Remove un-needed config files

Generate zst and br files, then  remove any that are actually larger
than the source file

.env.dusk.testing

@@ -1,14 +0,0 @@
-APP_ENV=testing
-APP_DEBUG=true
-APP_KEY=base64:6DJhvZLVjE6dD4Cqrteh+6Z5vZlG+v/soCKcDHLOAH0=
-APP_URL=http://localhost:8000
-APP_LONGURL=localhost
-APP_SHORTURL=local
-
-DB_CONNECTION=travis
-
-CACHE_DRIVER=array
-SESSION_DRIVER=file
-QUEUE_DRIVER=sync
-
-SCOUT_DRIVER=pgsql

.env.example

@@ -4,15 +4,15 @@ APP_KEY=
 APP_DEBUG=true
 APP_TIMEZONE=UTC
 APP_URL=https://example.com
-APP_LONGURL=example.com
-APP_SHORTURL=examp.le
 
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
 APP_FAKER_LOCALE=en_US
 
 APP_MAINTENANCE_DRIVER=file
-APP_MAINTENANCE_STORE=database
+# APP_MAINTENANCE_STORE=database
+
+PHP_CLI_SERVER_WORKERS=4
 
 BCRYPT_ROUNDS=12
 
@@ -39,7 +39,7 @@ FILESYSTEM_DISK=local
 QUEUE_CONNECTION=database
 
 CACHE_STORE=database
-CACHE_PREFIX=
+# CACHE_PREFIX=
 
 MEMCACHED_HOST=127.0.0.1
 
@@ -49,6 +49,7 @@ REDIS_PASSWORD=null
 REDIS_PORT=6379
 
 MAIL_MAILER=log
+MAIL_SCHEME=null
 MAIL_HOST=127.0.0.1
 MAIL_PORT=2525
 MAIL_USERNAME=null

.env.github

@@ -1,70 +0,0 @@
-APP_NAME=Laravel
-APP_ENV=testing
-APP_KEY=SomeRandomString # Leave this
-APP_DEBUG=false
-APP_LOG_LEVEL=warning
-
-DB_CONNECTION=pgsql
-DB_HOST=127.0.0.1
-DB_PORT=5432
-DB_DATABASE=jbukdev_testing
-DB_USERNAME=postgres
-DB_PASSWORD=postgres
-
-BROADCAST_DRIVER=log
-CACHE_DRIVER=file
-SESSION_DRIVER=file
-QUEUE_DRIVER=sync
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
-MAIL_DRIVER=smtp
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-MAIL_USERNAME=null
-MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
-
-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-
-AWS_S3_KEY=your-key
-AWS_S3_SECRET=your-secret
-AWS_S3_REGION=region
-AWS_S3_BUCKET=your-bucket
-AWS_S3_URL=https://xxxxxxx.s3-region.amazonaws.com
-
-APP_URL=https://example.com # This one is necessary
-APP_LONGURL=example.com
-APP_SHORTURL=examp.le
-
-ADMIN_USER=admin # pick something better, this is used for `/admin`
-ADMIN_PASS=password
-DISPLAY_NAME="Joe Bloggs" # This is used for example in the header and titles
-
-TWITTER_CONSUMER_KEY=
-TWITTER_CONSUMER_SECRET=
-TWITTER_ACCESS_TOKEN=
-TWITTER_ACCESS_TOKEN_SECRET=
-
-SCOUT_DRIVER=database
-SCOUT_QUEUE=false
-
-PIWIK=false
-
-FATHOM_ID=
-
-APP_TIMEZONE=UTC
-APP_LANG=en
-APP_LOG=daily
-SECURE_SESSION_COOKIE=true
-
-LOG_SLACK_WEBHOOK_URL=
-FLARE_KEY=
-
-FONT_LINK=
-
-BRIDGY_MASTODON_TOKEN=

.eslintrc.yml

@@ -1,38 +0,0 @@
-parserOptions:
-  sourceType: 'module'
-  ecmaVersion: 'latest'
-extends: 'eslint:recommended'
-env:
-  browser: true
-  es6: true
-ignorePatterns:
-  - webpack.config.js
-rules:
-  indent:
-    - error
-    - 2
-  linebreak-style:
-    - error
-    - unix
-  quotes:
-    - error
-    - single
-  semi:
-    - error
-    - always
-  no-console:
-    - error
-    - allow:
-      - warn
-      - error
-  no-await-in-loop:
-    - error
-  no-promise-executor-return:
-    - error
-  require-atomic-updates:
-    - error
-  max-nested-callbacks:
-    - error
-    - 3
-  prefer-promise-reject-errors:
-    - error

.gitattributes

@@ -5,7 +5,3 @@
 *.html diff=html
 *.md diff=markdown
 *.php diff=php
-
-/.github export-ignore
-CHANGELOG.md export-ignore
-.styleci.yml export-ignore

.github/dependabot.yml

@@ -1,12 +0,0 @@
-version: 2
-
-updates:
-  - package-ecosystem: "composer"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"

.github/workflows/deploy.yml

@@ -1,144 +0,0 @@
-name: Deploy
-
-on:
-  workflow_dispatch:
-  release:
-    types: [published]
-
-jobs:
-  deploy:
-    name: Deploy
-    runs-on: ubuntu-latest
-    environment: Hetzner
-    env:
-      repository: 'jonnybarnes/jonnybarnes.uk'
-      newReleaseName: '${{ github.run_id }}'
-
-    steps:
-      - name: 🌍 Set Environment Variables
-        run: |
-          echo "releasesDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/releases" >> $GITHUB_ENV
-          echo "persistentDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent" >> $GITHUB_ENV
-          echo "currentDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/current" >> $GITHUB_ENV
-      - name: 🌎 Set Environment Variables Part 2
-        run: |
-          echo "newReleaseDir=${{ env.releasesDir }}/${{ env.newReleaseName }}" >> $GITHUB_ENV
-      - name: 🔄 Clone Repository
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            [ -d ${{ env.releasesDir }} ] || mkdir ${{ env.releasesDir }}
-            [ -d ${{ env.persistentDir }} ] || mkdir ${{ env.persistentDir }}
-            [ -d ${{ env.persistentDir }}/storage ] || mkdir ${{ env.persistentDir }}/storage
-
-            cd ${{ env.releasesDir }}
-
-            # Create new release directory
-            mkdir ${{ env.newReleaseDir }}
-
-            # Clone app
-            git clone --depth 1 --branch ${{ github.ref_name }} https://github.com/${{ env.repository }} ${{ env.newReleaseName }}
-
-            # Mark release
-            cd ${{ env.newReleaseDir }}
-            echo "${{ env.newReleaseName }}" > public/release-name.txt
-
-            # Fix cache directory permissions
-            sudo chown -R ${{ secrets.HTTP_USER }}:${{ secrets.HTTP_USER }} bootstrap/cache
-
-      - name: 🎵 Run Composer
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            cd ${{ env.newReleaseDir }}
-            composer install --prefer-dist --no-scripts --no-dev --no-progress --optimize-autoloader --quiet --no-interaction
-
-      - name: 🔗 Update Symlinks
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            # Import the environment config
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/.env .env;
-
-            # Remove the storage directory and replace with persistent data
-            rm -rf ${{ env.newReleaseDir }}/storage;
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/storage storage;
-
-            # Remove the public/profile-images directory and replace with persistent data
-            rm -rf ${{ env.newReleaseDir }}/public/assets/profile-images;
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/profile-images public/assets/profile-images;
-
-            # Add the persistent files data
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/files public/files;
-
-            # Add the persistent fonts data
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/fonts public/fonts;
-
-      - name: ✨ Optimize Installation
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            cd ${{ env.newReleaseDir }};
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan clear-compiled;
-
-      - name: 🙈 Migrate database
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            cd ${{ env.newReleaseDir }}
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan migrate --force
-
-      - name: 🙏 Bless release
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            ln -nfs ${{ env.newReleaseDir }} ${{ env.currentDir }};
-            cd ${{ env.newReleaseDir }}
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan horizon:terminate
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan config:cache
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan event:cache
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan route:cache
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan view:cache
-
-            sudo systemctl restart php-fpm.service
-            sudo systemctl restart jbuk-horizon.service
-
-      - name: 🚾 Clean up old releases
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            fd '.+' ${{ env.releasesDir }} -d 1 | head -n -3 | xargs -d "\n" -I'{}' sudo chown -R ${{ secrets.DEPLOYMENT_USER }}:${{ secrets.DEPLOYMENT_USER }} {}
-            fd '.+' ${{ env.releasesDir }} -d 1 | head -n -3 | xargs -d "\n" -I'{}' rm -rf {}

.github/workflows/phpunit.yml

@@ -1,65 +0,0 @@
-name: PHP Unit
-
-on:
-  pull_request:
-
-jobs:
-  phpunit:
-    runs-on: ubuntu-latest
-
-    name: PHPUnit test suite
-
-    services:
-      postgres:
-        image: postgres:latest
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: jbukdev_testing
-        ports:
-          - 5432:5432
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: '8.3'
-          extensions: mbstring, intl, phpredis, imagick
-          coverage: xdebug
-          tools: phpunit
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Copy .env
-        run: php -r "file_exists('.env') || copy('.env.github', '.env');"
-
-      - name: Get Composer Cache Directory
-        id: composer-cache
-        run: |
-          echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-      - name: Cache composer dependencies
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-php-8.3-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-php-8.3-composer-
-
-      - name: Install Composer Dependencies
-        run: composer install --quiet --no-ansi --no-interaction --no-progress
-
-      - name: Generate Key
-        run: php artisan key:generate
-
-      - name: Setup Directory Permissions
-        run: chmod -R 777 storage bootstrap/cache
-
-      - name: Setup Database
-        run: php artisan migrate
-
-      - name: Execute PHPUnit Tests
-        run: vendor/bin/phpunit

.github/workflows/pint.yml

@@ -1,38 +0,0 @@
-name: Laravel Pint
-
-on:
-  pull_request:
-
-jobs:
-  pint:
-    runs-on: ubuntu-latest
-
-    name: Laravel Pint
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Setup PHP with pecl extensions
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: '8.2'
-
-      - name: Get Composer Cache Directory
-        id: composer-cache
-        run: |
-          echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-      - name: Cache composer dependencies
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-composer-
-
-      - name: Install Composer Dependencies
-        run: composer install --quiet --no-ansi --no-interaction --no-progress
-
-      - name: Check Files with Laravel Pint
-        run: vendor/bin/pint --test

.gitignore

@@ -4,7 +4,6 @@
 /public/coverage
 /public/hot
 /public/files
-/public/fonts
 /public/storage
 /storage/*.key
 /vendor
@@ -21,3 +20,5 @@ yarn-error.log
 /.idea
 /.vscode
 ray.php
+/public/gpg.key
+/public/assets/img/favicon.png

.styleci.yml

@@ -1,9 +0,0 @@
-php:
-  preset: laravel
-  disabled:
-    - no_unused_imports
-  finder:
-    not-name:
-      - index.php
-js: true
-css: true

app/Console/Commands/CopyMediaToLocal.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Media;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Storage;
+
+class CopyMediaToLocal extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'app:copy-media-to-local';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Copy any historic media saved to S3 to the local filesystem';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        // Load all the Media records
+        $media = Media::all();
+
+        // Loop through each media record and copy the file from S3 to the local filesystem
+        foreach ($media as $mediaItem) {
+            $filename = $mediaItem->path;
+
+            $this->info('Processing: ' . $filename);
+
+            // If the file is already saved locally skip to next one
+            if (Storage::disk('local')->exists('public/' . $filename)) {
+                $this->info('File already exists locally, skipping');
+
+                continue;
+            }
+
+            // Copy the file from S3 to the local filesystem
+            if (! Storage::disk('s3')->exists($filename)) {
+                $this->error('File does not exist on S3');
+
+                continue;
+            }
+            $contents = Storage::disk('s3')->get($filename);
+            Storage::disk('local')->put('public/' . $filename, $contents);
+
+            // Copy -medium and -small versions if they exist
+            $filenameParts = explode('.', $filename);
+            $extension = array_pop($filenameParts);
+            $basename = trim(implode('.', $filenameParts), '.');
+            $mediumFilename = $basename . '-medium.' . $extension;
+            $smallFilename = $basename . '-small.' . $extension;
+            if (Storage::disk('s3')->exists($mediumFilename)) {
+                Storage::disk('local')->put('public/' . $mediumFilename, Storage::disk('s3')->get($mediumFilename));
+            }
+            if (Storage::disk('s3')->exists($smallFilename)) {
+                Storage::disk('local')->put('public/' . $smallFilename, Storage::disk('s3')->get($smallFilename));
+            }
+        }
+    }
+}

app/Console/Commands/MigratePlaceDataFromPostgis.php

@@ -8,8 +8,6 @@ use Illuminate\Support\Facades\DB;
 
