Showing AI reviews for avriti-backend
Project AI Score ?
59%
Quality Avg ?
64%
Security Avg ?
45%
Reviews ?
57

Review Result ?

jattin01/avriti-backend · c993c146
This commit implements backend functionality adding an admin dashboard, order management, and API features for order creation and stock management. However, it has included sensitive API keys in the .env file and logs too much information which could be a security risk. Code is otherwise well structured and addresses business needs but with some potential bug risks in stock decrement logic and missing stock validation. The commit message is very vague.
Quality ?
75%
Security ?
15%
Business Value ?
80%
Maintainability ?
73%
Issues & Suggested Fixes ?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Security Issue
Where .env:12
Issue / Evidence security issue
Suggested Fix remove API keys from version control and add them via environment variables or secrets manager
Security Issue
Where .env:13
Issue / Evidence security issue
Suggested Fix do not commit sensitive keys to source control, use secure vault or environment setup instead
Potential Bug
Where app/Http/Controllers/Api/OrderController.php:98
Issue / Evidence potential bug
Suggested Fix add stock availability checks before decrementing stock to prevent overselling
Security Issue
Where app/Http/Controllers/Api/OrderController.php:106
Issue / Evidence security
Suggested Fix sanitize and validate all email and input fields before sending to prevent injection issues
Improve Code Quality
Where app/Http/Controllers/Api/OrderController.php:140
Issue / Evidence improve code quality
Suggested Fix handle possible product not found or inactive case more clearly with error feedback
Bug Risk
Where app/Http/Controllers/Api/OrderController.php:150
Issue / Evidence bug risk
Suggested Fix consider atomic stock update with database transactions or locking to avoid race conditions
Poor Documentation
Where commit message
Issue / Evidence poor documentation
Suggested Fix improve commit message to clearly describe the changes and their impact
Code Change Preview · .env ?
Removed / Before Commit
- APP_NAME=Laravel
- APP_ENV=local
- APP_KEY=base64:YkLfLJ78zljyLuLqC2wnmybild13CNeNzhXDOGCDc4g=
- APP_DEBUG=true
- # APP_URL=http://localhost
- APP_URL=https://api.digitalmission.in
- FRONTEND_URL=https://avriti.digitalmission.in
- # FRONTEND_URL=http://localhost:3000
- 
- APP_LOCALE=en
- APP_FALLBACK_LOCALE=en
Added / After Commit
+ APP_NAME=Laravel
+ # APP_ENV=local
+ APP_ENV=production
+ APP_KEY=base64:YkLfLJ78zljyLuLqC2wnmybild13CNeNzhXDOGCDc4g=
+ APP_DEBUG=true
+ 
+ APP_URL=https://api.digitalmission.in
+ FRONTEND_URL=https://avriti.digitalmission.in
+ # FRONTEND_URL=http://localhost:3000
+ # APP_URL=http://localhost
+ 
+ RAZORPAY_KEY_ID=rzp_test_T0r9de6Z2mdqEI
+ RAZORPAY_KEY_SECRET=2oVeudmd81fe9zRSm4yVS8Hx
+ 
+ APP_LOCALE=en
+ APP_FALLBACK_LOCALE=en
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers;
+ 
+ use App\Models\Customer;
+ use App\Models\Order;
+ use App\Models\Product;
+ use Illuminate\View\View;
+ 
+ class AdminDashboardController extends Controller
+ {
+     public function index(): View
+     {
+         // ── Stat Cards ──
+         $totalOrders    = Order::count();
+         $totalCustomers = Customer::count();
+         $totalProducts  = Product::where('is_active', true)->count();
+         $totalStock = Product::where('is_active', true)->get()
Removed / Before Commit
- namespace App\Http\Controllers;
- 
- use App\Models\Order;
- use Illuminate\View\View;
- 
