AI Review Center
Commit Review Workspace ?
Select a commit on the left to inspect quality, security, business value, findings, and suggested code changes.
Project AI Score
?
59%
Quality Avg
?
64%
Security Avg
?
45%
Reviews
?
57
Review Result ?
jattin01/avriti-backend · 4bc4309b
This commit introduces new APIs and admin controllers for managing Services and Contact submissions, including file upload and structured data. The code covers validation and basic error handling. However, there are some issues in input validation/sanitization, error handling, and missing security measures that could lead to vulnerabilities or bugs.
Quality
?
75%
Security
?
60%
Business Value
?
80%
Maintainability
?
68%
Issues & Suggested Fixes
?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
File Upload: Allow Only Specific Extension...
Where
app/Http/Controllers/AdminServiceController.php:47
Issue / Evidence
File upload: allow only specific extensions instead of any image
Suggested Fix
restrict to preferred file types to reduce risk
Missing Validation
Where
app/Http/Controllers/AdminServiceController.php:53
Issue / Evidence
Cards input validation: no deep validation of card fields
Suggested Fix
add validation rules to ensure data consistency and prevent injection
Missing Validation
Where
app/Http/Controllers/Api/ContactController.php:14
Issue / Evidence
Email validation: use stricter email validation or sanitization
Suggested Fix
prevent invalid data or injection
Lack Of Spam/Bot Protection On Contact Api
Where
app/Http/Controllers/Api/ContactController.php:11
Issue / Evidence
Lack of spam/bot protection on contact API
Suggested Fix
add rate limiting, captcha or validation to reduce spam risk
Incorrect Use Of 'Casts' Method: It Should...
Where
app/Models/Service.php:17
Issue / Evidence
Incorrect use of 'casts' method: it should be a property $casts, not a method
Suggested Fix
fix to properly cast 'cards' attribute
Add '$Casts' Property Definition For 'Card...
Where
app/Models/Service.php:17
Issue / Evidence
Add '$casts' property definition for 'cards' as array
Suggested Fix
enable correct data handling for JSON fields
Missing Validation
Where
app/Http/Controllers/Api/ServiceController.php:27
Issue / Evidence
Card icon URLs: lack validation on filenames fetched from DB before using them in asset URL
Suggested Fix
sanitize or whitelist filenames to prevent path traversal or XSS
Ambiguous And Typo 'Contect' Instead Of 'C...
Where
commit message
Issue / Evidence
Ambiguous and typo 'CONTECT' instead of 'CONTACT'
Suggested Fix
improve clarity and professionalism by fixing spelling and describing the change clearly
Code Change Preview · app/Http/Controllers/AdminServiceController.php
?
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers; + + use App\Models\Service; + use Illuminate\Http\RedirectResponse; + use Illuminate\Http\Request; + use Illuminate\Support\Facades\File; + use Illuminate\View\View; + + class AdminServiceController extends Controller + { + public function index(): View + { + $service = Service::first() ?? new Service(); + $svgFiles = $this->getSvgFiles(); + + return view('admin.service', compact('service', 'svgFiles'));
Removed / Before Commit
- \ No newline at end of file
Added / After Commit
+ <?php + + namespace App\Http\Controllers\Api; + + use App\Http\Controllers\Controller; + use App\Models\Contact; + use Illuminate\Http\Request; + + class ContactController extends Controller + { + public function store(Request $request) + { + $request->validate([ + 'name' => 'required|string', + 'email' => 'required|email', + 'phone' => 'nullable|string', + 'message' => 'required|string', + ]);
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers\Api; + + use App\Http\Controllers\Controller; + use App\Models\Service; + + class ServiceController extends Controller + { + public function index() + { + $service = Service::first(); + + if (! $service) { + return response()->json([ + 'success' => true, + 'message' => 'Services fetched successfully', + 'data' => null,
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Models; + + use Illuminate\Database\Eloquent\Model; + + class Contact extends Model + { + // + protected $fillable = [ + 'name', + 'email', + 'phone', + 'message', + ]; + }
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Models; + + use Illuminate\Database\Eloquent\Model; + + class Service extends Model + { + protected $fillable = [ + 's_heading', + 's_sub_heading', + 's_description', + 's_image', + 'cards', + ]; + + protected function casts(): array + {
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('services', function (Blueprint $table) { + $table->id(); + $table->string('s_heading'); + $table->string('s_sub_heading')->nullable(); + $table->longText('s_description')->nullable();