 /**
  * @codeCoverageIgnore
- *
- * @psalm-suppress UnusedClass
  */
 class MigratePlaceDataFromPostgis extends Command
 {

app/Console/Commands/ParseCachedWebMentions.php

@@ -9,9 +9,6 @@ use Illuminate\Console\Command;
 use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use Illuminate\FileSystem\FileSystem;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ParseCachedWebMentions extends Command
 {
     /**
@@ -37,7 +34,7 @@ class ParseCachedWebMentions extends Command
     {
         $htmlFiles = $filesystem->allFiles(storage_path() . '/HTML');
         foreach ($htmlFiles as $file) {
-            if ($file->getExtension() !== 'backup') { //we don’t want to parse `.backup` files
+            if ($file->getExtension() !== 'backup') { // we don’t want to parse `.backup` files
                 $filepath = $file->getPathname();
                 $this->info('Loading HTML from: ' . $filepath);
                 $html = $filesystem->get($filepath);

app/Console/Commands/ReDownloadWebMentions.php

@@ -8,9 +8,6 @@ use App\Jobs\DownloadWebMention;
 use App\Models\WebMention;
 use Illuminate\Console\Command;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ReDownloadWebMentions extends Command
 {
     /**

app/Console/Commands/UpdateWebmentionsRelationship.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Note;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\DB;
+
+class UpdateWebmentionsRelationship extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'webmentions:update-model-relationship';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Update webmentions to relate to the correct note model class';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        DB::table('webmentions')
+            ->where('commentable_type', '=', 'App\Model\Note')
+            ->update(['commentable_type' => Note::class]);
+
+        $this->info('All webmentions updated to relate to the correct note model class');
+    }
+}

app/Exceptions/InternetArchiveException.php

@@ -2,6 +2,4 @@
 
 namespace App\Exceptions;
 
-class InternetArchiveException extends \Exception
-{
-}
+class InternetArchiveException extends \Exception {}

app/Exceptions/RemoteContentNotFoundException.php

@@ -6,5 +6,5 @@ use Exception;
 
 class RemoteContentNotFoundException extends Exception
 {
-    //used when guzzle can’t find the remote content
+    // used when guzzle can’t find the remote content
 }

app/Http/Controllers/Admin/ArticlesController.php

@@ -9,9 +9,6 @@ use App\Models\Article;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ArticlesController extends Controller
 {
     public function index(): View
@@ -30,7 +27,7 @@ class ArticlesController extends Controller
 
     public function store(): RedirectResponse
     {
-        //if a `.md` is attached use that for the main content.
+        // if a `.md` is attached use that for the main content.
         if (request()->hasFile('article')) {
             $file = request()->file('article')->openFile();
             $content = $file->fread($file->getSize());

app/Http/Controllers/Admin/BioController.php

@@ -10,9 +10,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class BioController extends Controller
 {
     public function show(): View

app/Http/Controllers/Admin/ClientsController.php

@@ -9,9 +9,6 @@ use App\Models\MicropubClient;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ClientsController extends Controller
 {
     /**

app/Http/Controllers/Admin/ContactsController.php

@@ -12,9 +12,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Arr;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ContactsController extends Controller
 {
     /**
@@ -40,7 +37,7 @@ class ContactsController extends Controller
      */
     public function store(): RedirectResponse
     {
-        $contact = new Contact();
+        $contact = new Contact;
         $contact->name = request()->input('name');
         $contact->nick = request()->input('nick');
         $contact->homepage = request()->input('homepage');
@@ -79,7 +76,7 @@ class ContactsController extends Controller
         if (request()->hasFile('avatar') && (request()->input('homepage') != '')) {
             $dir = parse_url(request()->input('homepage'), PHP_URL_HOST);
             $destination = public_path() . '/assets/profile-images/' . $dir;
-            $filesystem = new Filesystem();
+            $filesystem = new Filesystem;
             if ($filesystem->isDirectory($destination) === false) {
                 $filesystem->makeDirectory($destination);
             }
@@ -139,7 +136,7 @@ class ContactsController extends Controller
             }
             if ($avatar !== null) {
                 $directory = public_path() . '/assets/profile-images/' . parse_url($contact->homepage, PHP_URL_HOST);
-                $filesystem = new Filesystem();
+                $filesystem = new Filesystem;
                 if ($filesystem->isDirectory($directory) === false) {
                     $filesystem->makeDirectory($directory);
                 }

app/Http/Controllers/Admin/HomeController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers\Admin;
 use App\Http\Controllers\Controller;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class HomeController extends Controller
 {
     /**

app/Http/Controllers/Admin/LikesController.php

@@ -10,9 +10,6 @@ use App\Models\Like;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class LikesController extends Controller
 {
     /**

app/Http/Controllers/Admin/NotesController.php

@@ -11,9 +11,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class NotesController extends Controller
 {
     /**
@@ -67,7 +64,7 @@ class NotesController extends Controller
      */
     public function update(int $noteId): RedirectResponse
     {
-        //update note data
+        // update note data
         $note = Note::findOrFail($noteId);
         $note->note = request()->input('content');
         $note->in_reply_to = request()->input('in-reply-to');

app/Http/Controllers/Admin/PasskeysController.php

@@ -18,8 +18,8 @@ use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\View\View;
 use ParagonIE\ConstantTime\Base64UrlSafe;
+use Random\RandomException;
 use Throwable;
-use Webauthn\AttestationStatement\AttestationObjectLoader;
 use Webauthn\AttestationStatement\AttestationStatementSupportManager;
 use Webauthn\AttestationStatement\NoneAttestationStatementSupport;
 use Webauthn\AuthenticationExtensions\ExtensionOutputCheckerHandler;
@@ -28,18 +28,17 @@ use Webauthn\AuthenticatorAssertionResponseValidator;
 use Webauthn\AuthenticatorAttestationResponse;
 use Webauthn\AuthenticatorAttestationResponseValidator;
 use Webauthn\AuthenticatorSelectionCriteria;
+use Webauthn\CeremonyStep\CeremonyStepManagerFactory;
+use Webauthn\Denormalizer\WebauthnSerializerFactory;
 use Webauthn\Exception\WebauthnException;
+use Webauthn\PublicKeyCredential;
 use Webauthn\PublicKeyCredentialCreationOptions;
-use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialParameters;
 use Webauthn\PublicKeyCredentialRequestOptions;
 use Webauthn\PublicKeyCredentialRpEntity;
 use Webauthn\PublicKeyCredentialSource;
 use Webauthn\PublicKeyCredentialUserEntity;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class PasskeysController extends Controller
 {
     public function index(): View
@@ -51,22 +50,26 @@ class PasskeysController extends Controller
         return view('admin.passkeys.index', compact('passkeys'));
     }
 
-    public function getCreateOptions(): JsonResponse
+    /**
+     * @throws RandomException
+     * @throws \JsonException
+     */
+    public function getCreateOptions(Request $request): JsonResponse
     {
         /** @var User $user */
         $user = auth()->user();
 
         // RP Entity i.e. the application
         $rpEntity = PublicKeyCredentialRpEntity::create(
-            config('app.name'),
-            config('url.longurl'),
+            name: config('app.name'),
+            id: config('app.url'),
         );
 
         // User Entity
         $userEntity = PublicKeyCredentialUserEntity::create(
-            $user->name,
-            (string) $user->id,
-            $user->name,
+            name: $user->name,
+            id: (string) $user->id,
+            displayName: $user->name,
         );
 
         // Challenge
@@ -84,70 +87,100 @@ class PasskeysController extends Controller
         $authenticatorSelectionCriteria = AuthenticatorSelectionCriteria::create(
             userVerification: AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED,
             residentKey: AuthenticatorSelectionCriteria::RESIDENT_KEY_REQUIREMENT_REQUIRED,
-            requireResidentKey: true,
         );
 
-        $options = PublicKeyCredentialCreationOptions::create(
-            $rpEntity,
-            $userEntity,
-            $challenge,
-            $pubKeyCredParams,
+        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
+            rp: $rpEntity,
+            user: $userEntity,
+            challenge: $challenge,
+            pubKeyCredParams: $pubKeyCredParams,
             authenticatorSelection: $authenticatorSelectionCriteria,
             attestation: PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE
         );
 
-        $options = json_encode($options, JSON_THROW_ON_ERROR);
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
+        $webauthnSerializerFactory = new WebauthnSerializerFactory(
+            attestationStatementSupportManager: $attestationStatementSupportManager
+        );
+        $webauthnSerializer = $webauthnSerializerFactory->create();
+        $publicKeyCredentialCreationOptions = $webauthnSerializer->serialize(
+            data: $publicKeyCredentialCreationOptions,
+            format: 'json'
+        );
 
-        session(['create_options' => $options]);
+        $request->session()->put('create_options', $publicKeyCredentialCreationOptions);
 
-        return JsonResponse::fromJsonString($options);
+        return JsonResponse::fromJsonString($publicKeyCredentialCreationOptions);
     }
 
+    /**
+     * @throws Throwable
+     * @throws WebauthnException
+     * @throws \JsonException
+     */
     public function create(Request $request): JsonResponse
     {
         /** @var User $user */
         $user = auth()->user();
 
         $publicKeyCredentialCreationOptionsData = session('create_options');
+        // Unset session data to mitigate replay attacks
+        $request->session()->forget('create_options');
         if (empty($publicKeyCredentialCreationOptionsData)) {
             throw new WebAuthnException('No public key credential request options found');
         }
-        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::createFromString($publicKeyCredentialCreationOptionsData);
 
-        // Unset session data to mitigate replay attacks
-        session()->forget('create_options');
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
+        $webauthnSerializerFactory = new WebauthnSerializerFactory(
+            attestationStatementSupportManager: $attestationStatementSupportManager
+        );
+        $webauthnSerializer = $webauthnSerializerFactory->create();
 
-        $attestationSupportManager = AttestationStatementSupportManager::create();
-        $attestationSupportManager->add(NoneAttestationStatementSupport::create());
-        $attestationObjectLoader = AttestationObjectLoader::create($attestationSupportManager);
-        $publicKeyCredentialLoader = PublicKeyCredentialLoader::create($attestationObjectLoader);
-
-        $publicKeyCredential = $publicKeyCredentialLoader->load(json_encode($request->all(), JSON_THROW_ON_ERROR));
+        $publicKeyCredential = $webauthnSerializer->deserialize(
+            json_encode($request->all(), JSON_THROW_ON_ERROR),
+            PublicKeyCredential::class,
+            'json'
+        );
 
         if (! $publicKeyCredential->response instanceof AuthenticatorAttestationResponse) {
             throw new WebAuthnException('Invalid response type');
         }
 
-        $attestationStatementSupportManager = AttestationStatementSupportManager::create();
-        $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
+        $algorithmManager = new Manager;
+        $algorithmManager->add(new Ed25519);
+        $algorithmManager->add(new ES256);
+        $algorithmManager->add(new RS256);
+
+        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory;
+        $ceremonyStepManagerFactory->setAlgorithmManager($algorithmManager);
+        $ceremonyStepManagerFactory->setAttestationStatementSupportManager(
+            $attestationStatementSupportManager
+        );
+        $ceremonyStepManagerFactory->setExtensionOutputCheckerHandler(
+            ExtensionOutputCheckerHandler::create()
+        );
+        $allowedOrigins = [];
+        if (App::environment('local', 'development')) {
+            $allowedOrigins = [config('app.url')];
+        }
+        $ceremonyStepManagerFactory->setAllowedOrigins($allowedOrigins);
 
         $authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
-            attestationStatementSupportManager: $attestationStatementSupportManager,
-            publicKeyCredentialSourceRepository: null,
-            tokenBindingHandler: null,
-            extensionOutputCheckerHandler: ExtensionOutputCheckerHandler::create(),
+            ceremonyStepManager: $ceremonyStepManagerFactory->creationCeremony()
         );
 
-        $securedRelyingPartyId = [];
-        if (App::environment('local', 'development')) {
-            $securedRelyingPartyId = [config('url.longurl')];
-        }
+        $publicKeyCredentialCreationOptions = $webauthnSerializer->deserialize(
+            $publicKeyCredentialCreationOptionsData,
+            PublicKeyCredentialCreationOptions::class,
+            'json'
+        );
 
         $publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
             authenticatorAttestationResponse: $publicKeyCredential->response,
             publicKeyCredentialCreationOptions: $publicKeyCredentialCreationOptions,
-            request: config('url.longurl'),
-            securedRelyingPartyId: $securedRelyingPartyId,
+            host: config('app.url')
         );
 
