AI Review Center
Commit Review Workspace ?
Select a commit on the left to inspect quality, security, business value, findings, and suggested code changes.
Project AI Score
?
59%
Quality Avg
?
64%
Security Avg
?
45%
Reviews
?
57
Review Result ?
jattin01/avriti-backend · 94a1dc28
The commit adds multiple controllers handling admin contacts, service pages, and API endpoints for contacts and customer authentication. The code uses validation and modeled data interactions in typical Laravel style. However, there are some security concerns with password handling and areas where validation and error handling could be improved. The code quality is reasonable but can be improved by reducing duplication and adding clearer error responses.
Quality
?
75%
Security
?
50%
Business Value
?
70%
Maintainability
?
78%
Issues & Suggested Fixes
?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Password Is Stored Directly Without Hashin...
Where
app/Http/Controllers/Api/CustomerAuthController.php:29
Issue / Evidence
password is stored directly without hashing
Suggested Fix
hash the password before storage to improve security score
Directory Creation Does Not Verify Success...
Where
app/Http/Controllers/AdminServiceController.php:40
Issue / Evidence
directory creation does not verify success or handle failure
Suggested Fix
add error handling to improve bug risk and quality scores
User Lookup And Password Checking Combined...
Where
app/Http/Controllers/Api/CustomerAuthController.php:54
Issue / Evidence
user lookup and password checking combined without rate limiting or detailed error handling
Suggested Fix
consider adding throttling and more granular error messages to reduce security risks
Security Issue
Where
app/Http/Controllers/Api/ContactController.php:11
Issue / Evidence
no authentication or spam protection on contact form API endpoint
Suggested Fix
implement spam prevention or rate limiting to improve security score
Very Generic Merge Message With No Detail
Where
commit message
Issue / Evidence
very generic merge message with no detail
Suggested Fix
provide a more descriptive commit message describing changes to improve business value score
Code Change Preview · app/Http/Controllers/AdminContactController.php
?
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers; + + use App\Models\Contact; + + class AdminContactController extends Controller + { + public function index() + { + $contacts = Contact::latest()->get(); + return view('admin.contacts', compact('contacts')); + } + + public function destroy(Contact $contact) + { + $contact->delete(); + return redirect()->route('contacts.index')->with('success', 'Contact deleted successfully.');
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers; + + use App\Models\Service; + use Illuminate\Http\RedirectResponse; + use Illuminate\Http\Request; + use Illuminate\Support\Facades\File; + use Illuminate\View\View; + + class AdminServiceController extends Controller + { + public function index(): View + { + $service = Service::first() ?? new Service(); + $svgFiles = $this->getSvgFiles(); + + return view('admin.service', compact('service', 'svgFiles'));
Removed / Before Commit
- \ No newline at end of file
Added / After Commit
+ <?php + + namespace App\Http\Controllers\Api; + + use App\Http\Controllers\Controller; + use App\Models\Contact; + use Illuminate\Http\Request; + + class ContactController extends Controller + { + public function store(Request $request) + { + $request->validate([ + 'name' => 'required|string', + 'email' => 'required|email', + 'phone' => 'nullable|string', + 'message' => 'required|string', + ]);
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers\Api; + + use App\Http\Controllers\Controller; + use App\Models\Customer; + use Illuminate\Http\JsonResponse; + use Illuminate\Http\Request; + use Illuminate\Support\Facades\DB; + use Illuminate\Support\Facades\Hash; + use Illuminate\Support\Str; + use Illuminate\Validation\ValidationException; + + class CustomerAuthController extends Controller + { + public function register(Request $request): JsonResponse + { + $request->validate([
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Http\Controllers\Api; + + use App\Http\Controllers\Controller; + use App\Models\Service; + + class ServiceController extends Controller + { + public function index() + { + $service = Service::first(); + + if (! $service) { + return response()->json([ + 'success' => true, + 'message' => 'Services fetched successfully', + 'data' => null,
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Models; + + use Illuminate\Database\Eloquent\Model; + + class Contact extends Model + { + // + protected $fillable = [ + 'name', + 'email', + 'phone', + 'message', + ]; + }