- class AdminOrderController extends Controller
- 
- return view('admin.order-detail', compact('order'));
- }
- }
Added / After Commit
+ namespace App\Http\Controllers;
+ 
+ use App\Models\Order;
+ use Illuminate\Http\Request;
+ use Illuminate\Http\RedirectResponse;
+ use Illuminate\View\View;
+ 
+ class AdminOrderController extends Controller
+ 
+ return view('admin.order-detail', compact('order'));
+ }
+ 
+     public function updateStatus(Request $request, Order $order)
+     {
+         $request->validate([
+             'order_status' => ['required', 'in:pending,confirmed,processing,shipped,delivered,cancelled,returned'],
+         ]);
+ 
Removed / Before Commit
- use App\Models\Product;
- use Illuminate\Http\JsonResponse;
- use Illuminate\Http\Request;
- use Illuminate\Support\Facades\Mail;
- use Illuminate\Support\Str;
- 
- 'shipping_address.country'   => ['required', 'string'],
- 'billing_address'            => ['nullable', 'array'],
- 'billing_address.email'      => ['nullable', 'email'],
-             'payment_method'             => ['required', 'in:upi,card,cod'],
- 'subtotal'                   => ['required', 'numeric'],
- 'total'                      => ['required', 'numeric'],
- ]);
- $orderNumber = 'AVR-' . strtoupper(Str::random(8));
- }
- 
-         Mail::to($billingEmail)->send(new OrderPlacedMail([
-             'order_number' => $orderNumber,
Added / After Commit
+ use App\Models\Product;
+ use Illuminate\Http\JsonResponse;
+ use Illuminate\Http\Request;
+ use Illuminate\Support\Facades\Log;
+ use Illuminate\Support\Facades\Mail;
+ use Illuminate\Support\Str;
+ 
+ 'shipping_address.country'   => ['required', 'string'],
+ 'billing_address'            => ['nullable', 'array'],
+ 'billing_address.email'      => ['nullable', 'email'],
+             'payment_method'             => ['required', 'in:cod,razorpay'],
+ 'subtotal'                   => ['required', 'numeric'],
+ 'total'                      => ['required', 'numeric'],
+ ]);
+ $orderNumber = 'AVR-' . strtoupper(Str::random(8));
+ }
+ 
+         Log::info('COD order attempt', ['customer_id' => $customerId, 'total' => $request->input('total', 0)]);
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers\Api;
+ 
+ use App\Http\Controllers\Controller;
+ use App\Mail\OrderPlacedMail;
+ use App\Models\CartItem;
+ use App\Models\Order;
+ use App\Models\Product;
+ use Illuminate\Http\JsonResponse;
+ use Illuminate\Http\Request;
+ use Illuminate\Support\Facades\Log;
+ use Illuminate\Support\Facades\Mail;
+ use Illuminate\Support\Str;
+ use Razorpay\Api\Api;
+ 
+ class RazorpayController extends Controller
+ {
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Middleware;
+ 
+ use Closure;
+ use Illuminate\Http\Request;
+ use Symfony\Component\HttpFoundation\Response;
+ 
+ class CheckCustomerActive
+ {
+     public function handle(Request $request, Closure $next): Response
+     {
+         $user = $request->user();
+ 
+         if ($user && isset($user->is_active) && ! $user->is_active) {
+             return response()->json(['message' => 'Account has been deactivated.'], 401);
+         }
+ 
Removed / Before Commit
- 'payment_method',
- 'payment_status',
- 'order_status',
- ];
- 
- protected $casts = [
Added / After Commit
+ 'payment_method',
+ 'payment_status',
+ 'order_status',
+         'razorpay_order_id',
+         'razorpay_payment_id',
+         'razorpay_signature',
+ ];
+ 
+ protected $casts = [
Removed / Before Commit
- "php": "^8.2",
- "laravel/framework": "^12.0",
- "laravel/sanctum": "^4.3",