         $user->passkey()->create([
@@ -161,24 +194,37 @@ class PasskeysController extends Controller
         ]);
     }
 
-    public function getRequestOptions(): JsonResponse
+    /**
+     * @throws RandomException
+     * @throws \JsonException
+     */
+    public function getRequestOptions(Request $request): JsonResponse
     {
         $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::create(
             challenge: random_bytes(16),
             userVerification: PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_REQUIRED
         );
 
-        $publicKeyCredentialRequestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_THROW_ON_ERROR);
+        $attestationStatementSupportManager = AttestationStatementSupportManager::create();
+        $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
+        $factory = new WebauthnSerializerFactory(
+            attestationStatementSupportManager: $attestationStatementSupportManager
+        );
+        $serializer = $factory->create();
+        $publicKeyCredentialRequestOptions = $serializer->serialize(data: $publicKeyCredentialRequestOptions, format: 'json');
 
-        session(['request_options' => $publicKeyCredentialRequestOptions]);
+        $request->session()->put('request_options', $publicKeyCredentialRequestOptions);
 
         return JsonResponse::fromJsonString($publicKeyCredentialRequestOptions);
     }
 
+    /**
+     * @throws \JsonException
+     */
     public function login(Request $request): JsonResponse
     {
         $requestOptions = session('request_options');
-        session()->forget('request_options');
+        $request->session()->forget('request_options');
 
         if (empty($requestOptions)) {
             return response()->json([
@@ -187,14 +233,19 @@ class PasskeysController extends Controller
             ], 400);
         }
 
-        $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::createFromString($requestOptions);
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
 
-        $attestationSupportManager = AttestationStatementSupportManager::create();
-        $attestationSupportManager->add(NoneAttestationStatementSupport::create());
-        $attestationObjectLoader = AttestationObjectLoader::create($attestationSupportManager);
-        $publicKeyCredentialLoader = PublicKeyCredentialLoader::create($attestationObjectLoader);
+        $webauthnSerializerFactory = new WebauthnSerializerFactory(
+            attestationStatementSupportManager: $attestationStatementSupportManager
+        );
+        $webauthnSerializer = $webauthnSerializerFactory->create();
 
-        $publicKeyCredential = $publicKeyCredentialLoader->load(json_encode($request->all(), JSON_THROW_ON_ERROR));
+        $publicKeyCredential = $webauthnSerializer->deserialize(
+            json_encode($request->all(), JSON_THROW_ON_ERROR),
+            PublicKeyCredential::class,
+            'json'
+        );
 
         if (! $publicKeyCredential->response instanceof AuthenticatorAssertionResponse) {
             return response()->json([
@@ -211,33 +262,51 @@ class PasskeysController extends Controller
             ], 404);
         }
 
-        $credential = PublicKeyCredentialSource::createFromArray(json_decode($passkey->passkey, true, 512, JSON_THROW_ON_ERROR));
-
-        $algorithmManager = Manager::create();
-        $algorithmManager->add(new Ed25519());
-        $algorithmManager->add(new ES256());
-        $algorithmManager->add(new RS256());
-
-        $authenticatorAssertionResponseValidator = new AuthenticatorAssertionResponseValidator(
-            publicKeyCredentialSourceRepository: null,
-            tokenBindingHandler: null,
-            extensionOutputCheckerHandler: ExtensionOutputCheckerHandler::create(),
-            algorithmManager: $algorithmManager,
+        $publicKeyCredentialSource = $webauthnSerializer->deserialize(
+            $passkey->passkey,
+            PublicKeyCredentialSource::class,
+            'json'
         );
 
-        $securedRelyingPartyId = [];
+        $algorithmManager = new Manager;
+        $algorithmManager->add(new Ed25519);
+        $algorithmManager->add(new ES256);
+        $algorithmManager->add(new RS256);
+
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
+
+        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory;
+        $ceremonyStepManagerFactory->setAlgorithmManager($algorithmManager);
+        $ceremonyStepManagerFactory->setAttestationStatementSupportManager(
+            $attestationStatementSupportManager
+        );
+        $ceremonyStepManagerFactory->setExtensionOutputCheckerHandler(
+            ExtensionOutputCheckerHandler::create()
+        );
+        $allowedOrigins = [];
         if (App::environment('local', 'development')) {
-            $securedRelyingPartyId = [config('url.longurl')];
+            $allowedOrigins = [config('app.url')];
         }
+        $ceremonyStepManagerFactory->setAllowedOrigins($allowedOrigins);
+
+        $authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
+            ceremonyStepManager: $ceremonyStepManagerFactory->requestCeremony()
+        );
+
+        $publicKeyCredentialRequestOptions = $webauthnSerializer->deserialize(
+            $requestOptions,
+            PublicKeyCredentialRequestOptions::class,
+            'json'
+        );
 
         try {
             $authenticatorAssertionResponseValidator->check(
-                credentialId: $credential,
+                publicKeyCredentialSource: $publicKeyCredentialSource,
                 authenticatorAssertionResponse: $publicKeyCredential->response,
                 publicKeyCredentialRequestOptions: $publicKeyCredentialRequestOptions,
-                request: config('url.longurl'),
+                host: config('app.url'),
                 userHandle: null,
-                securedRelyingPartyId: $securedRelyingPartyId,
             );
         } catch (Throwable) {
             return response()->json([

app/Http/Controllers/Admin/PlacesController.php

@@ -10,9 +10,6 @@ use App\Services\PlaceService;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class PlacesController extends Controller
 {
     protected PlaceService $placeService;

app/Http/Controllers/Admin/SyndicationTargetsController.php

@@ -10,9 +10,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class SyndicationTargetsController extends Controller
 {
     /**

app/Http/Controllers/ArticlesController.php

@@ -10,9 +10,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 use Jonnybarnes\IndieWeb\Numbers;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ArticlesController extends Controller
 {
     /**

app/Http/Controllers/AuthController.php

@@ -9,9 +9,6 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class AuthController extends Controller
 {
     /**

app/Http/Controllers/BookmarksController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers;
 use App\Models\Bookmark;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class BookmarksController extends Controller
 {
     /**

app/Http/Controllers/ContactsController.php

@@ -8,9 +8,6 @@ use App\Models\Contact;
 use Illuminate\Filesystem\Filesystem;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ContactsController extends Controller
 {
     /**
@@ -18,7 +15,7 @@ class ContactsController extends Controller
      */
     public function index(): View
     {
-        $filesystem = new Filesystem();
+        $filesystem = new Filesystem;
         $contacts = Contact::all();
         foreach ($contacts as $contact) {
             $contact->homepageHost = parse_url($contact->homepage, PHP_URL_HOST);
@@ -40,7 +37,7 @@ class ContactsController extends Controller
         $contact->homepageHost = parse_url($contact->homepage, PHP_URL_HOST);
         $file = public_path() . '/assets/profile-images/' . $contact->homepageHost . '/image';
 
-        $filesystem = new Filesystem();
+        $filesystem = new Filesystem;
         $image = ($filesystem->exists($file)) ?
             '/assets/profile-images/' . $contact->homepageHost . '/image'
         :

app/Http/Controllers/FeedsController.php

@@ -9,9 +9,6 @@ use App\Models\Note;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Response;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class FeedsController extends Controller
 {
     /**
@@ -122,8 +119,8 @@ class FeedsController extends Controller
 
         foreach ($notes as $key => $note) {
             $data['items'][$key] = [
-                'id' => $note->longurl,
-                'url' => $note->longurl,
+                'id' => $note->uri,
+                'url' => $note->uri,
                 'content_text' => $note->content,
                 'date_published' => $note->created_at->tz('UTC')->toRfc3339String(),
                 'date_modified' => $note->updated_at->tz('UTC')->toRfc3339String(),
@@ -164,7 +161,7 @@ class FeedsController extends Controller
             'author' => [
                 'type' => 'card',
                 'name' => config('user.display_name'),
-                'url' => config('url.longurl'),
+                'url' => config('app.url'),
             ],
             'children' => $items,
         ], 200, [
@@ -183,8 +180,8 @@ class FeedsController extends Controller
             $items[] = [
                 'type' => 'entry',
                 'published' => $note->created_at,
-                'uid' => $note->longurl,
-                'url' => $note->longurl,
+                'uid' => $note->uri,
+                'url' => $note->uri,
                 'content' => [
                     'text' => $note->getRawOriginal('note'),
                     'html' => $note->note,
@@ -200,7 +197,7 @@ class FeedsController extends Controller
             'author' => [
                 'type' => 'card',
                 'name' => config('user.display_name'),
-                'url' => config('url.longurl'),
+                'url' => config('app.url'),
             ],
             'children' => $items,
         ], 200, [

app/Http/Controllers/FrontPageController.php

@@ -10,9 +10,6 @@ use App\Models\Note;
 use Illuminate\Http\Response;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class FrontPageController extends Controller
 {
     /**

