larsverp / eventhandler-api Goto Github PK

A new scope has te be made for admins.
Everything a Rockstar can right now, has to be an admin.

Rockstars can subscribe to different events.

For editing a user, you have to be able to return the data form ONE user

When a user want to unsubscribe from an event, an email shoull be sent.

The API should have a whitelist for domains. Only the whitelisted domains should be allowed to make calls

admin has to be able to change user role after user is created

Tokens should not have a long life like they have at the moment

I deleted my account, but because the token is saved in my cookie, I still have all the permissions

Change al ID's to UUID. A UUID looks much better and is a bit more secure

Event update is not working when updating categories

"message": "SQLSTATE[42703]: Undefined column: 7 ERROR:  column \"id\" does not exist\nLINE 1: ...ed_at\", \"created_at\") values ($1, $2, $3, $4) returning \"id\"\n                                                                   ^ (SQL: insert into \"cat__eves\" (\"event_id\", \"category_id\", \"updated_at\", \"created_at\") values (fe96c915-e4d6-4991-b498-45259ee99f57, 82ab4964-69aa-4a81-b72d-9e0797d5316a, 2020-05-14 13:40:06, 2020-05-14 13:40:06) returning \"id\")",
    "exception": "Illuminate\\Database\\QueryException",
    "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Connection.php",
    "line": 669,

Got the /api/users/login endpoint working, but now every other endpoint gives an error. I think it has something to do with middleware(['auth:api', 'scope:rockstar,partner,guest']);

Events should be able to be saved before published

When GET request is sent to events it returns the field postal_code. This should be a city instead of postal code.

Whenever the ticket is closed, you have to be able to sign up again for an event.

Return the role when the user is loged in

This would be an extra

When events are get it takes almost 3 seconds to load (!!)
This is probably because of the slow outgoing speed of heroku. The postcode API has to be modified..

We should not forget about this. This has to be discussed before building the interested endpoint

