Skip to content

feat: auth (2FA/passkeys), activity log, domain status checks, user/team management#19

Merged
DGINXREAL merged 68 commits into
mainfrom
new-features
Jun 19, 2026
Merged

feat: auth (2FA/passkeys), activity log, domain status checks, user/team management#19
DGINXREAL merged 68 commits into
mainfrom
new-features

Conversation

@DGINXREAL

@DGINXREAL DGINXREAL commented Jun 19, 2026

Copy link
Copy Markdown
Member

Summary

Large feature branch bringing several capabilities to Marketix. 65 commits, 130 files. Grouped by area below.

Auth & account security

  • TOTP two-factor: enable/confirm/disable/recovery codes, login gated behind a TOTP challenge, rate-limited challenge endpoints.
  • Passkeys (laravel/passkeys) as a second factor, with login/challenge buttons and profile management UI.
  • Forced password change: force_password_change column, gate, dedicated page/endpoint.

Activity log (Spatie activitylog v5)

  • Auto-logging for Url (with password redaction), Domain, QrCode, Pixel, Project.
  • Security event logging (login, password, 2FA, passkeys) and membership/invitation events.
  • ActivityRecorder helper for manual events; project-scoped project_id column and custom model.
  • Project activity feed, admin audit view with filters, per-resource history panel with lazy loading.
  • Daily pruning scheduled (365-day retention).

Domains

  • On-create + 15-minute status checks via CheckDomainStatusJob (single write path) and DomainStatusChecker.
  • DNS resolver / certificate reader seams, /.well-known/marketix signature route, on-demand check endpoint.
  • Status columns + derived accessor; SSRF hardening and tighter cert matching; status UI (pills, info box, check-now).

Users & team

  • Sectioned user edit page (projects + security actions), user-centric membership endpoints, admin "send password reset link".
  • Invitations: resend endpoint/button, last_sent_at, expired badges, cross-project isolation test.

Admin & layout

  • marketix:create-admin console command (create or promote a super admin).
  • Renamed existing commands under the marketix: prefix.
  • Horizon link in admin sidebar; app version shown in sidebar/admin/auth layouts.
  • SweetAlert2 replaces native delete confirms.

Stats

  • Trust the reverse proxy so the real client IP is recorded.

Test plan

  • Full suite green: 254 passing.
  • Design specs and implementation plans for the larger features are committed under docs/.

🤖 Generated with Claude Code

DGINXREAL and others added 30 commits June 18, 2026 16:53
@DGINXREAL @claude
feat(admin): add Horizon link to admin sidebar
8baba54 
Add a Horizon navigation point to AdminSidebar. Uses a plain anchor
(full-page navigation) since Horizon is a Blade-rendered dashboard, not
an Inertia page. Access stays consistent with the super_admin-gated
admin area and Horizon's viewHorizon gate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(layout): show app version in sidebar
cdfc5a8 
Share the package.json version as an Inertia prop and render it as a
muted label at the bottom of the sidebar.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(layout): show app version in admin and auth layouts
95a63f1 
Render the shared version prop at the AdminSidebar bottom and in the
GuestLayout (branding panel on desktop, footer on mobile).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(ui): replace native delete confirms with SweetAlert2
9372b45 
Add a themed confirmDelete() helper (resources/js/lib/confirm.ts) that
follows the app's light/dark theme and defaults focus to Cancel, then
wire it into all delete actions across links, domains, QR codes, pixels,
team, and admin pages. The previously unguarded team invitation revoke
now requires confirmation too.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL
feat(auth): add two-factor columns to users
298ca1a
@DGINXREAL
feat(auth): add TOTP support service
49b768a
@DGINXREAL
feat(auth): add TOTP enable/confirm/disable/recovery management
831e1b8
@DGINXREAL
feat(auth): gate login behind TOTP challenge
cd442b6
@DGINXREAL
feat(auth): install laravel/passkeys and wire User model
dc1b9e0
@DGINXREAL
feat(auth): add passkey second-factor and rename endpoints
60922f0
@DGINXREAL @claude
feat(profile): add 2FA and passkey management UI
344e3b6 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL @claude
fix(profile): disable 2FA disable/regenerate buttons while processing
28f3205 
Prevents double-submission of the disable and recovery-code regeneration
requests, matching the existing processing guard on the confirm button.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL
feat(auth): add passkey buttons to login and challenge
06db95e
@DGINXREAL @claude
fix(auth): rate-limit 2FA challenge endpoints and address review find…
27e38bf 
…ings