app/Http/Controllers/IndieAuthController.php

@@ -0,0 +1,327 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use App\Services\TokenService;
+use Exception;
+use GuzzleHttp\Client;
+use GuzzleHttp\Psr7\Uri;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\View\View;
+use Random\RandomException;
+use SodiumException;
+
+class IndieAuthController extends Controller
+{
+    public function indieAuthMetadataEndpoint(): JsonResponse
+    {
+        return response()->json([
+            'issuer' => config('app.url'),
+            'authorization_endpoint' => route('indieauth.start'),
+            'token_endpoint' => route('indieauth.token'),
+            'code_challenge_methods_supported' => ['S256'],
+            // 'introspection_endpoint' => route('indieauth.introspection'),
+            // 'introspection_endpoint_auth_methods_supported' => ['none'],
+        ]);
+    }
+
+    /**
+     * Process a GET request to the IndieAuth endpoint.
+     *
+     * This is the first step in the IndieAuth flow, where the client app sends the user to the IndieAuth endpoint.
+     */
+    public function start(Request $request): View
+    {
+        // First check all required params are present
+        $validator = Validator::make($request->all(), [
+            'response_type' => 'required:string',
+            'client_id' => 'required',
+            'redirect_uri' => 'required',
+            'state' => 'required',
+            'code_challenge' => 'required:string',
+            'code_challenge_method' => 'required:string',
+        ], [
+            'response_type' => 'response_type is required',
+            'client_id.required' => 'client_id is required to display which app is asking for authentication',
+            'redirect_uri.required' => 'redirect_uri is required so we can progress successful requests',
+            'state.required' => 'state is required',
+            'code_challenge.required' => 'code_challenge is required',
+            'code_challenge_method.required' => 'code_challenge_method is required',
+        ]);
+
+        if ($validator->fails()) {
+            return view('indieauth.error')->withErrors($validator);
+        }
+
+        if ($request->get('response_type') !== 'code') {
+            return view('indieauth.error')->withErrors(['response_type' => 'only a response_type of "code" is supported']);
+        }
+
+        if (mb_strtoupper($request->get('code_challenge_method')) !== 'S256') {
+            return view('indieauth.error')->withErrors(['code_challenge_method' => 'only a code_challenge_method of "S256" is supported']);
+        }
+
+        if (! $this->isValidRedirectUri($request->get('client_id'), $request->get('redirect_uri'))) {
+            return view('indieauth.error')->withErrors(['redirect_uri' => 'redirect_uri is not valid for this client_id']);
+        }
+
+        $scopes = $request->get('scope', '');
+        $scopes = explode(' ', $scopes);
+
+        return view('indieauth.start', [
+            'me' => $request->get('me'),
+            'client_id' => $request->get('client_id'),
+            'redirect_uri' => $request->get('redirect_uri'),
+            'state' => $request->get('state'),
+            'scopes' => $scopes,
+            'code_challenge' => $request->get('code_challenge'),
+            'code_challenge_method' => $request->get('code_challenge_method'),
+        ]);
+    }
+
+    /**
+     * Confirm an IndieAuth approval request.
+     *
+     * Generates an auth code and redirects the user back to the client app.
+     *
+     * @throws RandomException
+     */
+    public function confirm(Request $request): RedirectResponse
+    {
+        $authCode = bin2hex(random_bytes(16));
+
+        $cacheKey = hash('xxh3', $request->get('client_id'));
+
+        $indieAuthRequestData = [
+            'code_challenge' => $request->get('code_challenge'),
+            'code_challenge_method' => $request->get('code_challenge_method'),
+            'client_id' => $request->get('client_id'),
+            'redirect_uri' => $request->get('redirect_uri'),
+            'auth_code' => $authCode,
+            'scope' => implode(' ', $request->get('scope', '')),
+        ];
+
+        Cache::put($cacheKey, $indieAuthRequestData, now()->addMinutes(10));
+
+        $redirectUri = new Uri($request->get('redirect_uri'));
+        $redirectUri = Uri::withQueryValues($redirectUri, [
+            'code' => $authCode,
+            'state' => $request->get('state'),
+            'iss' => config('app.url'),
+        ]);
+
+        return redirect()->away($redirectUri);
+    }
+
+    /**
+     * Process a POST request to the IndieAuth auth endpoint.
+     *
+     * This is one possible second step in the IndieAuth flow, where the client app sends the auth code to the IndieAuth
+     * endpoint. As it is to the auth endpoint we return profile information. A similar request can be made to the token
+     * endpoint to get an access token.
+     */
+    public function processCodeExchange(Request $request): JsonResponse
+    {
+        $invalidCodeResponse = $this->validateAuthorizationCode($request);
+
+        if ($invalidCodeResponse instanceof JsonResponse) {
+            return $invalidCodeResponse;
+        }
+
+        return response()->json([
+            'me' => config('app.url'),
+        ]);
+    }
+
+    /**
+     * Process a POST request to the IndieAuth token endpoint.
+     *
+     * This is another possible second step in the IndieAuth flow, where the client app sends the auth code to the
+     * IndieAuth token endpoint. As it is to the token endpoint we return an access token.
+     *
+     * @throws SodiumException
+     */
+    public function processTokenRequest(Request $request): JsonResponse
+    {
+        $indieAuthData = $this->validateAuthorizationCode($request);
+
+        if ($indieAuthData instanceof JsonResponse) {
+            return $indieAuthData;
+        }
+
+        if ($indieAuthData['scope'] === '') {
+            return response()->json(['errors' => [
+                'scope' => [
+                    'The scope property must be non-empty for an access token to be issued.',
+                ],
+            ]], 400);
+        }
+
+        $tokenData = [
+            'me' => config('app.url'),
+            'client_id' => $request->get('client_id'),
+            'scope' => $indieAuthData['scope'],
+        ];
+        $tokenService = resolve(TokenService::class);
+        $token = $tokenService->getNewToken($tokenData);
+
+        return response()->json([
+            'access_token' => $token,
+            'token_type' => 'Bearer',
+            'scope' => $indieAuthData['scope'],
+            'me' => config('app.url'),
+        ]);
+    }
+
+    protected function isValidRedirectUri(string $clientId, string $redirectUri): bool
+    {
+        // If client_id is not a valid URL, then it's not valid
+        $clientIdParsed = \Mf2\parseUriToComponents($clientId);
+        if (! isset($clientIdParsed['authority'])) {
+            return false;
+        }
+
+        // If redirect_uri is not a valid URL, then it's not valid
+        $redirectUriParsed = \Mf2\parseUriToComponents($redirectUri);
+        if (! isset($redirectUriParsed['authority'])) {
+            return false;
+        }
+
+        // If client_id and redirect_uri are the same host, then it's valid
+        if ($clientIdParsed['authority'] === $redirectUriParsed['authority']) {
+            return true;
+        }
+
+        // Otherwise we need to check the redirect_uri is in the client_id's redirect_uris
+        $guzzle = resolve(Client::class);
+
+        try {
+            $clientInfo = $guzzle->get($clientId);
+        } catch (Exception) {
+            return false;
+        }
+
+        $clientInfoParsed = \Mf2\parse($clientInfo->getBody()->getContents(), $clientId);
+
+        $redirectUris = $clientInfoParsed['rels']['redirect_uri'] ?? [];
+
+        return in_array($redirectUri, $redirectUris, true);
+    }
+
+    /**
+     * @throws SodiumException
+     */
+    protected function validateAuthorizationCode(Request $request): JsonResponse|array
+    {
+        // First check all the data is present
+        $validator = Validator::make($request->all(), [
+            'grant_type' => 'required:string',
+            'code' => 'required:string',
+            'client_id' => 'required',
+            'redirect_uri' => 'required',
+            'code_verifier' => 'required',
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json(['errors' => $validator->errors()], 400);
+        }
+
+        if ($request->get('grant_type') !== 'authorization_code') {
+            return response()->json(['errors' => [
+                'grant_type' => [
+                    'Only a grant type of "authorization_code" is supported.',
+                ],
+            ]], 400);
+        }
+
+        // Check cache for auth code
+        $cacheKey = hash('xxh3', $request->get('client_id'));
+        $indieAuthRequestData = Cache::pull($cacheKey);
+
+        if ($indieAuthRequestData === null) {
+            return response()->json(['errors' => [
+                'code' => [
+                    'The code is invalid.',
+                ],
+            ]], 404);
+        }
+
+        // Check the IndieAuth code
+        if (! array_key_exists('auth_code', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'code' => [
+                    'The code is invalid.',
+                ],
+            ]], 400);
+        }
+        if ($indieAuthRequestData['auth_code'] !== $request->get('code')) {
+            return response()->json(['errors' => [
+                'code' => [
+                    'The code is invalid.',
+                ],
+            ]], 400);
+        }
+
+        // Check code verifier
+        if (! array_key_exists('code_challenge', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'code_verifier' => [
+                    'The code verifier is invalid.',
+                ],
+            ]], 400);
+        }
+        if (! hash_equals(
+            $indieAuthRequestData['code_challenge'],
+            sodium_bin2base64(
+                hash('sha256', $request->get('code_verifier'), true),
+                SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING
+            )
+        )) {
+            return response()->json(['errors' => [
+                'code_verifier' => [
+                    'The code verifier is invalid.',
+                ],
+            ]], 400);
+        }
+
+        // Check redirect_uri
+        if (! array_key_exists('redirect_uri', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'redirect_uri' => [
+                    'The redirect uri is invalid.',
+                ],
+            ]], 400);
+        }
+        if ($indieAuthRequestData['redirect_uri'] !== $request->get('redirect_uri')) {
+            return response()->json(['errors' => [
+                'redirect_uri' => [
+                    'The redirect uri is invalid.',
+                ],
+            ]], 400);
+        }
+
+        // Check client_id
+        if (! array_key_exists('client_id', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'client_id' => [
+                    'The client id is invalid.',
+                ],
+            ]], 400);
+        }
+        if ($indieAuthRequestData['client_id'] !== $request->get('client_id')) {
+            return response()->json(['errors' => [
+                'client_id' => [
+                    'The client id is invalid.',
+                ],
+            ]], 400);
+        }
+
+        return $indieAuthRequestData;
+    }
+}

app/Http/Controllers/LikesController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers;
 use App\Models\Like;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class LikesController extends Controller
 {
     /**

app/Http/Controllers/MicropubController.php

@@ -19,9 +19,6 @@ use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
 use Monolog\Handler\StreamHandler;
 use Monolog\Logger;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class MicropubController extends Controller
 {
     protected TokenService $tokenService;
@@ -53,13 +50,13 @@ class MicropubController extends Controller
         try {
             $tokenData = $this->tokenService->validateToken($request->input('access_token'));
         } catch (RequiredConstraintsViolated|InvalidTokenStructure|CannotDecodeContent) {
-            $micropubResponses = new MicropubResponses();
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->invalidTokenResponse();
         }
 
         if ($tokenData->claims()->has('scope') === false) {
-            $micropubResponses = new MicropubResponses();
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->tokenHasNoScopeResponse();
         }
@@ -67,8 +64,13 @@ class MicropubController extends Controller
         $this->logMicropubRequest($request->all());
 
         if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) {
-            if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
-                $micropubResponses = new MicropubResponses();
+            $scopes = $tokenData->claims()->get('scope');
+            if (is_string($scopes)) {
+                $scopes = explode(' ', $scopes);
+            }
+
+            if (! in_array('create', $scopes)) {
+                $micropubResponses = new MicropubResponses;
 
                 return $micropubResponses->insufficientScopeResponse();
             }
@@ -81,8 +83,12 @@ class MicropubController extends Controller
         }
 
         if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') {
-            if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
-                $micropubResponses = new MicropubResponses();
+            $scopes = $tokenData->claims()->get('scope');
+            if (is_string($scopes)) {
+                $scopes = explode(' ', $scopes);
+            }
+            if (! in_array('create', $scopes)) {
+                $micropubResponses = new MicropubResponses;
 
                 return $micropubResponses->insufficientScopeResponse();
             }
@@ -95,8 +101,12 @@ class MicropubController extends Controller
         }
 
         if ($request->input('action') === 'update') {
-            if (stripos($tokenData->claims()->get('scope'), 'update') === false) {
-                $micropubResponses = new MicropubResponses();
+            $scopes = $tokenData->claims()->get('scope');
+            if (is_string($scopes)) {
+                $scopes = explode(' ', $scopes);
+            }
+            if (! in_array('update', $scopes)) {
+                $micropubResponses = new MicropubResponses;
 
                 return $micropubResponses->insufficientScopeResponse();
             }
@@ -123,7 +133,7 @@ class MicropubController extends Controller
         try {
             $tokenData = $this->tokenService->validateToken($request->input('access_token'));
         } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
-            return (new MicropubResponses())->invalidTokenResponse();
+            return (new MicropubResponses)->invalidTokenResponse();
         }
 
         if ($request->input('q') === 'syndicate-to') {

app/Http/Controllers/MicropubMediaController.php

@@ -17,15 +17,11 @@ use Illuminate\Http\Response;
 use Illuminate\Http\UploadedFile;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Storage;
-use Illuminate\Support\Str;
 use Intervention\Image\ImageManager;
 use Lcobucci\JWT\Token\InvalidTokenStructure;
 use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
 use Ramsey\Uuid\Uuid;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class MicropubMediaController extends Controller
 {
     protected TokenService $tokenService;
@@ -40,19 +36,23 @@ class MicropubMediaController extends Controller
         try {
             $tokenData = $this->tokenService->validateToken($request->input('access_token'));
         } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
-            $micropubResponses = new MicropubResponses();
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->invalidTokenResponse();
         }
 
         if ($tokenData->claims()->has('scope') === false) {
-            $micropubResponses = new MicropubResponses();
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->tokenHasNoScopeResponse();
         }
 
-        if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
-            $micropubResponses = new MicropubResponses();
+        $scopes = $tokenData->claims()->get('scope');
+        if (is_string($scopes)) {
+            $scopes = explode(' ', $scopes);
+        }
+        if (! in_array('create', $scopes)) {
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->insufficientScopeResponse();
         }
@@ -108,19 +108,23 @@ class MicropubMediaController extends Controller
         try {
             $tokenData = $this->tokenService->validateToken($request->input('access_token'));
         } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
-            $micropubResponses = new MicropubResponses();
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->invalidTokenResponse();
         }
 
         if ($tokenData->claims()->has('scope') === false) {
-            $micropubResponses = new MicropubResponses();
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->tokenHasNoScopeResponse();
         }
 
-        if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
-            $micropubResponses = new MicropubResponses();
+        $scopes = $tokenData->claims()->get('scope');
+        if (is_string($scopes)) {
+            $scopes = explode(' ', $scopes);
+        }
+        if (! in_array('create', $scopes)) {
+            $micropubResponses = new MicropubResponses;
 
             return $micropubResponses->insufficientScopeResponse();
         }
@@ -133,7 +137,10 @@ class MicropubMediaController extends Controller
             ], 400);
         }
 
-        if ($request->file('file')->isValid() === false) {
+        /** @var UploadedFile $file */
+        $file = $request->file('file');
+
+        if ($file->isValid() === false) {
             return response()->json([
                 'response' => 'error',
                 'error' => 'invalid_request',
@@ -141,7 +148,7 @@ class MicropubMediaController extends Controller
             ], 400);
         }
 
-        $filename = $this->saveFile($request->file('file'));
+        $filename = Storage::disk('local')->putFile('media', $file);
 
         /** @var ImageManager $manager */
         $manager = resolve(ImageManager::class);
@@ -155,18 +162,11 @@ class MicropubMediaController extends Controller
 
         $media = Media::create([
             'token' => $request->bearerToken(),
-            'path' => 'media/' . $filename,
+            'path' => $filename,
             'type' => $this->getFileTypeFromMimeType($request->file('file')->getMimeType()),
             'image_widths' => $width,
         ]);
 
