Showing AI reviews for avriti-backend
Project AI Score ?
59%
Quality Avg ?
64%
Security Avg ?
45%
Reviews ?
57

Review Result ?

jattin01/avriti-backend · 94a1dc28
The commit adds multiple controllers handling admin contacts, service pages, and API endpoints for contacts and customer authentication. The code uses validation and modeled data interactions in typical Laravel style. However, there are some security concerns with password handling and areas where validation and error handling could be improved. The code quality is reasonable but can be improved by reducing duplication and adding clearer error responses.
Quality ?
75%
Security ?
50%
Business Value ?
70%
Maintainability ?
78%
Issues & Suggested Fixes ?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Password Is Stored Directly Without Hashin...
Where app/Http/Controllers/Api/CustomerAuthController.php:29
Issue / Evidence password is stored directly without hashing
Suggested Fix hash the password before storage to improve security score
Directory Creation Does Not Verify Success...
Where app/Http/Controllers/AdminServiceController.php:40
Issue / Evidence directory creation does not verify success or handle failure
Suggested Fix add error handling to improve bug risk and quality scores
User Lookup And Password Checking Combined...
Where app/Http/Controllers/Api/CustomerAuthController.php:54
Issue / Evidence user lookup and password checking combined without rate limiting or detailed error handling
Suggested Fix consider adding throttling and more granular error messages to reduce security risks
Security Issue
Where app/Http/Controllers/Api/ContactController.php:11
Issue / Evidence no authentication or spam protection on contact form API endpoint
Suggested Fix implement spam prevention or rate limiting to improve security score
Very Generic Merge Message With No Detail
Where commit message
Issue / Evidence very generic merge message with no detail
Suggested Fix provide a more descriptive commit message describing changes to improve business value score
Code Change Preview · app/Http/Controllers/AdminContactController.php ?
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers;
+ 
+ use App\Models\Contact;
+ 
+ class AdminContactController extends Controller
+ {
+     public function index()
+     {
+         $contacts = Contact::latest()->get();
+         return view('admin.contacts', compact('contacts'));
+     }
+ 
+     public function destroy(Contact $contact)
+     {
+         $contact->delete();
+         return redirect()->route('contacts.index')->with('success', 'Contact deleted successfully.');
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers;
+ 
+ use App\Models\Service;
+ use Illuminate\Http\RedirectResponse;
+ use Illuminate\Http\Request;
+ use Illuminate\Support\Facades\File;
+ use Illuminate\View\View;
+ 
+ class AdminServiceController extends Controller
+ {
+     public function index(): View
+     {
+         $service = Service::first() ?? new Service();
+         $svgFiles = $this->getSvgFiles();
+ 
+         return view('admin.service', compact('service', 'svgFiles'));
Removed / Before Commit
- \ No newline at end of file
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers\Api;
+ 
+ use App\Http\Controllers\Controller;
+ use App\Models\Contact;
+ use Illuminate\Http\Request;
+ 
+ class ContactController extends Controller
+ {
+     public function store(Request $request)
+     {
+         $request->validate([
+             'name'    => 'required|string',
+             'email'   => 'required|email',
+             'phone'   => 'nullable|string',
+             'message' => 'required|string',
+         ]);
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers\Api;
+ 
+ use App\Http\Controllers\Controller;
+ use App\Models\Customer;
+ use Illuminate\Http\JsonResponse;
+ use Illuminate\Http\Request;
+ use Illuminate\Support\Facades\DB;
+ use Illuminate\Support\Facades\Hash;
+ use Illuminate\Support\Str;
+ use Illuminate\Validation\ValidationException;
+ 
+ class CustomerAuthController extends Controller
+ {
+    public function register(Request $request): JsonResponse
+ {
+     $request->validate([
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Http\Controllers\Api;
+ 
+ use App\Http\Controllers\Controller;
+ use App\Models\Service;
+ 
+ class ServiceController extends Controller
+ {
+     public function index()
+     {
+         $service = Service::first();
+ 
+         if (! $service) {
+             return response()->json([
+                 'success' => true,
+                 'message' => 'Services fetched successfully',
+                 'data'    => null,
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Models;
+ 
+ use Illuminate\Database\Eloquent\Model;
+ 
+ class Contact extends Model
+ {
+     //
+     protected $fillable = [
+         'name',
+         'email',
+         'phone',
+         'message',
+     ];
+ }
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Models;
+ 
+ use Illuminate\Foundation\Auth\User as Authenticatable;
+ use Laravel\Sanctum\HasApiTokens;
+ 
+ class Customer extends Authenticatable
+ {
+     use HasApiTokens;
+ 
+    protected $fillable = ['full_name', 'email', 'phone', 'password'];
+ 
+     protected $hidden = ['password'];
+ 
+     protected function casts(): array
+     {
+         return ['password' => 'hashed'];
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ namespace App\Models;
+ 
+ use Illuminate\Database\Eloquent\Model;
+ 
+ class Service extends Model
+ {
+     protected $fillable = [
+         's_heading',
+         's_sub_heading',
+         's_description',
+         's_image',
+         'cards',
+     ];
+ 
+     protected function casts(): array
+     {
Removed / Before Commit
- <?php
- 
- use App\Models\User;
- 
- return [
- 'driver' => 'session',
- 'provider' => 'users',
- ],
- ],
- 
- /*
- 'driver' => 'eloquent',
- 'model' => env('AUTH_MODEL', User::class),
- ],
- 
- // 'users' => [
- //     'driver' => 'database',
Added / After Commit
+ <?php
+ 
+ use App\Models\Customer;
+ use App\Models\User;
+ 
+ return [
+ 'driver' => 'session',
+ 'provider' => 'users',
+ ],
+         'customer' => [
+             'driver' => 'sanctum',
+             'provider' => 'customers',
+         ],
+ ],
+ 
+ /*
+ 'driver' => 'eloquent',
+ 'model' => env('AUTH_MODEL', User::class),
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Cookie\Middleware\EncryptCookies;
+ use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
+ use Laravel\Sanctum\Http\Middleware\AuthenticateSession;
+ use Laravel\Sanctum\Sanctum;
+ 
+ return [
+ 
+     /*
+     |--------------------------------------------------------------------------
+     | Stateful Domains
+     |--------------------------------------------------------------------------
+     |
+     | Requests from the following domains / hosts will receive stateful API
+     | authentication cookies. Typically, these should include your local
+     | and production domains which access your API via a frontend SPA.
+     |
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('services', function (Blueprint $table) {
+             $table->id();
+             $table->string('s_heading');
+             $table->string('s_sub_heading')->nullable();
+             $table->longText('s_description')->nullable();
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('contacts', function (Blueprint $table) {
+             $table->id();
+             $table->string('name');
+             $table->string('email');
+             $table->string('phone')->nullable();
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('customers', function (Blueprint $table) {
+             $table->id();
+             $table->string('email')->unique();
+             $table->string('password');
+             $table->timestamps();
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('customer_password_resets', function (Blueprint $table) {
+             $table->string('email')->index();
+             $table->string('token');
+             $table->timestamp('created_at')->nullable();
+         });
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::table('customers', function (Blueprint $table) {
+             //
+              $table->string('full_name')->after('id');
+             $table->string('phone')->nullable()->after('full_name');
+         });
Removed / Before Commit