-         "laravel/tinker": "^2.10.1"
- },
- "require-dev": {
- "fakerphp/faker": "^1.23",
Added / After Commit
+ "php": "^8.2",
+ "laravel/framework": "^12.0",
+ "laravel/sanctum": "^4.3",
+         "laravel/tinker": "^2.10.1",
+         "razorpay/razorpay": "^2.9"
+ },
+ "require-dev": {
+ "fakerphp/faker": "^1.23",
Removed / Before Commit
- "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
- "This file is @generated automatically"
- ],
-     "content-hash": "f4dbe09ac5bbddf1a0ad59af35d90a39",
- "packages": [
- {
- "name": "brick/math",
- },
- "time": "2025-12-14T04:43:48+00:00"
- },
- {
- "name": "symfony/clock",
- "version": "v7.4.8",
Added / After Commit
+ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
+ "This file is @generated automatically"
+ ],
+     "content-hash": "ba596cbc21cd3240188bf1ea45daab77",
+ "packages": [
+ {
+ "name": "brick/math",
+ },
+ "time": "2025-12-14T04:43:48+00:00"
+ },
+         {
+             "name": "razorpay/razorpay",
+             "version": "2.9.3",
+             "source": {
+                 "type": "git",
+                 "url": "https://github.com/razorpay/razorpay-php.git",
+                 "reference": "b724515d548083b9fba52e61f47c0c24136ab181"
+             },
Removed / Before Commit
- ],
- ],
- 
- ];
Added / After Commit
+ ],
+ ],
+ 
+     'razorpay' => [
+         'key'    => env('RAZORPAY_KEY_ID'),
+         'secret' => env('RAZORPAY_KEY_SECRET'),
+     ],
+ 
+ ];
Removed / Before Commit
- <th class="px-6 py-3">Date</th>
- <th class="px-6 py-3">Amount</th>
- <th class="px-6 py-3">Payment</th>
- <th class="px-6 py-3">Status</th>
- </tr>
- </thead>
- 'cancelled'  => 'bg-red-100 text-red-700',
- default      => 'bg-gray-100 text-gray-700',
- };
- @endphp
- <tr class="hover:bg-blue-50 transition-colors">
- <td class="px-6 py-4 font-semibold text-[#0b3dba]">{{ $order->order_number }}</td>
- <td class="px-6 py-4 text-gray-500">{{ $order->created_at?->format('d M, Y') }}</td>
- <td class="px-6 py-4 font-semibold">₹{{ number_format($order->total_amount, 0) }}</td>
- <td class="px-6 py-4 text-gray-500 capitalize">{{ $order->payment_method }}</td>
- <td class="px-6 py-4">
- <span class="inline-flex rounded-full px-3 py-1 text-xs font-semibold capitalize {{ $statusColor }}">{{ $order->order_status }}</span>
- </td>
Added / After Commit
+ <th class="px-6 py-3">Date</th>
+ <th class="px-6 py-3">Amount</th>
+ <th class="px-6 py-3">Payment</th>
+               <th class="px-6 py-3">Payment Status</th>
+ <th class="px-6 py-3">Status</th>
+ </tr>
+ </thead>
+ 'cancelled'  => 'bg-red-100 text-red-700',
+ default      => 'bg-gray-100 text-gray-700',
+ };
+               $payColor = match($order->payment_status) {
+                 'paid'      => 'bg-emerald-100 text-emerald-600',
+                 'failed'    => 'bg-red-100 text-red-500',
+                 'refunded'  => 'bg-blue-100 text-blue-500',
+                 default     => 'bg-amber-100 text-amber-700',
+               };
+ @endphp
+ <tr class="hover:bg-blue-50 transition-colors">
Removed / Before Commit
- @extends('layouts.app')
- 
- @section('title', 'Sellzy Dashboard')
- @section('content')
- 
-       <div class="bg-white rounded-2xl p-6 shadow-sm">
- 
-         <!-- Stat Cards Row 1 -->
-         <div class="grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 gap-4">
- 
-           <!-- Total Sales -->
-           <div class="bg-teal-50 rounded-2xl p-5">
-             <p class="text-sm text-gray-500 mb-3">Total Sales</p>
-             <div class="flex items-center gap-3">
