AI Review Center
Commit Review Workspace ?
Select a commit on the left to inspect quality, security, business value, findings, and suggested code changes.
Project AI Score
?
59%
Quality Avg
?
64%
Security Avg
?
45%
Reviews
?
57
Review Result ?
jattin01/avriti-backend · fb5faca9
This commit introduces authentication and user management features including registration, login, logout, password reset, and admin contact management. Code quality is generally good with proper validation and API responses. However, there is a critical security issue where the password is not hashed upon user creation, which may lead to compromised accounts. The password reset flow is implemented but may risk token handling practices. The AdminContactController lacks authorization checks which could allow unauthorized operations. The commit message is very brief and non-descriptive.
Quality
?
75%
Security
?
50%
Business Value
?
80%
Maintainability
?
75%
Issues & Suggested Fixes
?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Password Is Assigned Directly Without Hash...
Where
app/Http/Controllers/Api/CustomerAuthController.php:29
Issue / Evidence
password is assigned directly without hashing
Suggested Fix
hash passwords before storing to improve security
Ensure Password Attribute Is Cast To 'Hash...
Where
app/Models/Customer.php:18
Issue / Evidence
ensure password attribute is cast to 'hashed'
Suggested Fix
verify the casting is effective for new password assignments
Security Issue
Where
app/Http/Controllers/AdminContactController.php:15
Issue / Evidence
no authorization checks on destroy method
Suggested Fix
add authorization to prevent unauthorized contact deletions
Insufficient Detail
Where
commit message
Issue / Evidence
insufficient detail
Suggested Fix
provide detailed commit message describing added features and security considerations
Returning Plaintext Password Reset Token I...
Where
app/Http/Controllers/Api/CustomerAuthController.php:94
Issue / Evidence
returning plaintext password reset token in response
Suggested Fix
avoid exposing reset tokens to clients to improve security
Code Change Preview · app/Http/Controllers/AdminContactController.php
?
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers; + + use App\Models\Contact; + + class AdminContactController extends Controller + { + public function index() + { + $contacts = Contact::latest()->get(); + return view('admin.contacts', compact('contacts')); + } + + public function destroy(Contact $contact) + { + $contact->delete(); + return redirect()->route('contacts.index')->with('success', 'Contact deleted successfully.');
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers\Api; + + use App\Http\Controllers\Controller; + use App\Models\Customer; + use Illuminate\Http\JsonResponse; + use Illuminate\Http\Request; + use Illuminate\Support\Facades\DB; + use Illuminate\Support\Facades\Hash; + use Illuminate\Support\Str; + use Illuminate\Validation\ValidationException; + + class CustomerAuthController extends Controller + { + public function register(Request $request): JsonResponse + { + $request->validate([
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Models; + + use Illuminate\Foundation\Auth\User as Authenticatable; + use Laravel\Sanctum\HasApiTokens; + + class Customer extends Authenticatable + { + use HasApiTokens; + + protected $fillable = ['full_name', 'email', 'phone', 'password']; + + protected $hidden = ['password']; + + protected function casts(): array + { + return ['password' => 'hashed'];
Removed / Before Commit
- <?php - - use App\Models\User; - - return [ - 'driver' => 'session', - 'provider' => 'users', - ], - ], - - /* - 'driver' => 'eloquent', - 'model' => env('AUTH_MODEL', User::class), - ], - - // 'users' => [ - // 'driver' => 'database',
Added / After Commit
+ <?php + + use App\Models\Customer; + use App\Models\User; + + return [ + 'driver' => 'session', + 'provider' => 'users', + ], + 'customer' => [ + 'driver' => 'sanctum', + 'provider' => 'customers', + ], + ], + + /* + 'driver' => 'eloquent', + 'model' => env('AUTH_MODEL', User::class),
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Cookie\Middleware\EncryptCookies; + use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken; + use Laravel\Sanctum\Http\Middleware\AuthenticateSession; + use Laravel\Sanctum\Sanctum; + + return [ + + /* + |-------------------------------------------------------------------------- + | Stateful Domains + |-------------------------------------------------------------------------- + | + | Requests from the following domains / hosts will receive stateful API + | authentication cookies. Typically, these should include your local + | and production domains which access your API via a frontend SPA. + |
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('customers', function (Blueprint $table) { + $table->id(); + $table->string('email')->unique(); + $table->string('password'); + $table->timestamps();