                                                
Added / After Commit
+ <?php
+ 
+ use Illuminate\Database\Migrations\Migration;
+ use Illuminate\Database\Schema\Blueprint;
+ use Illuminate\Support\Facades\Schema;
+ 
+ return new class extends Migration
+ {
+     /**
+      * Run the migrations.
+      */
+     public function up(): void
+     {
+         Schema::create('cart_items', function (Blueprint $table) {
+             $table->id();
+              $table->foreignId('customer_id')->constrained()->onDelete('cascade');
+             $table->foreignId('product_id')->constrained()->onDelete('cascade');
+             $table->string('attribute_name')->nullable();
Removed / Before Commit

                                                
Added / After Commit
+ @extends('layouts.app')
+ 
+ @section('title', 'Contacts | Avriti Dashboard')
+ @section('content')
+ 
+ <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between">
+   <div>
+     <h1 class="text-2xl font-semibold text-[#0b3dba]">Contacts</h1>
+   </div>
+ </div>
+ 
+ @if (session('success'))
+   <div data-auto-hide-alert class="mb-6 rounded-2xl border border-emerald-200 bg-emerald-50 px-4 py-3 text-sm font-semibold text-emerald-700 transition-opacity duration-500">
+     {{ session('success') }}
+   </div>
+ @endif
+ 
+ <div class="overflow-hidden rounded-[32px] bg-white shadow-sm">
Removed / Before Commit