-               <span class="text-[30px ] lg:text-2xl font-bold text-gray-800">$4,876</span>
-               <span class="flex items-center gap-1 text-xs font-semibold text-green-600 bg-green-100 px-2 py-1 rounded-full">
-                 +0.1%
-                 <svg class="w-3 h-3" fill="none" stroke="currentColor" stroke-width="2.5" viewBox="0 0 24 24">
Added / After Commit
+ @extends('layouts.app')
+ 
+ @section('title', 'Dashboard | Avriti')
+ 
+ @push('styles')
+ <script src="https://cdn.jsdelivr.net/npm/chart.js@4.4.0/dist/chart.umd.min.js"></script>
+ @endpush
+ 
+ @section('content')
+ 
+ \ No newline at end of file
+ {{-- ── TOP 3 STAT CARDS ── --}}
+ <div class="grid grid-cols-1 sm:grid-cols-3 gap-4 mb-6">
+ 
+   {{-- Total Orders --}}
+   <div class="bg-white rounded-2xl p-5 shadow-sm flex items-center gap-4">
+     <div class="shrink-0 w-12 h-12 rounded-xl bg-blue-100 flex items-center justify-center">
+       <svg class="w-6 h-6 text-[#0b3dba]" fill="none" stroke="currentColor" stroke-width="2" viewBox="0 0 24 24">
Removed / Before Commit
- </a>
- <h1 class="text-2xl font-semibold text-[#0b3dba]">Order {{ $order->order_number }}</h1>
- </div>
- </div>
- 
- <div class="bg-white rounded-2xl shadow-sm overflow-hidden">
- <div class="px-6 py-6 space-y-6">
- {{-- Status + meta --}}
- <span class="text-sm text-gray-400">{{ $order->created_at?->timezone('Asia/Kolkata')->format('d M, Y h:i A') ?? '-' }}</span>
- </div>
- 
- {{-- Customer --}}
- <div class="rounded-2xl border border-gray-200 p-4">
- <h3 class="mb-3 text-sm font-semibold text-[#0b3dba]">Customer</h3>
Added / After Commit
+ </a>
+ <h1 class="text-2xl font-semibold text-[#0b3dba]">Order {{ $order->order_number }}</h1>
+ </div>
+   <form action="{{ route('orders.updateStatus', $order) }}" method="POST" class="flex items-center gap-2">
+     @csrf
+     @method('PATCH')
+     <select name="order_status" class="rounded-lg border border-gray-300 px-3 py-2 text-sm text-gray-700 focus:outline-none focus:ring-2 focus:ring-[#0b3dba]">
+       @foreach(['pending','confirmed','processing','shipped','delivered','cancelled','returned'] as $status)
+         <option value="{{ $status }}" {{ $order->order_status === $status ? 'selected' : '' }}>{{ ucfirst($status) }}</option>
+       @endforeach
+     </select>
+     <button type="submit" class="inline-flex items-center gap-2 rounded-lg bg-[#0b3dba] px-4 py-2 text-sm font-semibold text-white hover:bg-[#0a35a5] transition">
+       Update Status
+     </button>
+   </form>
+ </div>
+ 
+ @if(session('success'))
Removed / Before Commit
- @section('title', 'Orders | Avriti Dashboard')
- @section('content')
- 
- {{-- Hardcoded backup:
- <tr>
-   <td>#TBT12</td>
-   <td>Louis Hicks</td>
-   <td>Leather band Smartwatches</td>
-   <td>$2145.20</td>
-   <td>11 Feb, 2021</td>
-   <td>COD</td>
-   <td><span class="px-3 py-1 rounded-md text-xs font-semibold bg-emerald-100 text-emerald-600">DELIVERED</span></td>
-   <td><button class="w-9 h-9 rounded-lg bg-violet-100 text-violet-500 text-lg font-bold">...</button></td>
- </tr>
- <tr>
-   <td>#TBT11</td>
-   <td>Richard Jenkins</td>
-   <td>Innovative Education Book</td>
Added / After Commit
+ @section('title', 'Orders | Avriti Dashboard')
+ @section('content')
+ 
+ 
+ 
+ <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between">
+ <div>
+ 
+ <div class="bg-white rounded-2xl shadow-sm overflow-hidden">
+ <div class="overflow-x-auto px-4 py-4">
+     <table id="ordersTable" data-action-column="9" class="js-data-table w-full text-sm text-left text-gray-600">