-        // put the file on S3 initially, the ProcessMedia job may edit this
-        Storage::disk('s3')->putFileAs(
-            'media',
-            new File(storage_path('app') . '/' . $filename),
-            $filename
-        );
-
         ProcessMedia::dispatch($filename);
 
         return response()->json([
@@ -188,7 +188,7 @@ class MicropubMediaController extends Controller
      */
     private function getFileTypeFromMimeType(string $mimeType): string
     {
-        //try known images
+        // try known images
         $imageMimeTypes = [
             'image/gif',
             'image/jpeg',
@@ -200,7 +200,7 @@ class MicropubMediaController extends Controller
         if (in_array($mimeType, $imageMimeTypes)) {
             return 'image';
         }
-        //try known video
+        // try known video
         $videoMimeTypes = [
             'video/mp4',
             'video/mpeg',
@@ -211,7 +211,7 @@ class MicropubMediaController extends Controller
         if (in_array($mimeType, $videoMimeTypes)) {
             return 'video';
         }
-        //try known audio types
+        // try known audio types
         $audioMimeTypes = [
             'audio/midi',
             'audio/mpeg',
@@ -230,7 +230,7 @@ class MicropubMediaController extends Controller
      *
      * @throws Exception
      */
-    private function saveFile(UploadedFile $file): string
+    private function saveFileToLocal(UploadedFile $file): string
     {
         $filename = Uuid::uuid4()->toString() . '.' . $file->extension();
         Storage::disk('local')->putFileAs('', $file, $filename);

app/Http/Controllers/NotesController.php

@@ -14,8 +14,6 @@ use Jonnybarnes\IndieWeb\Numbers;
 
 /**
  * @todo Need to sort out Twitter and webmentions!
- *
- * @psalm-suppress UnusedClass
  */
 class NotesController extends Controller
 {
@@ -67,7 +65,7 @@ class NotesController extends Controller
      */
     public function redirect(int $decId): RedirectResponse
     {
-        return redirect(config('app.url') . '/notes/' . (new Numbers())->numto60($decId));
+        return redirect(config('app.url') . '/notes/' . (new Numbers)->numto60($decId));
     }
 
     /**

app/Http/Controllers/PlacesController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers;
 use App\Models\Place;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class PlacesController extends Controller
 {
     /**

app/Http/Controllers/SearchController.php

@@ -6,9 +6,6 @@ use App\Models\Note;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class SearchController extends Controller
 {
     public function search(Request $request): View

app/Http/Controllers/ShortURLsController.php

@@ -1,55 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Controllers;
-
-use Illuminate\Http\RedirectResponse;
-
-/**
- * @psalm-suppress UnusedClass
- */
-class ShortURLsController extends Controller
-{
-    /*
-    |--------------------------------------------------------------------------
-    | Short URL Controller
-    |--------------------------------------------------------------------------
-    |
-    |    This redirects the short urls to long ones
-    |
-    */
-
-    /**
-     * Redirect from '/' to the long url.
-     */
-    public function baseURL(): RedirectResponse
-    {
-        return redirect(config('app.url'));
-    }
-
-    /**
-     * Redirect from '/@' to a twitter profile.
-     */
-    public function twitter(): RedirectResponse
-    {
-        return redirect('https://twitter.com/jonnybarnes');
-    }
-
-    /**
-     * Redirect a short url of this site out to a long one based on post type.
-     *
-     * Further redirects may happen.
-     */
-    public function expandType(string $type, string $postId): RedirectResponse
-    {
-        if ($type === 't') {
-            $type = 'notes';
-        }
-        if ($type === 'b') {
-            $type = 'blog/s';
-        }
-
-        return redirect(config('app.url') . '/' . $type . '/' . $postId);
-    }
-}

app/Http/Controllers/TokenEndpointController.php

@@ -1,109 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Controllers;
-
-use App\Services\TokenService;
-use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\Exception\BadResponseException;
-use Illuminate\Http\JsonResponse;
-use Illuminate\Http\Request;
-use IndieAuth\Client;
-use JsonException;
-
-/**
- * @psalm-suppress UnusedClass
- */
-class TokenEndpointController extends Controller
-{
-    /**
-     * @var Client The IndieAuth Client.
-     */
-    protected Client $client;
-
-    /**
-     * @var GuzzleClient The GuzzleHttp client.
-     */
-    protected GuzzleClient $guzzle;
-
-    protected TokenService $tokenService;
-
-    /**
-     * Inject the dependencies.
-     */
-    public function __construct(
-        Client $client,
-        GuzzleClient $guzzle,
-        TokenService $tokenService
-    ) {
-        $this->client = $client;
-        $this->guzzle = $guzzle;
-        $this->tokenService = $tokenService;
-    }
-
-    /**
-     * If the user has auth’d via the IndieAuth protocol, issue a valid token.
-     */
-    public function create(Request $request): JsonResponse
-    {
-        $auth = $this->verifyIndieAuthCode(
-            config('url.authorization_endpoint'),
-            $request->input('code'),
-            $request->input('redirect_uri'),
-            $request->input('client_id'),
-        );
-
-        if ($auth === null || ! array_key_exists('me', $auth)) {
-            return response()->json([
-                'error' => 'There was an error verifying the IndieAuth code',
-            ], 401);
-        }
-
-        $scope = $auth['scope'] ?? '';
-        $tokenData = [
-            'me' => config('app.url'),
-            'client_id' => $request->input('client_id'),
-            'scope' => $scope,
-        ];
-        $token = $this->tokenService->getNewToken($tokenData);
-        $content = [
-            'me' => config('app.url'),
-            'scope' => $scope,
-            'access_token' => $token,
-        ];
-
-        return response()->json($content);
-    }
-
-    protected function verifyIndieAuthCode(
-        string $authorizationEndpoint,
-        string $code,
-        string $redirectUri,
-        string $clientId
-    ): ?array {
-        try {
-            $response = $this->guzzle->request('POST', $authorizationEndpoint, [
-                'headers' => [
-                    'Accept' => 'application/json',
-                ],
-                'form_params' => [
-                    'code' => $code,
-                    'me' => config('app.url'),
-                    'redirect_uri' => $redirectUri,
-                    'client_id' => $clientId,
-                ],
-            ]);
-        } catch (BadResponseException) {
-            return null;
-        }
-
-        try {
-            $authData = json_decode((string) $response->getBody(), true, 512, JSON_THROW_ON_ERROR);
-        } catch (JsonException) {
-            return null;
-        }
-
-        return $authData;
-    }
-}

app/Http/Controllers/WebMentionsController.php

@@ -12,9 +12,6 @@ use Illuminate\Http\Response;
 use Illuminate\View\View;
 use Jonnybarnes\IndieWeb\Numbers;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class WebMentionsController extends Controller
 {
     /**
@@ -33,7 +30,7 @@ class WebMentionsController extends Controller
      */
     public function receive(Request $request): Response
     {
-        //first we trivially reject requests that lack all required inputs
+        // first we trivially reject requests that lack all required inputs
         if (($request->has('target') !== true) || ($request->has('source') !== true)) {
             return response(
                 'You need both the target and source parameters',
@@ -41,12 +38,12 @@ class WebMentionsController extends Controller
             );
         }
 
-        //next check the $target is valid
+        // next check the $target is valid
         $path = parse_url($request->input('target'), PHP_URL_PATH);
         $pathParts = explode('/', $path);
 
         if ($pathParts[1] === 'notes') {
-            //we have a note
+            // we have a note
             $noteId = $pathParts[2];
             try {
                 $note = Note::findOrFail(resolve(Numbers::class)->b60tonum($noteId));

app/Http/Kernel.php

@@ -1,74 +0,0 @@
-<?php
-
-namespace App\Http;
-
-use Illuminate\Foundation\Http\Kernel as HttpKernel;
-
-class Kernel extends HttpKernel
-{
-    /**
-     * The application's global HTTP middleware stack.
-     *
-     * These middleware are run during every request to your application.
-     *
-     * @var array<int, class-string|string>
-     */
-    protected $middleware = [
-        // \App\Http\Middleware\TrustHosts::class,
-        \App\Http\Middleware\TrustProxies::class,
-        \Illuminate\Http\Middleware\HandleCors::class,
-        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
-    ];
-
-    /**
-     * The application's route middleware groups.
-     *
-     * @var array<string, array<int, class-string|string>>
-     */
-    protected $middlewareGroups = [
-        'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            \App\Http\Middleware\LinkHeadersMiddleware::class,
-            \App\Http\Middleware\LocalhostSessionMiddleware::class,
-            \App\Http\Middleware\CSPHeader::class,
-        ],
-
-        'api' => [
-            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        ],
-    ];
-
-    /**
-     * The application's middleware aliases.
-     *
-     * Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
-     *
-     * @var array<string, class-string|string>
-     */
-    protected $middlewareAliases = [
-        'auth' => \App\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
-        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
-        'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
-        'signed' => \App\Http\Middleware\ValidateSignature::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
-        'micropub.token' => \App\Http\Middleware\VerifyMicropubToken::class,
-        'myauth' => \App\Http\Middleware\MyAuthMiddleware::class,
-        'cors' => \App\Http\Middleware\CorsHeaders::class,
-    ];
-}

app/Http/Middleware/CSPHeader.php

@@ -1,48 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\App;
-use Symfony\Component\HttpFoundation\Response;
-
-class CSPHeader
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
-     */
-    public function handle(Request $request, Closure $next): Response
-    {
-        if (App::environment('local', 'development')) {
-            return $next($request);
-        }
-
-        // headers have to be single-line strings,
-        // so we concat multiple lines
-        // phpcs:disable Generic.Files.LineLength.TooLong
-        return $next($request)
-            ->header(
-                'Content-Security-Policy',
-                "default-src 'self'; " .
-                "style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
-                "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
-                "font-src 'self' data:; " .
-                "frame-src 'self' https://www.youtube.com blob:; " .
-                'upgrade-insecure-requests; ' .
-                'block-all-mixed-content; ' .
-                'report-to csp-endpoint; ' .
-                'report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;'
-            )->header(
-                'Report-To',
-                '{' .
-                        "'url': 'https://jonnybarnes.report-uri.io/r/default/csp/enforce', " .
-                        "'group': 'csp-endpoint', " .
-                        "'max-age': 10886400" .
-                '}'
-            );
-        // phpcs:enable Generic.Files.LineLength.TooLong
-    }
-}

app/Http/Middleware/CorsHeaders.php

@@ -10,8 +10,6 @@ class CorsHeaders
 {
     /**
      * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {

app/Http/Middleware/LinkHeadersMiddleware.php

@@ -10,16 +10,15 @@ class LinkHeadersMiddleware
 {
     /**
      * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {
         $response = $next($request);
-        $response->header('Link', '<https://indieauth.com/auth>; rel="authorization_endpoint"', false);
-        $response->header('Link', '<' . config('app.url') . '/api/token>; rel="token_endpoint"', false);
-        $response->header('Link', '<' . config('app.url') . '/api/post>; rel="micropub"', false);
-        $response->header('Link', '<' . config('app.url') . '/webmention>; rel="webmention"', false);
+        $response->header('Link', '<' . route('indieauth.metadata') . '>; rel="indieauth-metadata"', false);
+        $response->header('Link', '<' . route('indieauth.start') . '>; rel="authorization_endpoint"', false);
+        $response->header('Link', '<' . route('indieauth.token') . '>; rel="token_endpoint"', false);
+        $response->header('Link', '<' . route('micropub-endpoint') . '>; rel="micropub"', false);
+        $response->header('Link', '<' . route('webmention-endpoint') . '>; rel="webmention"', false);
 
         return $response;
     }

app/Http/Middleware/LocalhostSessionMiddleware.php

@@ -14,8 +14,6 @@ class LocalhostSessionMiddleware
      * Whilst we are developing locally, automatically log in as
      * `['me' => config('app.url')]` as I can’t manually log in as
      * a .localhost domain.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {

app/Http/Middleware/MyAuthMiddleware.php

@@ -13,13 +13,13 @@ class MyAuthMiddleware
 {
     /**
      * Check the user is logged in.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {
         if (Auth::check() === false) {
             // they’re not logged in, so send them to login form
+            redirect()->setIntendedUrl($request->fullUrl());
+
             return redirect()->route('login');
         }
 

app/Http/Middleware/ValidateSignature.php

@@ -10,8 +10,6 @@ class ValidateSignature extends Middleware
      * The names of the query string parameters that should be ignored.
      *
      * @var array<int, string>
-     *
-     * @psalm-suppress PossiblyUnusedProperty
      */
     protected $except = [
         // 'fbclid',

app/Http/Middleware/VerifyMicropubToken.php

@@ -12,8 +12,6 @@ class VerifyMicropubToken
 {
     /**
      * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {

app/Jobs/DownloadWebMention.php

@@ -24,8 +24,7 @@ class DownloadWebMention implements ShouldQueue
      */
     public function __construct(
         protected string $source
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.
@@ -36,30 +35,30 @@ class DownloadWebMention implements ShouldQueue
     public function handle(Client $guzzle): void
     {
         $response = $guzzle->request('GET', $this->source);
-        //4XX and 5XX responses should get Guzzle to throw an exception,
-        //Laravel should catch and retry these automatically.
+        // 4XX and 5XX responses should get Guzzle to throw an exception,
+        // Laravel should catch and retry these automatically.
         if ($response->getStatusCode() === 200) {
-            $filesystem = new FileSystem();
+            $filesystem = new FileSystem;
             $filename = storage_path('HTML') . '/' . $this->createFilenameFromURL($this->source);
-            //backup file first
+            // backup file first
             $filenameBackup = $filename . '.' . date('Y-m-d') . '.backup';
             if ($filesystem->exists($filename)) {
                 $filesystem->copy($filename, $filenameBackup);
             }
-            //check if base directory exists
+            // check if base directory exists
             if (! $filesystem->exists($filesystem->dirname($filename))) {
                 $filesystem->makeDirectory(
                     $filesystem->dirname($filename),
-                    0755,  //mode
-                    true //recursive
+                    0755,  // mode
+                    true // recursive
                 );
             }
-            //save new HTML
+            // save new HTML
             $filesystem->put(
                 $filename,
                 (string) $response->getBody()
             );
-            //remove backup if the same
+            // remove backup if the same
             if ($filesystem->exists($filenameBackup)) {
                 if ($filesystem->get($filename) === $filesystem->get($filenameBackup)) {
                     $filesystem->delete($filenameBackup);

app/Jobs/ProcessBookmark.php

@@ -25,8 +25,7 @@ class ProcessBookmark implements ShouldQueue
      */
     public function __construct(
         protected Bookmark $bookmark
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.