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Models; + + use Illuminate\Foundation\Auth\User as Authenticatable; + use Laravel\Sanctum\HasApiTokens; + + class Customer extends Authenticatable + { + use HasApiTokens; + + protected $fillable = ['full_name', 'email', 'phone', 'password']; + + protected $hidden = ['password']; + + protected function casts(): array + { + return ['password' => 'hashed'];
Removed / Before Commit
Added / After Commit
+ <?php + + namespace App\Models; + + use Illuminate\Database\Eloquent\Model; + + class Service extends Model + { + protected $fillable = [ + 's_heading', + 's_sub_heading', + 's_description', + 's_image', + 'cards', + ]; + + protected function casts(): array + {
Removed / Before Commit
- <?php - - use App\Models\User; - - return [ - 'driver' => 'session', - 'provider' => 'users', - ], - ], - - /* - 'driver' => 'eloquent', - 'model' => env('AUTH_MODEL', User::class), - ], - - // 'users' => [ - // 'driver' => 'database',
Added / After Commit
+ <?php + + use App\Models\Customer; + use App\Models\User; + + return [ + 'driver' => 'session', + 'provider' => 'users', + ], + 'customer' => [ + 'driver' => 'sanctum', + 'provider' => 'customers', + ], + ], + + /* + 'driver' => 'eloquent', + 'model' => env('AUTH_MODEL', User::class),
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Cookie\Middleware\EncryptCookies; + use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken; + use Laravel\Sanctum\Http\Middleware\AuthenticateSession; + use Laravel\Sanctum\Sanctum; + + return [ + + /* + |-------------------------------------------------------------------------- + | Stateful Domains + |-------------------------------------------------------------------------- + | + | Requests from the following domains / hosts will receive stateful API + | authentication cookies. Typically, these should include your local + | and production domains which access your API via a frontend SPA. + |
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('services', function (Blueprint $table) { + $table->id(); + $table->string('s_heading'); + $table->string('s_sub_heading')->nullable(); + $table->longText('s_description')->nullable();
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('contacts', function (Blueprint $table) { + $table->id(); + $table->string('name'); + $table->string('email'); + $table->string('phone')->nullable();
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('customers', function (Blueprint $table) { + $table->id(); + $table->string('email')->unique(); + $table->string('password'); + $table->timestamps();
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('customer_password_resets', function (Blueprint $table) { + $table->string('email')->index(); + $table->string('token'); + $table->timestamp('created_at')->nullable(); + });
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::table('customers', function (Blueprint $table) { + // + $table->string('full_name')->after('id'); + $table->string('phone')->nullable()->after('full_name'); + });
Removed / Before Commit
Added / After Commit
+ <?php + + use Illuminate\Database\Migrations\Migration; + use Illuminate\Database\Schema\Blueprint; + use Illuminate\Support\Facades\Schema; + + return new class extends Migration + { + /** + * Run the migrations. + */ + public function up(): void + { + Schema::create('cart_items', function (Blueprint $table) { + $table->id(); + $table->foreignId('customer_id')->constrained()->onDelete('cascade'); + $table->foreignId('product_id')->constrained()->onDelete('cascade'); + $table->string('attribute_name')->nullable();
Removed / Before Commit
Added / After Commit
+ @extends('layouts.app') + + @section('title', 'Contacts | Avriti Dashboard') + @section('content') + + <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between"> + <div> + <h1 class="text-2xl font-semibold text-[#0b3dba]">Contacts</h1> + </div> + </div> + + @if (session('success')) + <div data-auto-hide-alert class="mb-6 rounded-2xl border border-emerald-200 bg-emerald-50 px-4 py-3 text-sm font-semibold text-emerald-700 transition-opacity duration-500"> + {{ session('success') }} + </div> + @endif + + <div class="overflow-hidden rounded-[32px] bg-white shadow-sm">
Removed / Before Commit
Added / After Commit
+ @extends('layouts.app') + + @section('title', 'Services Page | Avriti Dashboard') + + @push('styles') + <link href="https://cdn.quilljs.com/1.3.6/quill.snow.css" rel="stylesheet" /> + <style> + .icon-option-wrap { display: flex; align-items: center; gap: 8px; } + .char-count { font-size: 11px; color: #9ca3af; text-align: right; margin-top: 4px; } + .char-count.warn { color: #ef4444; } + </style> + @endpush + + @section('content') + + <div class="mb-6 flex flex-col gap-4 sm:flex-row sm:items-center sm:justify-between"> + <div> + <h1 class="text-2xl font-semibold text-[#0b3dba]">Services Page</h1>