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(invitations): add last_sent_at column and canResend() helper
0d8889f 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(invitations): add resend endpoint and surface expired invites
3e803e2 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(invitations): add resend button and expired badge to team page
b084195 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
test(invitations): add cross-project resend isolation test; fix disab…
b755aeb 
…led button hover

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
docs(domains): design spec for CNAME info box & status check
7e16d81 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
docs(domains): implementation plan for status check feature
71d92a0 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL
feat(domains): add status columns, derived status accessor, factory
f622bb1
@DGINXREAL
feat(domains): add /.well-known/marketix signature route
763c4ea
@DGINXREAL
feat(domains): add DNS resolver and certificate reader seams
9649add
@DGINXREAL
feat(domains): add DomainStatusChecker service
00ee992
@DGINXREAL
feat(domains): add CheckDomainStatusJob as single status write path
7c783ad
@DGINXREAL
feat(domains): check status on create and every 15 minutes
a3b4e51
@DGINXREAL
feat(domains): add on-demand status check endpoint and expose appDomain
a9baf13
@DGINXREAL
feat(domains): info box, status pills, and check-now UI
66bd2a1
@DGINXREAL @claude
fix(domains): harden reachability check against SSRF and tighten cert…
34098a6 
… matching

- Block SSRF in checkReachable: resolve host IPs first; refuse if empty or any IP is
  private/reserved/loopback/link-local using isPublicIp() (filter_var FILTER_FLAG_NO_PRIV_RANGE |
  FILTER_FLAG_NO_RES_RANGE); disable redirect following with allow_redirects=false.
- Tighten certCoversHost wildcard matching: *.example.com now matches only hosts with
  the same dot-label count (one wildcard label), preventing deep.sub.example.com from matching.
- Guard SystemCertificateReader::read() against openssl_x509_parse() returning false.
- Add TDD tests: SSRF private IP refused, SSRF unresolvable refused, wildcard single-label
  match, wildcard multi-label rejection, fault isolation (throwing resolver does not abort SSL check).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL @claude
docs: design for user edit page refactor
33795e0 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
DGINXREAL and others added 24 commits June 18, 2026 22:32
@DGINXREAL @claude
docs(activity-log): add implementation plan
c034ad4 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(activity-log): install spatie activitylog with project_id column…
4962bfa 
… and custom model

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL @claude
chore(activity-log): address review nits (unused imports, rollback)
9fe66f2 
- Remove unused Spatie Activity import from published config
- Add down() to published create_activity_log_table migration
- Remove unused ActivitylogServiceProvider import from SchemaTest

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL
feat(activity-log): add project-tagging and redaction concern
3bb67ba
@DGINXREAL @claude
fix(activity-log): use v5 beforeActivityLogged hook and attribute_cha…
3057ca1 
…nges

spatie/laravel-activitylog v5 renamed the subject hook from tapActivity to
beforeActivityLogged and stores attribute diffs in $activity->attribute_changes
rather than ->properties. The original trait targeted the v4 names, so it was
silently inert: the project tag was never set and sensitive values were never
redacted in production. Retarget the hook and redact attribute_changes (plus
properties defensively).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
docs(activity-log): correct plan for Spatie v5 (beforeActivityLogged …
122d585 
…+ attribute_changes)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
fix(activity-log): expose v5 attribute_changes as 'changes' in toFeed…
e2df416 
…Array