app/Jobs/ProcessLike.php

@@ -30,8 +30,7 @@ class ProcessLike implements ShouldQueue
      */
     public function __construct(
         protected Like $like
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.
@@ -50,7 +49,7 @@ class ProcessLike implements ShouldQueue
             $this->like->content = $tweet->html;
             $this->like->save();
 
-            //POSSE like
+            // POSSE like
             try {
                 $client->request(
                     'POST',

app/Jobs/ProcessMedia.php

@@ -25,43 +25,45 @@ class ProcessMedia implements ShouldQueue
      */
     public function __construct(
         protected string $filename
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.
      */
     public function handle(ImageManager $manager): void
     {
-        //open file
+        // Load file
+        $file = Storage::disk('local')->get('media/' . $this->filename);
+
+        // Open file
         try {
-            $image = $manager->read(storage_path('app') . '/' . $this->filename);
+            $image = $manager->read($file);
         } catch (DecoderException) {
             // not an image; delete file and end job
-            unlink(storage_path('app') . '/' . $this->filename);
+            Storage::disk('local')->delete('media/' . $this->filename);
 
             return;
         }
-        //create smaller versions if necessary
+
+        // Save the file publicly
+        Storage::disk('public')->put('media/' . $this->filename, $file);
+
+        // Create smaller versions if necessary
         if ($image->width() > 1000) {
             $filenameParts = explode('.', $this->filename);
             $extension = array_pop($filenameParts);
             // the following achieves this data flow
             // foo.bar.png => ['foo', 'bar', 'png'] => ['foo', 'bar'] => foo.bar
-            $basename = ltrim(array_reduce($filenameParts, function ($carry, $item) {
-                return $carry . '.' . $item;
-            }, ''), '.');
-            $medium = $image->resize(1000, null, function ($constraint) {
-                $constraint->aspectRatio();
-            });
-            Storage::disk('s3')->put('media/' . $basename . '-medium.' . $extension, (string) $medium->encode());
-            $small = $image->resize(500, null, function ($constraint) {
-                $constraint->aspectRatio();
-            });
-            Storage::disk('s3')->put('media/' . $basename . '-small.' . $extension, (string) $small->encode());
+            $basename = trim(implode('.', $filenameParts), '.');
+
+            $medium = $image->resize(width: 1000);
+            Storage::disk('public')->put('media/' . $basename . '-medium.' . $extension, (string) $medium->encode());
+
+            $small = $image->resize(width: 500);
+            Storage::disk('public')->put('media/' . $basename . '-small.' . $extension, (string) $small->encode());
         }
 
-        // now we can delete the locally saved image
-        unlink(storage_path('app') . '/' . $this->filename);
+        // Now we can delete the locally saved image
+        Storage::disk('local')->delete('media/' . $this->filename);
     }
 }

app/Jobs/ProcessWebMention.php

@@ -30,8 +30,7 @@ class ProcessWebMention implements ShouldQueue
     public function __construct(
         protected Note $note,
         protected string $source
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.
@@ -45,7 +44,7 @@ class ProcessWebMention implements ShouldQueue
         try {
             $response = $guzzle->request('GET', $this->source);
         } catch (RequestException $e) {
-            throw new RemoteContentNotFoundException();
+            throw new RemoteContentNotFoundException;
         }
         $this->saveRemoteContent((string) $response->getBody(), $this->source);
         $microformats = Mf2\parse((string) $response->getBody(), $this->source);
@@ -54,7 +53,7 @@ class ProcessWebMention implements ShouldQueue
             // check webmention still references target
             // we try each type of mention (reply/like/repost)
             if ($webmention->type === 'in-reply-to') {
-                if ($parser->checkInReplyTo($microformats, $this->note->longurl) === false) {
+                if ($parser->checkInReplyTo($microformats, $this->note->uri) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -68,7 +67,7 @@ class ProcessWebMention implements ShouldQueue
                 return;
             }
             if ($webmention->type === 'like-of') {
-                if ($parser->checkLikeOf($microformats, $this->note->longurl) === false) {
+                if ($parser->checkLikeOf($microformats, $this->note->uri) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -76,7 +75,7 @@ class ProcessWebMention implements ShouldQueue
                 } // note we don’t need to do anything if it still is a like
             }
             if ($webmention->type === 'repost-of') {
-                if ($parser->checkRepostOf($microformats, $this->note->longurl) === false) {
+                if ($parser->checkRepostOf($microformats, $this->note->uri) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -86,13 +85,13 @@ class ProcessWebMention implements ShouldQueue
         }// foreach
 
         // no webmention in the db so create new one
-        $webmention = new WebMention();
+        $webmention = new WebMention;
         $type = $parser->getMentionType($microformats); // throw error here?
         dispatch(new SaveProfileImage($microformats));
         $webmention->source = $this->source;
-        $webmention->target = $this->note->longurl;
+        $webmention->target = $this->note->uri;
         $webmention->commentable_id = $this->note->id;
-        $webmention->commentable_type = 'App\Model\Note';
+        $webmention->commentable_type = Note::class;
         $webmention->type = $type;
         $webmention->mf2 = json_encode($microformats);
         $webmention->save();

app/Jobs/SaveProfileImage.php

@@ -25,8 +25,7 @@ class SaveProfileImage implements ShouldQueue
      */
     public function __construct(
         protected array $microformats
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.
@@ -50,7 +49,7 @@ class SaveProfileImage implements ShouldQueue
             $home = array_shift($home);
         }
 
-        //dont save pbs.twimg.com links
+        // dont save pbs.twimg.com links
         if (
             $photo
             && parse_url($photo, PHP_URL_HOST) !== 'pbs.twimg.com'

app/Jobs/SaveScreenshot.php

@@ -23,8 +23,7 @@ class SaveScreenshot implements ShouldQueue
      */
     public function __construct(
         protected Bookmark $bookmark
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.

app/Jobs/SendWebMentions.php

@@ -27,8 +27,7 @@ class SendWebMentions implements ShouldQueue
      */
     public function __construct(
         protected Note $note
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.
@@ -46,7 +45,7 @@ class SendWebMentions implements ShouldQueue
                 $guzzle = resolve(Client::class);
                 $guzzle->post($endpoint, [
                     'form_params' => [
-                        'source' => $this->note->longurl,
+                        'source' => $this->note->uri,
                         'target' => $url,
                     ],
                 ]);
@@ -62,7 +61,7 @@ class SendWebMentions implements ShouldQueue
     public function discoverWebmentionEndpoint(string $url): ?string
     {
         // let’s not send webmentions to myself
-        if (parse_url($url, PHP_URL_HOST) === config('url.longurl')) {
+        if (parse_url($url, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
             return null;
         }
         if (Str::startsWith($url, '/notes/tagged/')) {
@@ -73,7 +72,7 @@ class SendWebMentions implements ShouldQueue
 
         $guzzle = resolve(Client::class);
         $response = $guzzle->get($url);
-        //check HTTP Headers for webmention endpoint
+        // check HTTP Headers for webmention endpoint
         $links = Header::parse($response->getHeader('Link'));
         foreach ($links as $link) {
             if (array_key_exists('rel', $link) && mb_stristr($link['rel'], 'webmention')) {
@@ -81,7 +80,7 @@ class SendWebMentions implements ShouldQueue
             }
         }
 
-        //failed to find a header so parse HTML
+        // failed to find a header so parse HTML
         $html = (string) $response->getBody();
 
         $mf2 = new \Mf2\Parser($html, $url);
@@ -109,7 +108,7 @@ class SendWebMentions implements ShouldQueue
         }
 
         $urls = [];
-        $dom = new \DOMDocument();
+        $dom = new \DOMDocument;
         $dom->loadHTML($html);
         $anchors = $dom->getElementsByTagName('a');
         foreach ($anchors as $anchor) {

app/Jobs/SyndicateNoteToBluesky.php

@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Jobs;
+
+use App\Models\Note;
+use GuzzleHttp\Client;
+use GuzzleHttp\Exception\GuzzleException;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+
+class SyndicateNoteToBluesky implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    /**
+     * Create a new job instance.
+     */
+    public function __construct(
+        protected Note $note
+    ) {}
+
+    /**
+     * Execute the job.
+     *
+     * @throws GuzzleException
+     */
+    public function handle(Client $guzzle): void
+    {
+        // We can only make the request if we have an access token
+        if (config('bridgy.bluesky_token') === null) {
+            return;
+        }
+
+        // Make micropub request
+        $response = $guzzle->request(
+            'POST',
+            'https://brid.gy/micropub',
+            [
+                'headers' => [
+                    'Authorization' => 'Bearer ' . config('bridgy.bluesky_token'),
+                ],
+                'json' => [
+                    'type' => ['h-entry'],
+                    'properties' => [
+                        'content' => [$this->note->getRawOriginal('note')],
+                    ],
+                ],
+            ]
+        );
+
+        // Parse for syndication URL
+        if ($response->getStatusCode() === 201) {
+            $this->note->bluesky_url = $response->getHeader('Location')[0];
+            $this->note->save();
+        }
+    }
+}

app/Jobs/SyndicateNoteToMastodon.php

@@ -22,8 +22,7 @@ class SyndicateNoteToMastodon implements ShouldQueue
      */
     public function __construct(
         protected Note $note
-    ) {
-    }
+    ) {}
 
     /**
      * Execute the job.

app/Models/Article.php

@@ -58,10 +58,10 @@ class Article extends Model
     {
         return Attribute::get(
             get: function () {
-                $environment = new Environment();
-                $environment->addExtension(new CommonMarkCoreExtension());
-                $environment->addRenderer(FencedCode::class, new FencedCodeRenderer());
-                $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer());
+                $environment = new Environment;
+                $environment->addExtension(new CommonMarkCoreExtension);
+                $environment->addRenderer(FencedCode::class, new FencedCodeRenderer);
+                $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer);
                 $markdownConverter = new MarkdownConverter($environment);
 
                 return $markdownConverter->convert($this->main)->getContent();

app/Models/Bookmark.php

@@ -26,7 +26,7 @@ class Bookmark extends Model
         return $this->belongsToMany('App\Models\Tag');
     }
 
-    protected function longurl(): Attribute
+    protected function local_uri(): Attribute
     {
         return Attribute::get(
             get: fn () => config('app.url') . '/bookmarks/' . $this->id,

app/Models/Media.php

@@ -33,7 +33,7 @@ class Media extends Model
                     return $attributes['path'];
                 }
 
-                return config('filesystems.disks.s3.url') . '/' . $attributes['path'];
+                return config('app.url') . '/storage/' . $attributes['path'];
             }
         );
     }
@@ -78,7 +78,7 @@ class Media extends Model
         $basename = $this->getBasename($path);
         $extension = $this->getExtension($path);
 
-        return config('filesystems.disks.s3.url') . '/' . $basename . '-' . $size . '.' . $extension;
+        return config('app.url') . '/storage/' . $basename . '-' . $size . '.' . $extension;
     }
 
     private function getBasename(string $path): string

app/Models/Note.php

@@ -111,7 +111,7 @@ class Note extends Model
     {
         if ($value !== null) {
             $normalized = normalizer_normalize($value, Normalizer::FORM_C);
-            if ($normalized === '') { //we don’t want to save empty strings to the db
+            if ($normalized === '') { // we don’t want to save empty strings to the db
                 $normalized = null;
             }
             $this->attributes['note'] = $normalized;
@@ -124,7 +124,7 @@ class Note extends Model
     public function getNoteAttribute(?string $value): ?string
     {
         if ($value === null && $this->place !== null) {
-            $value = '📍: <a href="' . $this->place->longurl . '">' . $this->place->name . '</a>';
+            $value = '📍: <a href="' . $this->place->uri . '">' . $this->place->name . '</a>';
         }
 
