Showing AI reviews for avriti-backend
Project AI Score ?
59%
Quality Avg ?
64%
Security Avg ?
45%
Reviews ?
57

Review Result ?

jattin01/avriti-backend · d1b69641
The commit adds API endpoints and UI for customer profile management, including viewing and updating profiles and profile images, as well as database migrations to support profile images. Validation is in place for input fields and images. The code well integrates server-side validation and database updates. However, some security improvements can be made especially related to image upload handling and consistent validation. There is moderate risk of bugs if file move operations fail or if inconsistent paths arise due to migration updates. The commit message is very minimal and should be more descriptive.
Quality ?
80%
Security ?
70%
Business Value ?
85%
Maintainability ?
78%
Issues & Suggested Fixes ?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
File Upload Handling Might Fail Silently
Where app/Http/Controllers/Api/CustomerProfileController.php:58
Issue / Evidence file upload handling might fail silently
Suggested Fix add error handling after file->move()
Storing Images Under Public/Profile Img Co...
Where app/Http/Controllers/Api/CustomerProfileController.php:52
Issue / Evidence storing images under public/profile_img could expose files
Suggested Fix consider storing outside public or ensure files are sanitized to prevent executable uploads
Missing Validation
Where app/Http/Controllers/Api/CustomerProfileController.php:27-34
Issue / Evidence validation omitted additional security constraints for phone and email input
Suggested Fix consider stricter sanitization and normalization
Missing Validation
Where app/Http/Controllers/Api/CustomerProfileController.php:48
Issue / Evidence validate image size limit and types
Suggested Fix consider additional checks on image content or virus scanning for uploaded files
Very Minimal And Lacking Detail
Where commit message
Issue / Evidence very minimal and lacking detail
Suggested Fix expand commit message to describe what 'profile api working' encompasses, including new features, fixes, and migrations to improve business and quality confidence
Code Change Preview · app/Http/Controllers/AdminCustomerController.php ?
Removed / Before Commit
- return view('admin.customers', compact('customers'));
- }
- 
- public function destroy(Customer $customer): RedirectResponse
- {
- $customer->delete();
Added / After Commit
+ return view('admin.customers', compact('customers'));
+ }
+ 
+     public function edit(Customer $customer): View
+     {
+         return view('admin.customer-edit', compact('customer'));
+     }
+ 
+     public function update(Request $request, Customer $customer): RedirectResponse
+     {
+         $validated = $request->validate([
+             'full_name' => ['required', 'string', 'max:150'],
+             'phone' => ['required', 'string', 'max:20'],
+         ]);
+ 
+         $customer->update($validated);
+ 
+         return redirect()
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers\Api;
+ 
+ use App\Http\Controllers\Controller;
+ use App\Models\Order;
+ use Illuminate\Http\JsonResponse;
+ use Illuminate\Http\Request;
+ use Illuminate\Support\Facades\File;
+ use Illuminate\Validation\Rule;
+ 
+ class CustomerProfileController extends Controller
+ {
+     public function show(Request $request): JsonResponse
+     {
+         return response()->json([
+             'success' => true,
+             'data' => $this->profileData($request),
Removed / Before Commit
- {
- use HasApiTokens;
- 
-    protected $fillable = ['full_name', 'email', 'phone', 'password'];
- 
- protected $hidden = ['password'];
Added / After Commit
+ {
+ use HasApiTokens;
+ 
+    protected $fillable = ['full_name', 'email', 'phone', 'profile_img', 'password'];
+ 
+ protected $hidden = ['password'];
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     public function up(): void
+     {
+         Schema::table('customers', function (Blueprint $table) {
+             $table->string('profile_img')->nullable()->after('phone');
+         });
+     }
+ 
+     public function down(): void
+     {
+         Schema::table('customers', function (Blueprint $table) {
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Support\Facades\DB;
+ 
+ return new class extends Migration
+ {
+     public function up(): void
+     {
+         DB::statement("UPDATE customers SET profile_img = REPLACE(profile_img, 'profile/', 'profile_img/') WHERE profile_img IS NOT NULL");
+     }
+ 
+     public function down(): void
+     {
+         DB::statement("UPDATE customers SET profile_img = REPLACE(profile_img, 'profile_img/', 'profile/') WHERE profile_img IS NOT NULL");
+     }
+ };
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ require dirname(__DIR__) . '/index.php';
Removed / Before Commit