                                                
Added / After Commit
+ @extends('layouts.app')
+ 
+ @section('title', 'Services Page | Avriti Dashboard')
+ 
+ @push('styles')
+ <link href="https://cdn.quilljs.com/1.3.6/quill.snow.css" rel="stylesheet" />
+ <style>
+   .icon-option-wrap { display: flex; align-items: center; gap: 8px; }
+   .char-count { font-size: 11px; color: #9ca3af; text-align: right; margin-top: 4px; }
+   .char-count.warn { color: #ef4444; }
+ </style>
+ @endpush
+ 
+ @section('content')
+ 
+ <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between">
+   <div>
+     <h1 class="text-2xl font-semibold text-[#0b3dba]">Services Page</h1>
Removed / Before Commit
- </div>
- 
- {{-- CMS Group --}}
-     @php $cmsOpen = request()->routeIs('home-page.*', 'about-page.*', 'faq.*'); @endphp
- <div>
- <button type="button" id="cmsToggle"
- class="w-full flex items-center justify-between px-3 py-2.5 rounded-xl text-white/70 hover:bg-white/10 hover:text-white transition">
- <i class="fa-solid fa-circle-question"></i>
- FAQs
- </a>
- </div>
- </div>
- 
- </nav>
- </aside>
- \ No newline at end of file
Added / After Commit
+ </div>
+ 
+ {{-- CMS Group --}}
+     @php $cmsOpen = request()->routeIs('home-page.*', 'about-page.*', 'faq.*', 'service-page.*'); @endphp
+ <div>
+ <button type="button" id="cmsToggle"
+ class="w-full flex items-center justify-between px-3 py-2.5 rounded-xl text-white/70 hover:bg-white/10 hover:text-white transition">
+ <i class="fa-solid fa-circle-question"></i>
+ FAQs
+ </a>
+         <a href="{{ route('service-page.index') }}" class="flex items-center gap-3 px-3 py-2 rounded-xl text-sm {{ request()->routeIs('service-page.*') ? $activeClass : $inactiveClass }}">
+           <i class="fa-solid fa-hand-sparkles"></i>
+           Services Page
+         </a>
+         <a href="{{ route('contacts.index') }}" class="flex items-center gap-3 px-3 py-2.5 rounded-xl {{ request()->routeIs('contacts.*') ? $activeClass : $inactiveClass }}">
+       <i class="fa-solid fa-envelope"></i>
+       Contacts
+     </a>
Removed / Before Commit
- <?php
- 
- use App\Http\Controllers\AuthController;
- use Illuminate\Support\Facades\Route;
- use App\Http\Controllers\Api\ProductCategoryController;
- use App\Http\Controllers\Api\ProductTypeController;
- use App\Http\Controllers\Api\ProductController;
- use App\Http\Controllers\Api\AboutController;
- use App\Http\Controllers\Api\HomeController;
- use App\Http\Controllers\Api\FaqController;
- 
- Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register');
- Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login');
- Route::get('/product', [ProductController::class, 'index']);
- Route::get('/about', [AboutController::class, 'index']);
- Route::get('/faqs', [FaqController::class, 'index']);
- Route::get('/home', [HomeController::class, 'index']);
- \ No newline at end of file
Added / After Commit
+ <?php
+ 
+ use App\Http\Controllers\AuthController;
+ use App\Http\Controllers\Api\CustomerAuthController;
+ use Illuminate\Support\Facades\Route;
+ use App\Http\Controllers\Api\ProductCategoryController;
+ use App\Http\Controllers\Api\ProductTypeController;
+ use App\Http\Controllers\Api\ProductController;
+ use App\Http\Controllers\Api\AboutController;
+ use App\Http\Controllers\Api\HomeController;
+ use App\Http\Controllers\Api\FaqController;
+ USE App\Http\Controllers\Api\ServiceController;
+ USE App\Http\Controllers\API\ContactController;
+ 
+ Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register');
+ Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login');
+ Route::get('/product', [ProductController::class, 'index']);
+ Route::get('/about', [AboutController::class, 'index']);
Removed / Before Commit
- use App\Http\Controllers\AdminAboutController;
- use App\Http\Controllers\AdminHomeController;
- use App\Http\Controllers\AdminFaqController;
- use Illuminate\Support\Facades\Route;
- 
- Route::get('/', function () {
- Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update');
- Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index');
- Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update');
- Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
- });
Added / After Commit
+ use App\Http\Controllers\AdminAboutController;
+ use App\Http\Controllers\AdminHomeController;
+ use App\Http\Controllers\AdminFaqController;
+ use App\Http\Controllers\AdminContactController;
+ use App\Http\Controllers\AdminServiceController;
+ use Illuminate\Support\Facades\Route;
+ 
+ Route::get('/', function () {
+ Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update');
+ Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index');
+ Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update');
+     Route::get('/contacts', [AdminContactController::class, 'index'])->name('contacts.index');
+     Route::delete('/contacts/{contact}', [AdminContactController::class, 'destroy'])->name('contacts.destroy');
+     Route::get('/service-page', [AdminServiceController::class, 'index'])->name('service-page.index');
+     Route::put('/service-page', [AdminServiceController::class, 'update'])->name('service-page.update');
+ Route::post('/logout', [AuthController::class, 'logout'])->name('logout');
+ });