         // if $value is still null, just return null
@@ -172,16 +172,11 @@ class Note extends Model
         return (string) resolve(Numbers::class)->numto60($this->id);
     }
 
-    public function getLongurlAttribute(): string
+    public function getUriAttribute(): string
     {
         return config('app.url') . '/notes/' . $this->nb60id;
     }
 
-    public function getShorturlAttribute(): string
-    {
-        return config('url.shorturl') . '/notes/' . $this->nb60id;
-    }
-
     public function getIso8601Attribute(): string
     {
         return $this->updated_at->toISO8601String();
@@ -271,7 +266,7 @@ class Note extends Model
             ]);
 
             if ($oEmbed->httpstatus >= 400) {
-                throw new Exception();
+                throw new Exception;
             }
         } catch (Exception $e) {
             return null;
@@ -388,18 +383,18 @@ class Note extends Model
                 'mentions_handle' => [
                     'prefix' => '@',
                     'pattern' => '([\w@.])+(\b)',
-                    'generator' => new MentionGenerator(),
+                    'generator' => new MentionGenerator,
                 ],
             ],
         ];
 
         $environment = new Environment($config);
-        $environment->addExtension(new CommonMarkCoreExtension());
-        $environment->addExtension(new AutolinkExtension());
-        $environment->addExtension(new MentionExtension());
-        $environment->addRenderer(Mention::class, new MentionRenderer());
-        $environment->addRenderer(FencedCode::class, new FencedCodeRenderer());
-        $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer());
+        $environment->addExtension(new CommonMarkCoreExtension);
+        $environment->addExtension(new AutolinkExtension);
+        $environment->addExtension(new MentionExtension);
+        $environment->addRenderer(Mention::class, new MentionRenderer);
+        $environment->addRenderer(FencedCode::class, new FencedCodeRenderer);
+        $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer);
         $markdownConverter = new MarkdownConverter($environment);
 
         return $markdownConverter->convert($note)->getContent();

app/Models/Place.php

@@ -59,7 +59,7 @@ class Place extends Model
                      * sin(radians(places.latitude))))";
 
         return $query
-            ->select() //pick the columns you want here.
+            ->select() // pick the columns you want here.
             ->selectRaw("{$haversine} AS distance")
             ->whereRaw("{$haversine} < ?", [$distance]);
     }
@@ -74,24 +74,10 @@ class Place extends Model
         ]));
     }
 
-    protected function longurl(): Attribute
-    {
-        return Attribute::get(
-            get: fn ($value, $attributes) => config('app.url') . '/places/' . $attributes['slug'],
-        );
-    }
-
-    protected function shorturl(): Attribute
-    {
-        return Attribute::get(
-            get: fn ($value, $attributes) => config('url.shorturl') . '/places/' . $attributes['slug'],
-        );
-    }
-
     protected function uri(): Attribute
     {
         return Attribute::get(
-            get: fn () => $this->longurl,
+            get: static fn ($value, $attributes) => config('app.url') . '/places/' . $attributes['slug'],
         );
     }
 

app/Models/WebMention.php

@@ -42,7 +42,7 @@ class WebMention extends Model
                     return null;
                 }
 
-                $authorship = new Authorship();
+                $authorship = new Authorship;
                 $hCard = $authorship->findAuthor(json_decode($attributes['mf2'], true));
 
                 if ($hCard === false) {
@@ -109,13 +109,21 @@ class WebMention extends Model
     /**
      * Create the photo link.
      */
-    public function createPhotoLink(string $url): string
+    public function createPhotoLink(string|array $url): string
     {
+        if (is_array($url)) {
+            if (! array_key_exists('value', $url)) {
+                return '';
+            }
+
+            $url = $url['value'];
+        }
+
         $url = normalize_url($url);
         $host = parse_url($url, PHP_URL_HOST);
 
         if ($host === 'pbs.twimg.com') {
-            //make sure we use HTTPS, we know twitter supports it
+            // make sure we use HTTPS, we know twitter supports it
             return str_replace('http://', 'https://', $url);
         }
 
@@ -127,12 +135,12 @@ class WebMention extends Model
             $codebird = resolve(Codebird::class);
             $info = $codebird->users_show(['screen_name' => $username]);
             $profile_image = $info->profile_image_url_https;
-            Cache::put($url, $profile_image, 10080); //1 week
+            Cache::put($url, $profile_image, 10080); // 1 week
 
             return $profile_image;
         }
 
-        $filesystem = new Filesystem();
+        $filesystem = new Filesystem;
         if ($filesystem->exists(public_path() . '/assets/profile-images/' . $host . '/image')) {
             return '/assets/profile-images/' . $host . '/image';
         }

app/Observers/NoteObserver.php

@@ -9,15 +9,10 @@ use App\Models\Tag;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 
-/**
- * @todo Do we need psalm-suppress for these observer methods?
- */
 class NoteObserver
 {
     /**
-     * Listen to the Note created event.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
+     * Listen to the Note created event.=
      */
     public function created(Note $note): void
     {
@@ -39,9 +34,7 @@ class NoteObserver
     }
 
     /**
-     * Listen to the Note updated event.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
+     * Listen to the Note updated event.=
      */
     public function updated(Note $note): void
     {
@@ -65,9 +58,7 @@ class NoteObserver
     }
 
     /**
-     * Listen to the Note deleting event.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
+     * Listen to the Note deleting event.=
      */
     public function deleting(Note $note): void
     {

app/Providers/AppServiceProvider.php

@@ -88,9 +88,9 @@ class AppServiceProvider extends ServiceProvider
         $this->app->bind('Lcobucci\JWT\Configuration', function () {
             $key = InMemory::plainText(config('app.key'));
 
-            $config = Configuration::forSymmetricSigner(new Sha256(), $key);
+            $config = Configuration::forSymmetricSigner(new Sha256, $key);
 
-            $config->setValidationConstraints(new SignedWith(new Sha256(), $key));
+            $config->setValidationConstraints(new SignedWith(new Sha256, $key));
 
             return $config;
         });
@@ -98,7 +98,7 @@ class AppServiceProvider extends ServiceProvider
         // Configure HtmlSanitizer
         $this->app->bind(HtmlSanitizer::class, function () {
             return new HtmlSanitizer(
-                (new HtmlSanitizerConfig())
+                (new HtmlSanitizerConfig)
                     ->allowSafeElements()
                     ->forceAttribute('a', 'rel', 'noopener nofollow')
             );

app/Providers/HorizonServiceProvider.php

@@ -5,9 +5,6 @@ namespace App\Providers;
 use Illuminate\Support\Facades\Gate;
 use Laravel\Horizon\HorizonApplicationServiceProvider;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class HorizonServiceProvider extends HorizonApplicationServiceProvider
 {
     /**

app/Services/BookmarkService.php

@@ -21,7 +21,7 @@ class BookmarkService extends Service
     public function create(array $request, ?string $client = null): Bookmark
     {
         if (Arr::get($request, 'properties.bookmark-of.0')) {
-            //micropub request
+            // micropub request
             $url = normalize_url(Arr::get($request, 'properties.bookmark-of.0'));
             $name = Arr::get($request, 'properties.name.0');
             $content = Arr::get($request, 'properties.content.0');
@@ -61,8 +61,8 @@ class BookmarkService extends Service
         try {
             $response = $client->request('GET', 'https://web.archive.org/save/' . $url);
         } catch (ClientException $e) {
-            //throw an exception to be caught
-            throw new InternetArchiveException();
+            // throw an exception to be caught
+            throw new InternetArchiveException;
         }
         if ($response->hasHeader('Content-Location')) {
             if (Str::startsWith(Arr::get($response->getHeader('Content-Location'), 0), '/web')) {
@@ -70,7 +70,7 @@ class BookmarkService extends Service
             }
         }
 
-        //throw an exception to be caught
-        throw new InternetArchiveException();
+        // throw an exception to be caught
+        throw new InternetArchiveException;
     }
 }

app/Services/LikeService.php

@@ -16,7 +16,7 @@ class LikeService extends Service
     public function create(array $request, ?string $client = null): Like
     {
         if (Arr::get($request, 'properties.like-of.0')) {
-            //micropub request
+            // micropub request
             $url = normalize_url(Arr::get($request, 'properties.like-of.0'));
         }
         if (Arr::get($request, 'like-of')) {

app/Services/Micropub/HCardService.php

@@ -27,6 +27,6 @@ class HCardService
             $data['longitude'] = Arr::get($request, 'longitude');
         }
 
-        return resolve(PlaceService::class)->createPlace($data)->longurl;
+        return resolve(PlaceService::class)->createPlace($data)->uri;
     }
 }

app/Services/Micropub/HEntryService.php

@@ -18,17 +18,17 @@ class HEntryService
     public function process(array $request, ?string $client = null): ?string
     {
         if (Arr::get($request, 'properties.like-of') || Arr::get($request, 'like-of')) {
-            return resolve(LikeService::class)->create($request)->longurl;
+            return resolve(LikeService::class)->create($request)->url;
         }
 
         if (Arr::get($request, 'properties.bookmark-of') || Arr::get($request, 'bookmark-of')) {
-            return resolve(BookmarkService::class)->create($request)->longurl;
+            return resolve(BookmarkService::class)->create($request)->uri;
         }
 
         if (Arr::get($request, 'properties.name') || Arr::get($request, 'name')) {
-            return resolve(ArticleService::class)->create($request)->longurl;
+            return resolve(ArticleService::class)->create($request)->link;
         }
 
-        return resolve(NoteService::class)->create($request, $client)->longurl;
+        return resolve(NoteService::class)->create($request, $client)->uri;
     }
 }

app/Services/Micropub/UpdateService.php

@@ -20,7 +20,7 @@ class UpdateService
     {
         $urlPath = parse_url(Arr::get($request, 'url'), PHP_URL_PATH);
 
-        //is it a note we are updating?
+        // is it a note we are updating?
         if (mb_substr($urlPath, 1, 5) !== 'notes') {
             return response()->json([
                 'error' => 'invalid',
@@ -37,7 +37,7 @@ class UpdateService
             ], 404);
         }
 
-        //got the note, are we dealing with a “replace” request?
+        // got the note, are we dealing with a “replace” request?
         if (Arr::get($request, 'replace')) {
             foreach (Arr::get($request, 'replace') as $property => $value) {
                 if ($property === 'content') {
@@ -64,7 +64,7 @@ class UpdateService
             ]);
         }
 
-        //how about “add”
+        // how about “add”
         if (Arr::get($request, 'add')) {
             foreach (Arr::get($request, 'add') as $property => $value) {
                 if ($property === 'syndication') {
@@ -83,7 +83,7 @@ class UpdateService
                 if ($property === 'photo') {
                     foreach ($value as $photoURL) {
                         if (Str::startsWith($photoURL, 'https://')) {
-                            $media = new Media();
+                            $media = new Media;
                             $media->path = $photoURL;
                             $media->type = 'image';
                             $media->save();

app/Services/NoteService.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Services;
 
 use App\Jobs\SendWebMentions;
+use App\Jobs\SyndicateNoteToBluesky;
 use App\Jobs\SyndicateNoteToMastodon;
 use App\Models\Media;
 use App\Models\Note;
@@ -53,6 +54,10 @@ class NoteService extends Service
             dispatch(new SyndicateNoteToMastodon($note));
         }
 
+        if (in_array('bluesky', $this->getSyndicationTargets($request), true)) {
+            dispatch(new SyndicateNoteToBluesky($note));
+        }
+
         return $note;
     }
 
