chore(deps-dev): bump form-data from 4.0.5 to 4.0.6

composer.json

@@ -52,7 +52,16 @@
     "autoload-dev": {
         "psr-4": {
             "Tests\\": "tests/"
-        }
+        },
+        "files": [
+            "tests/Support/GameVersionHelper.php",
+            "tests/Support/ItemShowHelper.php",
+            "tests/Support/ResourceTestHelper.php",
+            "tests/Support/ImportTestHelper.php",
+            "tests/Support/MissionFactionFactory.php",
+            "tests/Support/BlueprintDataHelper.php",
+            "tests/Support/ShipMatrixReferenceDataFactory.php"
+        ]
     },
     "scripts": {
         "setup": [

docker/apache-prefork.conf

@@ -4,5 +4,5 @@
     MinSpareServers        10
     MaxSpareServers        24
     MaxRequestWorkers      48
-    MaxConnectionsPerChild 1000
+    MaxConnectionsPerChild 10000
 </IfModule>

tests/Feature/AddCloudflareCacheTagsTest.php

@@ -8,10 +8,4 @@
             ->assertSuccessful()
             ->assertHeader('Cache-Tag', 'api, api-comm-links');
     });
-
-    it('sets Cache-Tag header on web controllers', function (): void {
-        $this->get('/comm-links')
-            ->assertSuccessful()
-            ->assertHeader('Cache-Tag', 'web, web-comm-links');
-    });
-});
+});

tests/Feature/Admin/AdminAuthGatingTest.php

@@ -0,0 +1,96 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Models\Game\GameVersion;
+use App\Models\Rsi\CommLink\CommLink;
+use App\Models\User;
+
+dataset('admin_guest_routes', function (): array {
+    return [
+        'dashboard' => ['get', '/admin'],
+        'game-versions.index' => ['get', '/admin/game-versions'],
+        'jobs.index' => ['get', '/admin/jobs'],
+        'translations.index' => ['get', '/admin/translations'],
+        'users.index' => ['get', '/admin/users'],
+    ];
+});
+
+dataset('admin_non_admin_routes', function (): array {
+    return [
+        'dashboard' => ['get', '/admin'],
+        'game-versions.index' => ['get', '/admin/game-versions'],
+        'jobs.index' => ['get', '/admin/jobs'],
+        'translations.index' => ['get', '/admin/translations'],
+        'users.index' => ['get', '/admin/users'],
+    ];
+});
+
+it('redirects guests to login on admin routes', function (string $method, string $url): void {
+    $this->{$method}($url)->assertRedirect(route('login'));
+})->with('admin_guest_routes');
+
+it('forbids non-admin users from admin routes', function (string $method, string $url): void {
+    $user = User::factory()->create(['is_admin' => false]);
+
+    $this->actingAs($user)->{$method}($url)->assertForbidden();
+})->with('admin_non_admin_routes');
+
+it('redirects guests to login for admin game-version POST routes', function (): void {
+    $version = GameVersion::factory()->create();
+
+    $this->post(route('admin.game-versions.set-default', $version))->assertRedirect(route('login'));
+    $this->post(route('admin.game-versions.hide', $version))->assertRedirect(route('login'));
+    $this->post(route('admin.game-versions.show', GameVersion::factory()->create(['is_hidden' => true])))->assertRedirect(route('login'));
+});
+
+it('forbids non-admin users from admin game-version POST routes', function (): void {
+    $user = User::factory()->create(['is_admin' => false]);
+    $version = GameVersion::factory()->create();
+
+    $this->actingAs($user)->post(route('admin.game-versions.set-default', $version))->assertForbidden();
+    $this->actingAs($user)->post(route('admin.game-versions.hide', $version))->assertForbidden();
+    $this->actingAs($user)->post(route('admin.game-versions.show', GameVersion::factory()->create(['is_hidden' => true])))->assertForbidden();
+});
+
+it('redirects guests to login for admin jobs DELETE routes', function (): void {
+    $this->delete(route('admin.jobs.destroy', 1))->assertRedirect(route('login'));
+    $this->delete(route('admin.jobs.truncate'))->assertRedirect(route('login'));
+});
+
+it('forbids non-admin users from admin jobs DELETE routes', function (): void {
+    $user = User::factory()->create(['is_admin' => false]);
+
+    $this->actingAs($user)->delete(route('admin.jobs.destroy', 1))->assertForbidden();
+    $this->actingAs($user)->delete(route('admin.jobs.truncate'))->assertForbidden();
+});
+
+it('redirects guests to login for admin translation edit/update routes', function (): void {
+    $commLink = CommLink::factory()->create();
+
+    $this->get(route('admin.translations.edit', ['type' => 'comm-link', 'id' => $commLink->cig_id]))->assertRedirect(route('login'));
+    $this->put(route('admin.translations.update', ['type' => 'comm-link', 'id' => $commLink->cig_id]))->assertRedirect(route('login'));
+});
+
+it('forbids non-admin users from admin translation edit/update routes', function (): void {
+    $user = User::factory()->create(['is_admin' => false]);
+    $commLink = CommLink::factory()->create();
+
+    $this->actingAs($user)->get(route('admin.translations.edit', ['type' => 'comm-link', 'id' => $commLink->cig_id]))->assertForbidden();
+    $this->actingAs($user)->put(route('admin.translations.update', ['type' => 'comm-link', 'id' => $commLink->cig_id]))->assertForbidden();
+});
+
+it('redirects guests to login for admin user destroy route', function (): void {
+    $targetUser = User::factory()->create();
+
+    $this->delete(route('admin.users.destroy', $targetUser))->assertRedirect(route('login'));
+    $this->assertDatabaseHas('users', ['id' => $targetUser->id]);
+});
+
+it('forbids non-admin users from admin user destroy route', function (): void {
+    $user = User::factory()->create(['is_admin' => false]);
+    $targetUser = User::factory()->create();
+
+    $this->actingAs($user)->delete(route('admin.users.destroy', $targetUser))->assertForbidden();
+    $this->assertDatabaseHas('users', ['id' => $targetUser->id]);
+});