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL
feat(activity-log): auto-log Url changes with password redaction
7b8216a
@DGINXREAL @claude
docs(activity-log): correct Task 4 imports for Spatie v5 (Models\Conc…
870ffc0 
…erns, Support\LogOptions, dontLogEmptyChanges)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(activity-log): auto-log Domain, QrCode, Pixel, Project
a3e37f5 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL
feat(activity-log): add ActivityRecorder helper for manual events
c307032
@DGINXREAL
feat(activity-log): log membership and invitation events
83fe181
@DGINXREAL @claude
docs(activity-log): fix Task 7 passkey hook to use user() relation (n…
bb273f8 
…ot authenticatable)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL
feat(activity-log): log security events (login, password, 2FA, passkeys)
b6ed7b9
@DGINXREAL
feat(activity-log): project activity feed page
4064244
@DGINXREAL @claude
feat(activity-log): admin audit view with filters
bc0c879 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL @claude
feat(activity-log): per-resource history panel with lazy loading
08c83f0 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL @claude
fix(activity-log): assert non-empty history in test, fix QrCodes edit…
d93f65d 
… spacing

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL
feat(activity-log): schedule daily activity log pruning (365 days)
c421f30
@DGINXREAL @claude
fix(activity-log): guard null activity when logging disabled; show pr…
86be4b9 
…oject in admin feed

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@DGINXREAL @claude
fix(activity-log): use ULID morphs for activity_log subject/causer
d0d3577 
The Spatie-published migration created subject_id/causer_id as bigint, but
all subjects (Url/Domain/QrCode/Pixel/Project) and causers (User) use ULID
keys. On MariaDB this truncated inserted ULIDs (demo:setup crash); SQLite's
loose type affinity hid it in the test suite. Switch both morphs to
nullableUlidMorphs (char 26).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
fix(stats): trust reverse proxy so real client IP is recorded
0b229de 
$request->ip() returned the Docker proxy's internal IP because no
proxies were trusted, so X-Forwarded-For was ignored. Configure
trustProxies(at: '*') to read forwarded headers, fixing client IP,
geo lookup, unique-click dedup, and activity log.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
feat(console): add marketix:create-admin command
a473fa2 
Create or promote a global super admin from the CLI. Accepts --name,
--email, --password flags with interactive fallback (password prompted
securely with confirmation). Promotes an existing user without resetting
their password; no-ops when already a super admin.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL
feat: rename commands with marketix prefix
fc841c0
@DGINXREAL DGINXREAL requested a review from noidee-dev as a code owner June 19, 2026 07:32
DGINXREAL and others added 3 commits June 19, 2026 09:34
@DGINXREAL @claude
style: apply pint formatting
be01efe 
Import ordering, brace position, and unused-import cleanup across
controllers, routes, config, and tests. No behavior change.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
test: fake Traefik config job in domain/activity-log tests
4b623f7 
CI copies .env.example, which sets TRAEFIK_DYNAMIC_FILE=/traefik/...,
an unwritable path on the runner. Tests that create a Domain ran the
synchronous RegenerateTraefikConfigJob and failed on file_put_contents.

Add Queue::fake([RegenerateTraefikConfigJob::class]) in setUp() for the
six affected files, matching the existing convention used across the
suite. The check endpoint still persists via dispatchSync of the real
CheckDomainStatusJob.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL @claude
test: lift RegenerateTraefikConfigJob fake into base TestCase
67931ed 
The partial Queue::fake([RegenerateTraefikConfigJob::class]) was
duplicated in setUp() across 15 test files. Centralize it in
Tests\TestCase::setUp() so every test inherits it and future
domain-creating tests can't regress on the unwritable Traefik path.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@DGINXREAL DGINXREAL merged commit 73473ad into main Jun 19, 2026
3 checks passed
@DGINXREAL DGINXREAL deleted the new-features branch June 19, 2026 08:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@noidee-dev noidee-dev Awaiting requested review from noidee-dev noidee-dev is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DGINXREAL