bert.hausmans
1028498705
- Add throttle middleware to login (5/min), portal/token-auth (10/min), volunteer-register (5/min), and invitation routes (10/min) - Set Sanctum token expiration to 7 days - Remove billing_status from UpdateOrganisationRequest (super_admin only) - Revoke all Sanctum tokens on password reset - Strengthen password rules: min 8 chars, mixed case, numbers - Create SecurityHeaders middleware (X-Content-Type-Options, X-Frame-Options, HSTS, Referrer-Policy, Permissions-Policy) - Fix open redirect on all 3 login pages (validate ?to= starts with /) - Set APP_DEBUG=false in .env.example - Log failed login attempts with email, IP, user-agent - Log authorization failures (403) with user, IP, path, method - Harden mass assignment: remove user_id from Person, audit fields from ShiftAssignment, system fields from UserInvitation $fillable - Replace real DB records with factory make() in mail preview routes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
35 lines
1.0 KiB
PHP
35 lines
1.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Requests\Api\V1;
|
|
|
|
use Illuminate\Foundation\Http\FormRequest;
|
|
use Illuminate\Validation\Rule;
|
|
|
|
final class UpdateOrganisationRequest extends FormRequest
|
|
{
|
|
public function authorize(): bool
|
|
{
|
|
return true;
|
|
}
|
|
|
|
/** @return array<string, mixed> */
|
|
public function rules(): array
|
|
{
|
|
return [
|
|
'name' => ['sometimes', 'string', 'max:255'],
|
|
'slug' => [
|
|
'sometimes', 'string', 'max:255', 'regex:/^[a-z0-9-]+$/',
|
|
Rule::unique('organisations', 'slug')->ignore($this->route('organisation')),
|
|
],
|
|
'settings' => ['sometimes', 'array'],
|
|
'email_logo_url' => ['nullable', 'url', 'max:500'],
|
|
'email_primary_color' => ['nullable', 'string', 'regex:/^#[0-9A-Fa-f]{6}$/'],
|
|
'email_reply_to' => ['nullable', 'email'],
|
|
'email_sender_name' => ['nullable', 'string', 'max:100'],
|
|
'email_footer_text' => ['nullable', 'string', 'max:2000'],
|
|
];
|
|
}
|
|
}
|