tests/Feature/Admin/FailedJobsRoutesTest.php

@@ -45,20 +45,6 @@
     return (int) DB::table('failed_jobs')->insertGetId($attributes);
 };
 
-it('redirects guests to login for failed jobs index', function (): void {
-    $response = $this->get(route('admin.jobs.index'));
-
-    $response->assertRedirect(route('login'));
-});
-
-it('forbids non-admin users from failed jobs index', function (): void {
-    $user = User::factory()->create(['is_admin' => false]);
-
-    $response = $this->actingAs($user)->get(route('admin.jobs.index'));
-
-    $response->assertForbidden();
-});
-
 it('allows admin users to view failed jobs index with failed job rows', function () use ($insertFailedJob): void {
     $admin = User::factory()->create(['is_admin' => true]);
 
@@ -107,25 +93,6 @@
         ->assertSee(route('admin.jobs.truncate'), false);
 });
 
-it('redirects guests to login for deleting a failed job', function () use ($insertFailedJob): void {
-    $failedJobId = $insertFailedJob();
-
-    $response = $this->delete(route('admin.jobs.destroy', ['id' => $failedJobId]));
-
-    $response->assertRedirect(route('login'));
-});
-
-it('forbids non-admin users from deleting a failed job', function () use ($insertFailedJob): void {
-    $user = User::factory()->create(['is_admin' => false]);
-    $failedJobId = $insertFailedJob();
-
-    $response = $this->actingAs($user)
-        ->delete(route('admin.jobs.destroy', ['id' => $failedJobId]));
-
-    $response->assertForbidden();
-    $this->assertDatabaseHas('failed_jobs', ['id' => $failedJobId]);
-});
-
 it('allows admin users to delete a failed job and redirects with success flash', function () use ($insertFailedJob): void {
     $admin = User::factory()->create(['is_admin' => true]);
     $targetFailedJobId = $insertFailedJob(['queue' => 'critical']);
@@ -140,23 +107,6 @@
     $this->assertDatabaseHas('failed_jobs', ['id' => $keptFailedJobId]);
 });
 