Update total seats for the sold tickets

"{\n "message": "SQLSTATE[22008]: Datetime field overflow: 7 ERROR: date/time field value out of range: \"30-05-2020 08:30:00\"\nHINT: Perhaps you need a different \"datestyle\" setting. (SQL: update \"events\" set \"title\" = How I hacked NASA with CSS!!!, \"begin_date\" = 30-05-2020 08:30:00, \"end_date\" = 30-05-2020 11:30:00, \"thumbnail\" = https://images.unsplash.com/photo-1588615419957-bf66d53c6b49?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=1267&q=80, \"notification\" = 0, \"updated_at\" = 2020-05-25 13:13:42 where \"id\" = 046b4f2a-428a-4f3b-bd7d-b890a2633e70)",\n "exception": "Illuminate\\Database\\QueryException",\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Connection.php",\n "line": 669,\n "trace": [\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Connection.php",\n "line": 629,\n "function": "runQueryCallback",\n "class": "Illuminate\\Database\\Connection",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Connection.php",\n "line": 495,\n "function": "run",\n "class": "Illuminate\\Database\\Connection",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Connection.php",\n "line": 428,\n "function": "affectingStatement",\n "class": "Illuminate\\Database\\Connection",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php",\n "line": 2736,\n "function": "update",\n "class": "Illuminate\\Database\\Connection",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Builder.php",\n "line": 792,\n "function": "update",\n "class": "Illuminate\\Database\\Query\\Builder",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php",\n "line": 771,\n "function": "update",\n "class": "Illuminate\\Database\\Eloquent\\Builder",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php",\n "line": 686,\n "function": "performUpdate",\n "class": "Illuminate\\Database\\Eloquent\\Model",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php",\n "line": 631,\n "function": "save",\n "class": "Illuminate\\Database\\Eloquent\\Model",\n "type": "->"\n },\n {\n "file": "/app/app/Http/Controllers/EventsController.php",\n "line": 110,\n "function": "update",\n "class": "Illuminate\\Database\\Eloquent\\Model",\n "type": "->"\n },\n {\n "function": "update",\n "class": "App\\Http\\Controllers\\EventsController",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Controller.php",\n "line": 54,\n "function": "call_user_func_array"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php",\n "line": 45,\n "function": "callAction",\n "class": "Illuminate\\Routing\\Controller",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Route.php",\n "line": 225,\n "function": "dispatch",\n "class": "Illuminate\\Routing\\ControllerDispatcher",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Route.php",\n "line": 182,\n "function": "runController",\n "class": "Illuminate\\Routing\\Route",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Router.php",\n "line": 681,\n "function": "run",\n "class": "Illuminate\\Routing\\Route",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 128,\n "function": "Illuminate\\Routing\\{closure}",\n "class": "Illuminate\\Routing\\Router",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/passport/src/Http/Middleware/CheckForAnyScope.php",\n "line": 28,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Laravel\\Passport\\Http\\Middleware\\CheckForAnyScope",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php",\n "line": 41,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Illuminate\\Routing\\Middleware\\SubstituteBindings",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php",\n "line": 59,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Illuminate\\Routing\\Middleware\\ThrottleRequests",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php",\n "line": 44,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Illuminate\\Auth\\Middleware\\Authenticate",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 103,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Router.php",\n "line": 683,\n "function": "then",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Router.php",\n "line": 658,\n "function": "runRouteWithinStack",\n "class": "Illuminate\\Routing\\Router",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Router.php",\n "line": 624,\n "function": "runRoute",\n "class": "Illuminate\\Routing\\Router",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Routing/Router.php",\n "line": 613,\n "function": "dispatchToRoute",\n "class": "Illuminate\\Routing\\Router",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",\n "line": 165,\n "function": "dispatch",\n "class": "Illuminate\\Routing\\Router",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 128,\n "function": "Illuminate\\Foundation\\Http\\{closure}",\n "class": "Illuminate\\Foundation\\Http\\Kernel",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",\n "line": 21,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",\n "line": 21,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php",\n "line": 27,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php",\n "line": 63,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode",\n "type": "->"\n },\n {\n "file": "/app/vendor/fruitcake/laravel-cors/src/HandleCors.php",\n "line": 36,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Fruitcake\\Cors\\HandleCors",\n "type": "->"\n },\n {\n "file": "/app/vendor/fideloper/proxy/src/TrustProxies.php",\n "line": 57,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 167,\n "function": "handle",\n "class": "Fideloper\\Proxy\\TrustProxies",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",\n "line": 103,\n "function": "Illuminate\\Pipeline\\{closure}",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",\n "line": 140,\n "function": "then",\n "class": "Illuminate\\Pipeline\\Pipeline",\n "type": "->"\n },\n {\n "file": "/app/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",\n "line": 109,\n "function": "sendRequestThroughRouter",\n "class": "Illuminate\\Foundation\\Http\\Kernel",\n "type": "->"\n },\n {\n "file": "/app/public/index.php",\n "line": 55,\n "function": "handle",\n "class": "Illuminate\\Foundation\\Http\\Kernel",\n "type": "->"\n }\n ]\n}"

Every UUID can be added to the category array. This should not be allowed

Adding another key that is required to get the user tokes is more secure. This way we will have full control over who used the API

Should be dd-mm-yyyy hh:mm:ss
not months first

This shouldn't happen. The API should return an error when this happens

There should be an endpoint to "copy" an event. Admins will check if all values are still accurate and will select a new date. After the event is saved, all users that left a positive review (3+ stars) or no review will be notified about this event via email.

This way we could display events with specific categories.

Event thumbnail should check for a valid image + a valid web address

Ticket get endpoint returns the event, this should be the ticket info

Every user starts with 0 points for everything

Event:

• Cat & Speaker: +1

Review:

• Cat & Speaker:
  • 1-star -3
  • 2-star -2
  • 3-star +1
  • 4-star +2
  • 5-star +3

Tinder:

• Cat & Speaker:
  • Right-swipe +5
  • Left-swipe -5

At the moment only login does ask for API key, registration should do that as well.

It's nog very likely, but the token used on the ticket endpoint has a possibility of already existing. Change this token to a time based one to avoid the risk.

This is unsafe

EventController gives back the same date field as the user sends in. This is not right, it should format the date and time to a timestamp before returning to the user. Otherwise the API can't guarantee to send the same date format each time.

When you want to sign up (create a guest account), the insertion will be sent to the API. This value can contain a string or is null. But the insertion will always be sent to the API

Calls via HTTP should return an error code

Option to resubscribe to an event? At the moment this is not possible

All migrations need to be linked so record will be deleted when de main record is deleted.
Example:

Categories user_id <-- User user_id
(Category points will be deleted when user is deleted)

This is a MUST