@@ -156,12 +161,12 @@ class NoteService extends Service
         $mpSyndicateTo = Arr::wrap($mpSyndicateTo);
         foreach ($mpSyndicateTo as $uid) {
             $target = SyndicationTarget::where('uid', $uid)->first();
-            if ($target && $target->service_name === 'Twitter') {
-                $syndication[] = 'twitter';
-            }
             if ($target && $target->service_name === 'Mastodon') {
                 $syndication[] = 'mastodon';
             }
+            if ($target && $target->service_name === 'Bluesky') {
+                $syndication[] = 'bluesky';
+            }
         }
 
         return $syndication;

app/Services/PlaceService.php

@@ -14,8 +14,8 @@ class PlaceService
      */
     public function createPlace(array $data): Place
     {
-        //obviously a place needs a lat/lng, but this could be sent in a geo-url
-        //if no geo array key, we assume the array already has lat/lng values
+        // obviously a place needs a lat/lng, but this could be sent in a geo-url
+        // if no geo array key, we assume the array already has lat/lng values
         if (array_key_exists('geo', $data) && $data['geo'] !== null) {
             preg_match_all(
                 '/([0-9\.\-]+)/',
@@ -25,7 +25,7 @@ class PlaceService
             $data['latitude'] = $matches[0][0];
             $data['longitude'] = $matches[0][1];
         }
-        $place = new Place();
+        $place = new Place;
         $place->name = $data['name'];
         $place->description = $data['description'];
         $place->latitude = $data['latitude'];
@@ -40,7 +40,7 @@ class PlaceService
      */
     public function createPlaceFromCheckin(array $checkin): Place
     {
-        //check if the place exists if from swarm
+        // check if the place exists if from swarm
         if (Arr::has($checkin, 'properties.url')) {
             $place = Place::whereExternalURL(Arr::get($checkin, 'properties.url.0'))->get();
             if (count($place) === 1) {
@@ -53,7 +53,7 @@ class PlaceService
         if (Arr::has($checkin, 'properties.latitude') === false) {
             throw new \InvalidArgumentException('Missing required longitude/latitude');
         }
-        $place = new Place();
+        $place = new Place;
         $place->name = Arr::get($checkin, 'properties.name.0');
         $place->external_urls = Arr::get($checkin, 'properties.url.0');
         $place->latitude = Arr::get($checkin, 'properties.latitude.0');

app/Services/TokenService.php

@@ -19,7 +19,7 @@ class TokenService
         $config = resolve(Configuration::class);
 
         $token = $config->builder()
-            ->issuedAt(new DateTimeImmutable())
+            ->issuedAt(new DateTimeImmutable)
             ->withClaim('client_id', $data['client_id'])
             ->withClaim('me', $data['me'])
             ->withClaim('scope', $data['scope'])

bootstrap/app.php

@@ -1,6 +1,6 @@
 <?php
 
-use App\Http\Middleware\CSPHeader;
+use App\Http\Middleware\LinkHeadersMiddleware;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
@@ -12,7 +12,16 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
-        $middleware->append(CSPHeader::class);
+        $middleware
+            ->append(LinkHeadersMiddleware::class)
+            ->validateCsrfTokens(except: [
+                'auth',  // This is the IndieAuth auth endpoint
+                'token', // This is the IndieAuth token endpoint
+                'api/post',
+                'api/media',
+                'micropub/places',
+                'webmention',
+            ]);
     })
     ->withExceptions(function (Exceptions $exceptions) {
         //

composer.json

@@ -1,7 +1,8 @@
 {
+    "$schema": "https://getcomposer.org/schema.json",
     "name": "jonnybarnes/jonnybarnes.uk",
     "type": "project",
-    "description": "The code for jonnybarnes.uk, based on Laravel 10",
+    "description": "The code for jonnybarnes.uk, based on Laravel 11",
     "keywords": ["laravel", "framework", "indieweb"],
     "license": "CC0-1.0",
     "require": {
@@ -10,14 +11,15 @@
         "ext-intl": "*",
         "ext-json": "*",
         "ext-pgsql": "*",
-        "cviebrock/eloquent-sluggable": "^11.0",
+        "ext-sodium": "*",
+        "cviebrock/eloquent-sluggable": "^12.0",
         "guzzlehttp/guzzle": "^7.2",
         "indieauth/client": "^1.1",
         "intervention/image": "^3",
         "jonnybarnes/indieweb": "~0.2",
         "jonnybarnes/webmentions-parser": "~0.5",
         "jublonet/codebird-php": "4.0.0-beta.1",
-        "laravel/framework": "^11.0",
+        "laravel/framework": "^12.0",
         "laravel/horizon": "^5.0",
         "laravel/sanctum": "^4.0",
         "laravel/scout": "^10.1",
@@ -26,26 +28,28 @@
         "league/commonmark": "^2.0",
         "league/flysystem-aws-s3-v3": "^3.0",
         "mf2/mf2": "~0.3",
+        "phpdocumentor/reflection-docblock": "^5.3",
         "spatie/commonmark-highlighter": "^3.0",
         "spatie/laravel-ignition": "^2.1",
         "symfony/html-sanitizer": "^7.0",
-        "web-auth/webauthn-lib": "^4.7"
+        "symfony/property-access": "^7.0",
+        "symfony/serializer": "^7.0",
+        "web-auth/webauthn-lib": "^5.0"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "^3.0",
         "barryvdh/laravel-ide-helper": "^3.0",
         "fakerphp/faker": "^1.9.2",
         "laravel/dusk": "^8.0",
+        "laravel/pail": "^1.2",
         "laravel/pint": "^1.0",
         "laravel/sail": "^1.18",
         "mockery/mockery": "^1.4.4",
         "nunomaduro/collision": "^8.1",
-        "openai-php/client": "^0.8.0",
-        "phpunit/php-code-coverage": "^10.0",
-        "phpunit/phpunit": "^10.1",
-        "psalm/plugin-laravel": "^2.8",
-        "spatie/laravel-ray": "^1.12",
-        "vimeo/psalm": "^5.0"
+        "openai-php/client": "^0.10.1",
+        "phpunit/php-code-coverage": "^11.0",
+        "phpunit/phpunit": "^11.0",
+        "spatie/laravel-ray": "^1.12"
     },
     "autoload": {
         "psr-4": {
@@ -74,7 +78,13 @@
             "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
         ],
         "post-create-project-cmd": [
-            "@php artisan key:generate --ansi"
+            "@php artisan key:generate --ansi",
+            "@php -r \"file_exists('database/database.sqlite') || touch('database/database.sqlite');\"",
+            "@php artisan migrate --graceful --ansi"
+        ],
+        "dev": [
+            "Composer\\Config::disableProcessTimeout",
+            "npx concurrently -c \"#93c5fd,#c4b5fd,#fb7185,#fdba74\" \"php artisan serve\" \"php artisan queue:listen --tries=1\" \"php artisan pail --timeout=0\" \"npm run dev\" --names=server,queue,logs,vite"
         ]
     },
     "extra": {

config/app.php

@@ -65,7 +65,7 @@ return [
     |
     */
 
-    'timezone' => env('APP_TIMEZONE', 'UTC'),
+    'timezone' => 'UTC',
 
     /*
     |--------------------------------------------------------------------------

config/bridgy.php

@@ -15,4 +15,17 @@ return [
 
     'mastodon_token' => env('BRIDGY_MASTODON_TOKEN'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Bluesky Token
+    |--------------------------------------------------------------------------
+    |
+    | When syndicating posts to Bluesky using Brid.gy’s Micropub endpoint, we
+    | need to provide an access token. This token can be generated by going to
+    | https://brid.gy/bluesky and clicking the “Get token” button.
+    |
+    */
+
+    'bluesky_token' => env('BRIDGY_BLUESKY_TOKEN'),
+
 ];

config/database.php

@@ -37,6 +37,9 @@ return [
             'database' => env('DB_DATABASE', database_path('database.sqlite')),
             'prefix' => '',
             'foreign_key_constraints' => env('DB_FOREIGN_KEYS', true),
+            'busy_timeout' => null,
+            'journal_mode' => null,
+            'synchronous' => null,
         ],
 
         'mysql' => [
@@ -145,6 +148,7 @@ return [
         'options' => [
             'cluster' => env('REDIS_CLUSTER', 'redis'),
             'prefix' => env('REDIS_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_database_'),
+            'persistent' => env('REDIS_PERSISTENT', false),
         ],
 
         'default' => [

config/debugbar.php

@@ -119,7 +119,7 @@ return [
             'full_log' => false,
         ],
         'views' => [
-            'data' => false,    //Note: Can slow down the application, because the data can be quite large..
+            'data' => false,    // Note: Can slow down the application, because the data can be quite large..
         ],
         'route' => [
             'label' => true,  // show complete route on bar

config/filesystems.php

@@ -32,8 +32,10 @@ return [
 
         'local' => [
             'driver' => 'local',
-            'root' => storage_path('app'),
+            'root' => storage_path('app/private'),
+            'serve' => true,
             'throw' => false,
+            'report' => false,
         ],
 
         'public' => [
@@ -42,6 +44,7 @@ return [
             'url' => env('APP_URL').'/storage',
             'visibility' => 'public',
             'throw' => false,
+            'report' => false,
         ],
 
         's3' => [
@@ -54,6 +57,7 @@ return [
             'endpoint' => env('AWS_ENDPOINT'),
             'use_path_style_endpoint' => env('AWS_USE_PATH_STYLE_ENDPOINT', false),
             'throw' => false,
+            'report' => false,
         ],
 
     ],

config/logging.php

@@ -127,6 +127,10 @@ return [
             'path' => storage_path('logs/laravel.log'),
         ],
 
+        'flare' => [
+            'driver' => 'flare',
+        ],
+
     ],
 
 ];

config/mail.php

@@ -38,14 +38,14 @@ return [
 
         'smtp' => [
             'transport' => 'smtp',
+            'scheme' => env('MAIL_SCHEME'),
             'url' => env('MAIL_URL'),
             'host' => env('MAIL_HOST', '127.0.0.1'),
             'port' => env('MAIL_PORT', 2525),
-            'encryption' => env('MAIL_ENCRYPTION', 'tls'),
             'username' => env('MAIL_USERNAME'),
             'password' => env('MAIL_PASSWORD'),
             'timeout' => null,
-            'local_domain' => env('MAIL_EHLO_DOMAIN'),
+            'local_domain' => env('MAIL_EHLO_DOMAIN', parse_url(env('APP_URL', 'http://localhost'), PHP_URL_HOST)),
         ],
 
         'ses' => [

config/session.php

@@ -32,7 +32,7 @@ return [
     |
     */
 
-    'lifetime' => env('SESSION_LIFETIME', 120),
+    'lifetime' => (int) env('SESSION_LIFETIME', 120),
 
     'expire_on_close' => env('SESSION_EXPIRE_ON_CLOSE', false),
 

config/url.php

@@ -1,43 +0,0 @@
-<?php
-
-/*
- * Here we set the long and short URLs our app shall use
- * You can override these settings in the .env file
- */
-
-return [
-
-    /*
-    |--------------------------------------------------------------------------
-    | Application Long URL
-    |--------------------------------------------------------------------------
-    |
-    | The long URL for the application
-    |
-    */
-
-    'longurl' => env('APP_LONGURL', 'longurl.local'),
-
-    /*
-    |--------------------------------------------------------------------------
-    | Application Short URL
-    |--------------------------------------------------------------------------
-    |
-    | The short URL for the application
-    |
-    */
-
-    'shorturl' => env('APP_SHORTURL', 'shorturl.local'),
-
-    /*
-    |--------------------------------------------------------------------------
-    | Authorization endpoint
-    |--------------------------------------------------------------------------
-    |
-    | The authorization endpoint for the application, used primarily for Micropub
-    |
-    */
-
-    'authorization_endpoint' => env('AUTHORIZATION_ENDPOINT', 'https://indieauth.com/auth'),
-
-];

database/factories/ArticleFactory.php

@@ -7,8 +7,6 @@ use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Carbon;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Article>
  */
 class ArticleFactory extends Factory

database/factories/BioFactory.php

@@ -5,8 +5,6 @@ namespace Database\Factories;
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Bio>
  */
 class BioFactory extends Factory

database/factories/BookmarkFactory.php

@@ -7,8 +7,6 @@ use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Carbon;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Bookmark>
  */
 class BookmarkFactory extends Factory

database/factories/ContactFactory.php

@@ -7,8 +7,6 @@ use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Carbon;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Contact>
  */
 class ContactFactory extends Factory

database/factories/LikeFactory.php

@@ -7,8 +7,6 @@ use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Carbon;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Like>
  */
 class LikeFactory extends Factory

database/factories/MediaFactory.php

@@ -7,8 +7,6 @@ use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Carbon;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Media>
  */
 class MediaFactory extends Factory

database/factories/MicropubClientFactory.php

@@ -6,8 +6,6 @@ use App\Models\MicropubClient;
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\MicropubClient>
  */
 class MicropubClientFactory extends Factory

database/factories/NoteFactory.php

@@ -8,8 +8,6 @@ use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Carbon;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Note>
  */
 class NoteFactory extends Factory

database/factories/PlaceFactory.php

@@ -6,8 +6,6 @@ use App\Models\Place;
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 /**
- * @psalm-suppress UnusedClass
- *
  * @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\Place>
  */
 class PlaceFactory extends Factory