-it('redirects guests to login for truncating failed jobs', function (): void {
-    $response = $this->delete(route('admin.jobs.truncate'));
-
-    $response->assertRedirect(route('login'));
-});
-
-it('forbids non-admin users from truncating failed jobs', function () use ($insertFailedJob): void {
-    $user = User::factory()->create(['is_admin' => false]);
-    $insertFailedJob();
-
-    $response = $this->actingAs($user)
-        ->delete(route('admin.jobs.truncate'));
-
-    $response->assertForbidden();
-    $this->assertDatabaseCount('failed_jobs', 1);
-});
-
 it('allows admin users to truncate failed jobs and redirects with success flash', function () use ($insertFailedJob): void {
     $admin = User::factory()->create(['is_admin' => true]);
     $insertFailedJob(['queue' => 'critical']);
@@ -168,4 +118,4 @@
     $response->assertRedirect(route('admin.jobs.index'));
     $response->assertSessionHas('success', 'All failed jobs have been deleted.');
     $this->assertDatabaseCount('failed_jobs', 0);
-});
+});

tests/Feature/Admin/GameVersionRoutesTest.php

@@ -5,21 +5,6 @@
 use App\Models\Game\GameVersion;
 use App\Models\User;
 
-it('redirects guests for get admin/game-versions to login', function (): void {
-    $response = $this->get(route('admin.game-versions.index'));
-
-    $response->assertRedirect(route('login'));
-});
-
-it('forbids authenticated non-admin users for get admin/game-versions', function (): void {
-    $user = User::factory()->create(['is_admin' => false]);
-
-    $response = $this->actingAs($user)
-        ->get(route('admin.game-versions.index'));
-
-    $response->assertForbidden();
-});
-
 it('allows authenticated admins to see game versions in the index', function (): void {
     $admin = User::factory()->create(['is_admin' => true]);
 
@@ -70,64 +55,6 @@
         ->assertDontSee(route('admin.game-versions.hide', $hiddenVersion), false);
 });
 
-it('redirects guests for post admin/game-versions/{gameversion}/set-default to login', function (): void {
-    $gameVersion = GameVersion::factory()->create();
-
-    $response = $this->post(route('admin.game-versions.set-default', $gameVersion));
-
-    $response->assertRedirect(route('login'));
-});
-
-it('forbids authenticated non-admin users for post admin/game-versions/{gameversion}/set-default', function (): void {
-    $user = User::factory()->create(['is_admin' => false]);
-    $gameVersion = GameVersion::factory()->create();
-
-    $response = $this->actingAs($user)
-        ->post(route('admin.game-versions.set-default', $gameVersion));
-
-    $response->assertForbidden();
-});
-
-it('redirects guests for post admin/game-versions/{gameversion}/hide to login', function (): void {
-    $gameVersion = GameVersion::factory()->create();
-
-    $response = $this->post(route('admin.game-versions.hide', $gameVersion));
-
-    $response->assertRedirect(route('login'));
-});
-
-it('forbids authenticated non-admin users for post admin/game-versions/{gameversion}/hide', function (): void {
-    $user = User::factory()->create(['is_admin' => false]);
-    $gameVersion = GameVersion::factory()->create();
-
-    $response = $this->actingAs($user)
-        ->post(route('admin.game-versions.hide', $gameVersion));
-
-    $response->assertForbidden();
-});
-
-it('redirects guests for post admin/game-versions/{gameversion}/show to login', function (): void {
-    $gameVersion = GameVersion::factory()->create([
-        'is_hidden' => true,
-    ]);
-
-    $response = $this->post(route('admin.game-versions.show', $gameVersion));
-
-    $response->assertRedirect(route('login'));
-});
-
-it('forbids authenticated non-admin users for post admin/game-versions/{gameversion}/show', function (): void {
-    $user = User::factory()->create(['is_admin' => false]);
-    $gameVersion = GameVersion::factory()->create([
-        'is_hidden' => true,
-    ]);
-
-    $response = $this->actingAs($user)
-        ->post(route('admin.game-versions.show', $gameVersion));
-
-    $response->assertForbidden();
-});
-
 it('allows authenticated admins to set exactly one selected version as default and makes it visible', function (): void {
     $admin = User::factory()->create(['is_admin' => true]);
 
@@ -225,4 +152,4 @@
         'id' => $gameVersion->id,
         'is_hidden' => false,
     ]);
-});
+});