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('contacts', function (Blueprint $table) { + $table->id(); + $table->string('name'); + $table->string('email'); + $table->string('phone')->nullable();
Removed / Before Commit
Added / After Commit
+ @extends('layouts.app') + + @section('title', 'Services Page | Avriti Dashboard') + + @push('styles') + <link href="https://cdn.quilljs.com/1.3.6/quill.snow.css" rel="stylesheet" /> + <style> + .icon-option-wrap { display: flex; align-items: center; gap: 8px; } + .char-count { font-size: 11px; color: #9ca3af; text-align: right; margin-top: 4px; } + .char-count.warn { color: #ef4444; } + </style> + @endpush + + @section('content') + + <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between"> + <div> + <h1 class="text-2xl font-semibold text-[#0b3dba]">Services Page</h1>
Removed / Before Commit
- </div> - - {{-- CMS Group --}} - @php $cmsOpen = request()->routeIs('home-page.*', 'about-page.*', 'faq.*'); @endphp - <div> - <button type="button" id="cmsToggle" - class="w-full flex items-center justify-between px-3 py-2.5 rounded-xl text-white/70 hover:bg-white/10 hover:text-white transition"> - <i class="fa-solid fa-circle-question"></i> - FAQs - </a> - </div> - </div>
Added / After Commit
+ </div> + + {{-- CMS Group --}} + @php $cmsOpen = request()->routeIs('home-page.*', 'about-page.*', 'faq.*', 'service-page.*'); @endphp + <div> + <button type="button" id="cmsToggle" + class="w-full flex items-center justify-between px-3 py-2.5 rounded-xl text-white/70 hover:bg-white/10 hover:text-white transition"> + <i class="fa-solid fa-circle-question"></i> + FAQs + </a> + <a href="{{ route('service-page.index') }}" class="flex items-center gap-3 px-3 py-2 rounded-xl text-sm {{ request()->routeIs('service-page.*') ? $activeClass : $inactiveClass }}"> + <i class="fa-solid fa-hand-sparkles"></i> + Services Page + </a> + </div> + </div>
Removed / Before Commit
- use App\Http\Controllers\Api\AboutController; - use App\Http\Controllers\Api\HomeController; - use App\Http\Controllers\Api\FaqController; - - Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register'); - Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login'); - Route::get('/product', [ProductController::class, 'index']); - Route::get('/about', [AboutController::class, 'index']); - Route::get('/faqs', [FaqController::class, 'index']); - Route::get('/home', [HomeController::class, 'index']); - \ No newline at end of file - \ No newline at end of file
Added / After Commit
+ use App\Http\Controllers\Api\AboutController; + use App\Http\Controllers\Api\HomeController; + use App\Http\Controllers\Api\FaqController; + USE App\Http\Controllers\Api\ServiceController; + USE App\Http\Controllers\API\ContactController; + + Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register'); + Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login'); + Route::get('/product', [ProductController::class, 'index']); + Route::get('/about', [AboutController::class, 'index']); + Route::get('/faqs', [FaqController::class, 'index']); + \ No newline at end of file + Route::get('/home', [HomeController::class, 'index']); + Route::get('/services', [ServiceController::class, 'index']); + Route::post('/contact', [ContactController::class, 'store']); + \ No newline at end of file
Removed / Before Commit
- use App\Http\Controllers\AdminAboutController; - use App\Http\Controllers\AdminHomeController; - use App\Http\Controllers\AdminFaqController; - use Illuminate\Support\Facades\Route; - - Route::get('/', function () { - Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update'); - Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index'); - Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update'); - Route::post('/logout', [AuthController::class, 'logout'])->name('logout'); - });
Added / After Commit
+ use App\Http\Controllers\AdminAboutController; + use App\Http\Controllers\AdminHomeController; + use App\Http\Controllers\AdminFaqController; + use App\Http\Controllers\AdminServiceController; + use Illuminate\Support\Facades\Route; + + Route::get('/', function () { + Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update'); + Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index'); + Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update'); + Route::get('/service-page', [AdminServiceController::class, 'index'])->name('service-page.index'); + Route::put('/service-page', [AdminServiceController::class, 'update'])->name('service-page.update'); + Route::post('/logout', [AuthController::class, 'logout'])->name('logout'); + });