Removed / Before Commit
- </div> - - {{-- CMS Group --}} - @php $cmsOpen = request()->routeIs('home-page.*', 'about-page.*', 'faq.*'); @endphp - <div> - <button type="button" id="cmsToggle" - class="w-full flex items-center justify-between px-3 py-2.5 rounded-xl text-white/70 hover:bg-white/10 hover:text-white transition"> - <i class="fa-solid fa-circle-question"></i> - FAQs - </a> - </div> - </div> - - </nav> - </aside> - \ No newline at end of file
Added / After Commit
+ </div> + + {{-- CMS Group --}} + @php $cmsOpen = request()->routeIs('home-page.*', 'about-page.*', 'faq.*', 'service-page.*'); @endphp + <div> + <button type="button" id="cmsToggle" + class="w-full flex items-center justify-between px-3 py-2.5 rounded-xl text-white/70 hover:bg-white/10 hover:text-white transition"> + <i class="fa-solid fa-circle-question"></i> + FAQs + </a> + <a href="{{ route('service-page.index') }}" class="flex items-center gap-3 px-3 py-2 rounded-xl text-sm {{ request()->routeIs('service-page.*') ? $activeClass : $inactiveClass }}"> + <i class="fa-solid fa-hand-sparkles"></i> + Services Page + </a> + <a href="{{ route('contacts.index') }}" class="flex items-center gap-3 px-3 py-2.5 rounded-xl {{ request()->routeIs('contacts.*') ? $activeClass : $inactiveClass }}"> + <i class="fa-solid fa-envelope"></i> + Contacts + </a>
Removed / Before Commit
- <?php - - use App\Http\Controllers\AuthController; - use Illuminate\Support\Facades\Route; - use App\Http\Controllers\Api\ProductCategoryController; - use App\Http\Controllers\Api\ProductTypeController; - use App\Http\Controllers\Api\ProductController; - use App\Http\Controllers\Api\AboutController; - use App\Http\Controllers\Api\HomeController; - use App\Http\Controllers\Api\FaqController; - - Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register'); - Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login'); - Route::get('/product', [ProductController::class, 'index']); - Route::get('/about', [AboutController::class, 'index']); - Route::get('/faqs', [FaqController::class, 'index']); - Route::get('/home', [HomeController::class, 'index']); - \ No newline at end of file
Added / After Commit
+ <?php + + use App\Http\Controllers\AuthController; + use App\Http\Controllers\Api\CustomerAuthController; + use Illuminate\Support\Facades\Route; + use App\Http\Controllers\Api\ProductCategoryController; + use App\Http\Controllers\Api\ProductTypeController; + use App\Http\Controllers\Api\ProductController; + use App\Http\Controllers\Api\AboutController; + use App\Http\Controllers\Api\HomeController; + use App\Http\Controllers\Api\FaqController; + USE App\Http\Controllers\Api\ServiceController; + USE App\Http\Controllers\API\ContactController; + + Route::post('/register', [AuthController::class, 'apiRegister'])->name('api.register'); + Route::post('/login', [AuthController::class, 'apiLogin'])->name('api.login'); + Route::get('/product', [ProductController::class, 'index']); + Route::get('/about', [AboutController::class, 'index']);
Removed / Before Commit
- use App\Http\Controllers\AdminAboutController; - use App\Http\Controllers\AdminHomeController; - use App\Http\Controllers\AdminFaqController; - use Illuminate\Support\Facades\Route; - - Route::get('/', function () { - Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update'); - Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index'); - Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update'); - Route::post('/logout', [AuthController::class, 'logout'])->name('logout'); - });
Added / After Commit
+ use App\Http\Controllers\AdminAboutController; + use App\Http\Controllers\AdminHomeController; + use App\Http\Controllers\AdminFaqController; + use App\Http\Controllers\AdminContactController; + use App\Http\Controllers\AdminServiceController; + use Illuminate\Support\Facades\Route; + + Route::get('/', function () { + Route::put('/faq', [AdminFaqController::class, 'update'])->name('faq.update'); + Route::get('/about-page', [AdminAboutController::class, 'index'])->name('about-page.index'); + Route::put('/about-page', [AdminAboutController::class, 'update'])->name('about-page.update'); + Route::get('/contacts', [AdminContactController::class, 'index'])->name('contacts.index'); + Route::delete('/contacts/{contact}', [AdminContactController::class, 'destroy'])->name('contacts.destroy'); + Route::get('/service-page', [AdminServiceController::class, 'index'])->name('service-page.index'); + Route::put('/service-page', [AdminServiceController::class, 'update'])->name('service-page.update'); + Route::post('/logout', [AuthController::class, 'logout'])->name('logout'); + });