                                                
Added / After Commit
+ @extends('layouts.app')
+ 
+ @section('title', 'Edit Customer | Avriti Dashboard')
+ @section('content')
+ 
+ <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between">
+   <div>
+     <h1 class="text-2xl font-semibold text-[#0b3dba]">Edit Customer</h1>
+     <p class="mt-2 text-sm text-gray-500">Update account information.</p>
+   </div>
+   <a href="{{ route('customers.index') }}" class="inline-flex h-11 items-center justify-center rounded-full border border-gray-200 bg-white px-5 text-sm font-semibold text-gray-600 shadow-sm transition hover:bg-gray-50">
+     Back
+   </a>
+ </div>
+ 
+ @php
+   $displayName = old('full_name', $customer->full_name) ?: 'Customer';
+ @endphp
Removed / Before Commit
- </thead>
- <tbody class="divide-y divide-gray-100 text-sm [&>tr:nth-child(even)]:bg-gray-100">
- @forelse ($customers as $customer)
- <tr class="hover:bg-blue-100 transition-colors">
- <td class="px-6 py-5 font-semibold text-gray-500">{{ $loop->iteration }}</td>
- <td class="px-6 py-5">
- <div class="flex items-center gap-3">
-                         <div class="border-2 border-[#0b3dba] w-[40px] h-[40px] rounded-full flex items-center justify-center bg-[#eef4ff] text-[#0b3dba] font-semibold text-sm">
-                           {{ strtoupper(substr($customer->full_name, 0, 1)) }}
-                         </div>
- <div>
- <p class="font-semibold text-gray-900">{{ $customer->full_name }}</p>
- <p class="text-xs text-gray-400">Customer</p>
- </td>
- <td class="px-6 py-5 text-gray-500">
- <div class="flex items-center gap-3">
- <button type="button" data-delete-action="{{ route('customers.destroy', $customer) }}" data-delete-name="{{ $customer->full_name }}" class="text-red-500 hover:text-red-600" aria-label="Delete {{ $customer->full_name }}"><i class="fa-solid fa-trash"></i></button>
- </div>
Added / After Commit
+ </thead>
+ <tbody class="divide-y divide-gray-100 text-sm [&>tr:nth-child(even)]:bg-gray-100">
+ @forelse ($customers as $customer)
+                   @php
+                     $displayName = $customer->full_name ?: 'Customer';
+                   @endphp
+ <tr class="hover:bg-blue-100 transition-colors">
+ <td class="px-6 py-5 font-semibold text-gray-500">{{ $loop->iteration }}</td>
+ <td class="px-6 py-5">
+ <div class="flex items-center gap-3">
+                         @if ($customer->profile_img)
+                           <img src="{{ asset($customer->profile_img) }}" alt="{{ $displayName }}" class="border-2 border-[#0b3dba] w-[40px] h-[40px] rounded-full object-cover" />
+                         @else
+                           <div class="border-2 border-[#0b3dba] w-[40px] h-[40px] rounded-full flex items-center justify-center bg-[#eef4ff] text-[#0b3dba] font-semibold text-sm">
+                             {{ strtoupper(substr($displayName, 0, 1)) }}
+                           </div>
+                         @endif
+ <div>
Removed / Before Commit
- use App\Http\Controllers\Api\AddressController;
- use App\Http\Controllers\Api\OrderController;
- use App\Http\Controllers\Api\WishlistController;
- 
- Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register');
- Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login');
- Route::middleware('auth:sanctum')->group(function () {
- Route::post('/logout', [CustomerAuthController::class, 'logout']);
- 
- Route::get('/addresses', [AddressController::class, 'index']);
- Route::post('/addresses', [AddressController::class, 'store']);
- Route::put('/addresses/{id}', [AddressController::class, 'update']);
Added / After Commit
+ use App\Http\Controllers\Api\AddressController;
+ use App\Http\Controllers\Api\OrderController;
+ use App\Http\Controllers\Api\WishlistController;
+ use App\Http\Controllers\Api\CustomerProfileController;
+ 
+ Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register');
+ Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login');
+ Route::middleware('auth:sanctum')->group(function () {
+ Route::post('/logout', [CustomerAuthController::class, 'logout']);
+ 
+         Route::get('/profile', [CustomerProfileController::class, 'show']);
+         Route::put('/profile', [CustomerProfileController::class, 'update']);
+         Route::post('/profile/image', [CustomerProfileController::class, 'image']);
+ 
+ Route::get('/addresses', [AddressController::class, 'index']);
+ Route::post('/addresses', [AddressController::class, 'store']);
+ Route::put('/addresses/{id}', [AddressController::class, 'update']);
Removed / Before Commit
- Route::view('/dashboard', 'admin.dashboard')->name('dashboard');
- Route::get('/users', [AdminUserController::class, 'index'])->name('users.index');
- Route::get('/customers', [AdminCustomerController::class, 'index'])->name('customers.index');
- Route::delete('/customers/{customer}', [AdminCustomerController::class, 'destroy'])->name('customers.destroy');
- Route::get('/users/{user}/edit', [AdminUserController::class, 'edit'])->name('users.edit');
- Route::put('/users/{user}', [AdminUserController::class, 'update'])->name('users.update');
Added / After Commit
+ Route::view('/dashboard', 'admin.dashboard')->name('dashboard');
+ Route::get('/users', [AdminUserController::class, 'index'])->name('users.index');
+ Route::get('/customers', [AdminCustomerController::class, 'index'])->name('customers.index');
+     Route::get('/customers/{customer}/edit', [AdminCustomerController::class, 'edit'])->name('customers.edit');
+     Route::put('/customers/{customer}', [AdminCustomerController::class, 'update'])->name('customers.update');
+ Route::delete('/customers/{customer}', [AdminCustomerController::class, 'destroy'])->name('customers.destroy');
+ Route::get('/users/{user}/edit', [AdminUserController::class, 'edit'])->name('users.edit');
+ Route::put('/users/{user}', [AdminUserController::class, 'update'])->name('users.update');