Showing AI reviews for avriti-backend
Project AI Score ?
59%
Quality Avg ?
64%
Security Avg ?
45%
Reviews ?
57

Review Result ?

jattin01/avriti-backend · fb5faca9
This commit introduces authentication and user management features including registration, login, logout, password reset, and admin contact management. Code quality is generally good with proper validation and API responses. However, there is a critical security issue where the password is not hashed upon user creation, which may lead to compromised accounts. The password reset flow is implemented but may risk token handling practices. The AdminContactController lacks authorization checks which could allow unauthorized operations. The commit message is very brief and non-descriptive.
Quality ?
75%
Security ?
50%
Business Value ?
80%
Maintainability ?
75%
Issues & Suggested Fixes ?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Password Is Assigned Directly Without Hash...
Where app/Http/Controllers/Api/CustomerAuthController.php:29
Issue / Evidence password is assigned directly without hashing
Suggested Fix hash passwords before storing to improve security
Ensure Password Attribute Is Cast To 'Hash...
Where app/Models/Customer.php:18
Issue / Evidence ensure password attribute is cast to 'hashed'
Suggested Fix verify the casting is effective for new password assignments
Security Issue
Where app/Http/Controllers/AdminContactController.php:15
Issue / Evidence no authorization checks on destroy method
Suggested Fix add authorization to prevent unauthorized contact deletions
Insufficient Detail
Where commit message
Issue / Evidence insufficient detail
Suggested Fix provide detailed commit message describing added features and security considerations
Returning Plaintext Password Reset Token I...
Where app/Http/Controllers/Api/CustomerAuthController.php:94
Issue / Evidence returning plaintext password reset token in response
Suggested Fix avoid exposing reset tokens to clients to improve security
Code Change Preview · app/Http/Controllers/AdminContactController.php ?
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers;
+ 
+ use App\Models\Contact;
+ 
+ class AdminContactController extends Controller
+ {
+     public function index()
+     {
+         $contacts = Contact::latest()->get();
+         return view('admin.contacts', compact('contacts'));
+     }
+ 
+     public function destroy(Contact $contact)
+     {
+         $contact->delete();
+         return redirect()->route('contacts.index')->with('success', 'Contact deleted successfully.');
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers\Api;
+ 
+ use App\Http\Controllers\Controller;
+ use App\Models\Customer;
+ use Illuminate\Http\JsonResponse;
+ use Illuminate\Http\Request;
+ use Illuminate\Support\Facades\DB;
+ use Illuminate\Support\Facades\Hash;
+ use Illuminate\Support\Str;
+ use Illuminate\Validation\ValidationException;
+ 
+ class CustomerAuthController extends Controller
+ {
+    public function register(Request $request): JsonResponse
+ {
+     $request->validate([
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Models;
+ 
+ use Illuminate\Foundation\Auth\User as Authenticatable;
+ use Laravel\Sanctum\HasApiTokens;
+ 
+ class Customer extends Authenticatable
+ {
+     use HasApiTokens;
+ 
+    protected $fillable = ['full_name', 'email', 'phone', 'password'];
+ 
+     protected $hidden = ['password'];
+ 
+     protected function casts(): array
+     {
+         return ['password' => 'hashed'];
Removed / Before Commit
- <?php
- 
- use App\Models\User;
- 
- return [
- 'driver' => 'session',
- 'provider' => 'users',
- ],
- ],
- 
- /*
- 'driver' => 'eloquent',
- 'model' => env('AUTH_MODEL', User::class),
- ],
- 
- // 'users' => [
- //     'driver' => 'database',
Added / After Commit
+ <?php
+ 
+ use App\Models\Customer;
+ use App\Models\User;
+ 
+ return [
+ 'driver' => 'session',
+ 'provider' => 'users',
+ ],
+         'customer' => [
+             'driver' => 'sanctum',
+             'provider' => 'customers',
+         ],
+ ],
+ 
+ /*
+ 'driver' => 'eloquent',
+ 'model' => env('AUTH_MODEL', User::class),
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Cookie\Middleware\EncryptCookies;
+ use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
+ use Laravel\Sanctum\Http\Middleware\AuthenticateSession;
+ use Laravel\Sanctum\Sanctum;
+ 
+ return [
+ 
+     /*
+     |--------------------------------------------------------------------------
+     | Stateful Domains
+     |--------------------------------------------------------------------------
+     |
+     | Requests from the following domains / hosts will receive stateful API
+     | authentication cookies. Typically, these should include your local
+     | and production domains which access your API via a frontend SPA.
+     |
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('customers', function (Blueprint $table) {
+             $table->id();
+             $table->string('email')->unique();
+             $table->string('password');
+             $table->timestamps();
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('customer_password_resets', function (Blueprint $table) {
+             $table->string('email')->index();
+             $table->string('token');
+             $table->timestamp('created_at')->nullable();
+         });
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::table('customers', function (Blueprint $table) {
+             //
+              $table->string('full_name')->after('id');
+             $table->string('phone')->nullable()->after('full_name');
+         });
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('cart_items', function (Blueprint $table) {
+             $table->id();
+              $table->foreignId('customer_id')->constrained()->onDelete('cascade');
+             $table->foreignId('product_id')->constrained()->onDelete('cascade');
+             $table->string('attribute_name')->nullable();
Removed / Before Commit