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('customer_password_resets', function (Blueprint $table) { + $table->string('email')->index(); + $table->string('token'); + $table->timestamp('created_at')->nullable(); + });
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::table('customers', function (Blueprint $table) { + // + $table->string('full_name')->after('id'); + $table->string('phone')->nullable()->after('full_name'); + });
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('cart_items', function (Blueprint $table) { + $table->id(); + $table->foreignId('customer_id')->constrained()->onDelete('cascade'); + $table->foreignId('product_id')->constrained()->onDelete('cascade'); + $table->string('attribute_name')->nullable();
Removed / Before Commit
Added / After Commit
+ @extends('layouts.app') + + @section('title', 'Contacts | Avriti Dashboard') + @section('content') + + <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between"> + <div> + <h1 class="text-2xl font-semibold text-[#0b3dba]">Contacts</h1> + </div> + </div> + + @if (session('success')) + <div data-auto-hide-alert class="mb-6 rounded-2xl border border-emerald-200 bg-emerald-50 px-4 py-3 text-sm font-semibold text-emerald-700 transition-opacity duration-500"> + {{ session('success') }} + </div> + @endif + + <div class="overflow-hidden rounded-[32px] bg-white shadow-sm">
Removed / Before Commit
- <i class="fa-solid fa-hand-sparkles"></i> - Services Page - </a> - </div> - </div> - - </nav> - </aside> - \ No newline at end of file
Added / After Commit
+ <i class="fa-solid fa-hand-sparkles"></i> + Services Page + </a> + <a href="{{ route('contacts.index') }}" class="flex items-center gap-3 px-3 py-2.5 rounded-xl {{ request()->routeIs('contacts.*') ? $activeClass : $inactiveClass }}"> + <i class="fa-solid fa-envelope"></i> + Contacts + </a> + </div> + </div> + + + + </nav> + </aside> + \ No newline at end of file
Removed / Before Commit
- <?php - - use App\Http\Controllers\AuthController; - use Illuminate\Support\Facades\Route; - use App\Http\Controllers\Api\ProductCategoryController; - use App\Http\Controllers\Api\ProductTypeController; - Route::get('/faqs', [FaqController::class, 'index']); - Route::get('/home', [HomeController::class, 'index']); - Route::get('/services', [ServiceController::class, 'index']); - Route::post('/contact', [ContactController::class, 'store']); - \ No newline at end of file - \ No newline at end of file
Added / After Commit
+ <?php + + use App\Http\Controllers\AuthController; + use App\Http\Controllers\Api\CustomerAuthController; + use Illuminate\Support\Facades\Route; + use App\Http\Controllers\Api\ProductCategoryController; + use App\Http\Controllers\Api\ProductTypeController; + Route::get('/faqs', [FaqController::class, 'index']); + Route::get('/home', [HomeController::class, 'index']); + Route::get('/services', [ServiceController::class, 'index']); + \ No newline at end of file + Route::post('/contact', [ContactController::class, 'store']); + + Route::prefix('customer')->group(function () { + Route::post('/register', [CustomerAuthController::class, 'register']); + Route::post('/login', [CustomerAuthController::class, 'login']); + Route::post('/forgot-password', [CustomerAuthController::class, 'forgotPassword']); + Route::post('/reset-password', [CustomerAuthController::class, 'resetPassword']);
Removed / Before Commit
- use App\Http\Controllers\AdminAboutController; - use App\Http\Controllers\AdminHomeController; - use App\Http\Controllers\AdminFaqController; - use App\Http\Controllers\AdminServiceController; - use Illuminate\Support\Facades\Route; - - Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update'); - Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index'); - Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update'); - Route::get('/service-page', [AdminServiceController::class, 'index'])->name('service-page.index'); - Route::put('/service-page', [AdminServiceController::class, 'update'])->name('service-page.update'); - Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
Added / After Commit
+ use App\Http\Controllers\AdminAboutController; + use App\Http\Controllers\AdminHomeController; + use App\Http\Controllers\AdminFaqController; + use App\Http\Controllers\AdminContactController; + use App\Http\Controllers\AdminServiceController; + use Illuminate\Support\Facades\Route; + + Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update'); + Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index'); + Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update'); + Route::get('/contacts', [AdminContactController::class, 'index'])->name('contacts.index'); + Route::delete('/contacts/{contact}', [AdminContactController::class, 'destroy'])->name('contacts.destroy'); + Route::get('/service-page', [AdminServiceController::class, 'index'])->name('service-page.index'); + Route::put('/service-page', [AdminServiceController::class, 'update'])->name('service-page.update'); + Route::post('/logout', [AuthController::class, 'logout'])->name('logout');