+ <thead class="bg-[#0b3dba] border-b border-gray-200 text-gray-500">
+ <tr>
+ <th class="px-5 py-4 font-semibold text-white">S.No</th>
+ <th class="px-5 py-4 font-semibold text-white">Amount</th>
+ <th class="px-5 py-4 font-semibold text-white">Order Date</th>
+ <th class="px-5 py-4 font-semibold text-white">Payment Method</th>
+           <th class="px-5 py-4 font-semibold text-white">Payment Status</th>
Removed / Before Commit
- $shippingCost = (float) ($orderData['shipping'] ?? 0);
- $total = (float) ($orderData['total'] ?? 0);
- $fallbackImage = url('img/logo1.png');
- @endphp
- <!DOCTYPE html>
- <html lang="en">
- <div style="font-size:13px; color:#c5d3f0; line-height:1.7; max-width:320px; margin:0 auto 20px;">
- Thank you for shopping with us! We've received your order and it's currently being processed.
- </div>
-               <div style="display:inline-block; background:rgba(255,255,255,0.15); border-radius:8px; padding:9px 20px;">
- <span style="font-size:13px; color:#c5d3f0;">Order ID: </span>
- <span style="font-size:14px; font-weight:700; color:#ffffff; letter-spacing:0.5px;">{{ $orderData['order_number'] }}</span>
- </div>
- </td>
- </tr>
- 
- </td>
- </tr>
Added / After Commit
+ $shippingCost = (float) ($orderData['shipping'] ?? 0);
+ $total = (float) ($orderData['total'] ?? 0);
+ $fallbackImage = url('img/logo1.png');
+   $paymentMethod = $orderData['payment_method'] ?? 'cod';
+   $transactionId = $orderData['razorpay_payment_id'] ?? null;
+   $isRazorpay = $paymentMethod === 'razorpay';
+   $orderDate = now()->setTimezone('Asia/Kolkata')->format('d M Y, h:i A');
+ @endphp
+ <!DOCTYPE html>
+ <html lang="en">
+ <div style="font-size:13px; color:#c5d3f0; line-height:1.7; max-width:320px; margin:0 auto 20px;">
+ Thank you for shopping with us! We've received your order and it's currently being processed.
+ </div>
+               <div style="display:inline-block; background:rgba(255,255,255,0.15); border-radius:8px; padding:9px 20px; margin-bottom:8px;">
+ <span style="font-size:13px; color:#c5d3f0;">Order ID: </span>
+ <span style="font-size:14px; font-weight:700; color:#ffffff; letter-spacing:0.5px;">{{ $orderData['order_number'] }}</span>
+ </div>
+               <div style="font-size:12px; color:#c5d3f0; margin-top:4px;">{{ $orderDate }}</div>
Removed / Before Commit
- <head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <title>@yield('title', 'Avriti Dashboard')</title>
- @include('partials.css')
- <link rel="stylesheet" href="https://cdn.datatables.net/2.3.2/css/dataTables.dataTables.min.css">
Added / After Commit
+ <head>
+ <meta charset="UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+   <meta name="csrf-token" content="{{ csrf_token() }}">
+ <title>@yield('title', 'Avriti Dashboard')</title>
+ @include('partials.css')
+ <link rel="stylesheet" href="https://cdn.datatables.net/2.3.2/css/dataTables.dataTables.min.css">
Removed / Before Commit
- use App\Http\Controllers\Api\OrderController;
- use App\Http\Controllers\Api\WishlistController;
- use App\Http\Controllers\Api\CustomerProfileController;
- 
- Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register');
- Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login');
- Route::post('/forgot-password', [CustomerAuthController::class, 'forgotPassword']);
- Route::post('/reset-password', [CustomerAuthController::class, 'resetPassword']);
- 
-     Route::middleware('auth:sanctum')->group(function () {
- Route::post('/logout', [CustomerAuthController::class, 'logout']);
