error=missing_attributes');
         } catch (ShibbolethSessionDuplicateException $e) {
             // Prevented login attempt with duplicate shibboleth session, redirect to logout to kill SP session
             return redirect($this->provider->logout(url('/external_login?error=shibboleth_session_duplicate_exception')));
         }
 
+        Counter::get('login_total')->inc('shibboleth');
         Log::info('External user {user} has been successfully authenticated.', ['user' => $user->getLogLabel(), 'type' => 'shibboleth']);
 
         // Update the last login timestamp

app/Console/Commands/ClearMetricsCommand.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Prometheus\CollectorRegistry;
+use Illuminate\Console\Command;
+
+class ClearMetricsCommand extends Command
+{
+    protected $signature = 'metrics:clear';
+
+    protected $description = 'Clear metric data';
+
+    public function handle(CollectorRegistry $registry): void
+    {
+        $registry->wipeStorage();
+        $this->info('Metrics cleared successfully.');
+    }
+}

app/Http/Controllers/MetricsController.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Prometheus\CollectorRegistry;
+use App\Providers\MetricsServiceProvider;
+use Prometheus\RenderTextFormat;
+
+class MetricsController extends Controller
+{
+    public function __invoke(CollectorRegistry $registry)
+    {
+        foreach (MetricsServiceProvider::$collectors as $collector) {
+            (new $collector)->collect();
+        }
+
+        $renderer = new RenderTextFormat;
+        $result = $renderer->render($registry->getMetricFamilySamples());
+
+        return response($result)
+            ->header('Content-Type', RenderTextFormat::MIME_TYPE);
+    }
+}

app/Http/Controllers/api/v1/auth/LoginController.php

@@ -4,6 +4,7 @@
 
 use App\Auth\Shibboleth\ShibbolethProvider;
 use App\Http\Controllers\Controller;
+use App\Prometheus\Counter;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Log;
@@ -57,6 +58,7 @@ protected function credentials(Request $request)
      */
     protected function authenticated(Request $request, $user)
     {
+        Counter::get('login_total')->inc('local');
         Log::info('Local user {user} has been successfully authenticated.', ['user' => $user->getLogLabel()]);
 
         // Update the last login timestamp

app/Http/Kernel.php

@@ -4,6 +4,7 @@
 
 use App\Http\Middleware\EnsureModelNotStale;
 use App\Http\Middleware\LogContext;
+use App\Http\Middleware\RequestMetricsMiddleware;
 use App\Http\Middleware\RoomAuthenticate;
 use App\Http\Middleware\RouteEnableIfConfig;
 use App\Http\Middleware\StoreSessionData;
@@ -20,13 +21,15 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $middleware = [
+        \Illuminate\Foundation\Http\Middleware\InvokeDeferredCallbacks::class,
         \App\Http\Middleware\TrustHosts::class,
         \App\Http\Middleware\TrustProxies::class,
         \Illuminate\Http\Middleware\HandleCors::class,
         \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+        RequestMetricsMiddleware::class,
     ];
 
     /**

app/Http/Middleware/RequestMetricsMiddleware.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Prometheus\Counter;
+use App\Prometheus\Summary;
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Str;
+
+class RequestMetricsMiddleware
+{
+    public function handle(Request $request, Closure $next)
+    {
+        return $next($request);
+    }
+
+    public function terminate(Request $request, $response)
+    {
+        // If metrics are disabled, skip the whole collection
+        if (! config('metrics.enabled')) {
+            return;
+        }
+
+        $startTime = defined('LARAVEL_START') ? LARAVEL_START : $request->server('REQUEST_TIME_FLOAT');
+
+        $route = $request->route()?->uri() ?? 'unknown';
+
+        if (config('metrics.collectors.request_duration_seconds.enabled') && ! in_array($route, config('metrics.collectors.request_duration_seconds.exclude_routes'))) {
+            $duration = microtime(true) - $startTime;
+            Summary::get('request_duration_seconds')->observe($duration);
+        }
+
+        if (config('metrics.collectors.request_memory_bytes.enabled') && ! in_array($route, config('metrics.collectors.request_memory_bytes.exclude_routes'))) {
+            $memoryUsage = memory_get_peak_usage(true);
+            Summary::get('request_memory_bytes')->observe($memoryUsage);
+        }
+
+        if (config('metrics.collectors.request_total.enabled') && ! in_array($route, config('metrics.collectors.request_total.exclude_routes'))) {
+            $status = $response->getStatusCode();
+            Counter::get('request_total')->inc([Str::of($status)->charAt(0).'xx']);
+        }
+    }
+}

app/Http/Middleware/RoomAuthenticate.php

@@ -4,6 +4,7 @@
 
 use App\Models\Room;
 use App\Models\RoomToken;
+use App\Prometheus\Counter;
 use App\Services\RoomAuthService;
 use Closure;
 use Illuminate\Support\Facades\Auth;
@@ -47,6 +48,7 @@ public function handle($request, Closure $next, $allowUnAuthenticated = false)
             $token = RoomToken::where('token', $request->header('Token'))->where('room_id', $room->id)->first();
 
             if ($token == null) {
+                Counter::get('room_authentication_errors_total')->inc('token');
                 Log::notice('Room token authentication failed for room {room}', ['room' => $room->getLogLabel()]);
                 abort(401, 'invalid_token');
             }
@@ -58,6 +60,8 @@ public function handle($request, Closure $next, $allowUnAuthenticated = false)
 
         // user is not authenticated and room is not allowed for guests
         if (! $room->getRoomSetting('allow_guests') && ! $authenticated && ! Auth::user()) {
+            Counter::get('room_authentication_errors_total')->inc('guest_access');
+
             Log::notice('Room guest access failed for room {room}', ['room' => $room->getLogLabel()]);
 
             abort(403, 'guests_not_allowed');
@@ -84,6 +88,7 @@ public function handle($request, Closure $next, $allowUnAuthenticated = false)
             if (is_numeric($accessCode) && $room->access_code == $accessCode) {
                 $authenticated = true;
             } else {
+                Counter::get('room_authentication_errors_total')->inc('access_code_invalid');
                 Log::notice('Room access code authentication failed for room {room}', ['room' => $room->getLogLabel()]);
 
                 // Increment counter for failed access code attempts