                                                
Added / After Commit
+ @extends('layouts.app')
+ 
+ @section('title', 'Contacts | Avriti Dashboard')
+ @section('content')
+ 
+ <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between">
+   <div>
+     <h1 class="text-2xl font-semibold text-[#0b3dba]">Contacts</h1>
+   </div>
+ </div>
+ 
+ @if (session('success'))
+   <div data-auto-hide-alert class="mb-6 rounded-2xl border border-emerald-200 bg-emerald-50 px-4 py-3 text-sm font-semibold text-emerald-700 transition-opacity duration-500">
+     {{ session('success') }}
+   </div>
+ @endif
+ 
+ <div class="overflow-hidden rounded-[32px] bg-white shadow-sm">
Removed / Before Commit
- <i class="fa-solid fa-hand-sparkles"></i>
- Services Page
- </a>
- </div>
- </div>
- 
- </nav>
- </aside>
- \ No newline at end of file
Added / After Commit
+ <i class="fa-solid fa-hand-sparkles"></i>
+ Services Page
+ </a>
+         <a href="{{ route('contacts.index') }}" class="flex items-center gap-3 px-3 py-2.5 rounded-xl {{ request()->routeIs('contacts.*') ? $activeClass : $inactiveClass }}">
+       <i class="fa-solid fa-envelope"></i>
+       Contacts
+     </a>
+ </div>
+ </div>
+ 
+     
+ 
+ </nav>
+ </aside>
+ \ No newline at end of file
Removed / Before Commit
- <?php
- 
- use App\Http\Controllers\AuthController;
- use Illuminate\Support\Facades\Route;
- use App\Http\Controllers\Api\ProductCategoryController;
- use App\Http\Controllers\Api\ProductTypeController;
- Route::get('/faqs', [FaqController::class, 'index']);
- Route::get('/home', [HomeController::class, 'index']);
- Route::get('/services', [ServiceController::class, 'index']);
- Route::post('/contact', [ContactController::class, 'store']);
- \ No newline at end of file
- \ No newline at end of file
Added / After Commit
+ <?php
+ 
+ use App\Http\Controllers\AuthController;
+ use App\Http\Controllers\Api\CustomerAuthController;
+ use Illuminate\Support\Facades\Route;
+ use App\Http\Controllers\Api\ProductCategoryController;
+ use App\Http\Controllers\Api\ProductTypeController;
+ Route::get('/faqs', [FaqController::class, 'index']);
+ Route::get('/home', [HomeController::class, 'index']);
+ Route::get('/services', [ServiceController::class, 'index']);
+ \ No newline at end of file
+ Route::post('/contact', [ContactController::class, 'store']);
+ 
+ Route::prefix('customer')->group(function () {
+     Route::post('/register', [CustomerAuthController::class, 'register']);
+     Route::post('/login', [CustomerAuthController::class, 'login']);
+     Route::post('/forgot-password', [CustomerAuthController::class, 'forgotPassword']);
+     Route::post('/reset-password', [CustomerAuthController::class, 'resetPassword']);
Removed / Before Commit
- use App\Http\Controllers\AdminAboutController;
- use App\Http\Controllers\AdminHomeController;
- use App\Http\Controllers\AdminFaqController;
- use App\Http\Controllers\AdminServiceController;
- use Illuminate\Support\Facades\Route;
- 
- Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update');
- Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index');
- Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update');
- Route::get('/service-page', [AdminServiceController::class, 'index'])->name('service-page.index');
- Route::put('/service-page', [AdminServiceController::class, 'update'])->name('service-page.update');
- Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
Added / After Commit
+ use App\Http\Controllers\AdminAboutController;
+ use App\Http\Controllers\AdminHomeController;
+ use App\Http\Controllers\AdminFaqController;
+ use App\Http\Controllers\AdminContactController;
+ use App\Http\Controllers\AdminServiceController;
+ use Illuminate\Support\Facades\Route;
+ 
+ Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update');
+ Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index');
+ Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update');
+     Route::get('/contacts', [AdminContactController::class, 'index'])->name('contacts.index');
+     Route::delete('/contacts/{contact}', [AdminContactController::class, 'destroy'])->name('contacts.destroy');
+ Route::get('/service-page', [AdminServiceController::class, 'index'])->name('service-page.index');
+ Route::put('/service-page', [AdminServiceController::class, 'update'])->name('service-page.update');
+ Route::post('/logout', [AuthController::class, 'logout'])->name('logout');