- 
- Route::get('/profile', [CustomerProfileController::class, 'show']);
- Route::get('/orders', [OrderController::class, 'index']);
- Route::get('/orders/{id}', [OrderController::class, 'show']);
- 
- Route::get('/cart', [CartController::class, 'index']);
- Route::post('/cart/add', [CartController::class, 'add']);
Added / After Commit
+ use App\Http\Controllers\Api\OrderController;
+ use App\Http\Controllers\Api\WishlistController;
+ use App\Http\Controllers\Api\CustomerProfileController;
+ use App\Http\Controllers\Api\RazorpayController;
+ use App\Http\Middleware\CheckCustomerActive;
+ 
+ Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register');
+ Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login');
+ Route::post('/forgot-password', [CustomerAuthController::class, 'forgotPassword']);
+ Route::post('/reset-password', [CustomerAuthController::class, 'resetPassword']);
+ 
+     Route::middleware(['auth:sanctum', CheckCustomerActive::class])->group(function () {
+ Route::post('/logout', [CustomerAuthController::class, 'logout']);
+ 
+ Route::get('/profile', [CustomerProfileController::class, 'show']);
+ Route::get('/orders', [OrderController::class, 'index']);
+ Route::get('/orders/{id}', [OrderController::class, 'show']);
+ 
Removed / Before Commit
- use App\Http\Controllers\AdminContactController;
- use App\Http\Controllers\AdminServiceController;
- use App\Http\Controllers\AdminCustomerController;
- use App\Http\Controllers\AdminOrderController;
- use Illuminate\Support\Facades\Route;
- 
- });
- 
- Route::middleware('auth')->group(function (): void {
-     Route::view('/dashboard', 'admin.dashboard')->name('dashboard');
- Route::get('/users', [AdminUserController::class, 'index'])->name('users.index');
- Route::get('/customers', [AdminCustomerController::class, 'index'])->name('customers.index');
- Route::get('/customers/{customer}', [AdminCustomerController::class, 'show'])->name('customers.show');
- Route::view('/profile', 'admin.profile')->name('profile');
- Route::get('/orders', [AdminOrderController::class, 'index'])->name('orders.index');
- Route::get('/orders/{order}', [AdminOrderController::class, 'show'])->name('orders.show');
- Route::view('/return-refund', 'admin.return-refund')->name('return-refund.index');
- Route::get('/product-categories', [AdminProductCategoryController::class, 'index'])->name('product-categories.index');
Added / After Commit
+ use App\Http\Controllers\AdminContactController;
+ use App\Http\Controllers\AdminServiceController;
+ use App\Http\Controllers\AdminCustomerController;
+ use App\Http\Controllers\AdminDashboardController;
+ use App\Http\Controllers\AdminOrderController;
+ use Illuminate\Support\Facades\Route;
+ 
+ });
+ 
+ Route::middleware('auth')->group(function (): void {
+     Route::get('/dashboard', [AdminDashboardController::class, 'index'])->name('dashboard');
+ Route::get('/users', [AdminUserController::class, 'index'])->name('users.index');
+ Route::get('/customers', [AdminCustomerController::class, 'index'])->name('customers.index');
+ Route::get('/customers/{customer}', [AdminCustomerController::class, 'show'])->name('customers.show');
+ Route::view('/profile', 'admin.profile')->name('profile');
+ Route::get('/orders', [AdminOrderController::class, 'index'])->name('orders.index');
+ Route::get('/orders/{order}', [AdminOrderController::class, 'show'])->name('orders.show');
+     Route::patch('/orders/{order}/status', [AdminOrderController::class, 'updateStatus'])->name('orders.updateStatus');