Merge pull request #1346 from jonnybarnes/develop

MTM Laravel 11

.env.dusk.testing

@@ -0,0 +1,14 @@
+APP_ENV=testing
+APP_DEBUG=true
+APP_KEY=base64:6DJhvZLVjE6dD4Cqrteh+6Z5vZlG+v/soCKcDHLOAH0=
+APP_URL=http://localhost:8000
+APP_LONGURL=localhost
+APP_SHORTURL=local
+
+DB_CONNECTION=travis
+
+CACHE_DRIVER=array
+SESSION_DRIVER=file
+QUEUE_DRIVER=sync
+
+SCOUT_DRIVER=pgsql

.env.example

@@ -4,15 +4,15 @@ APP_KEY=
 APP_DEBUG=true
 APP_TIMEZONE=UTC
 APP_URL=https://example.com
+APP_LONGURL=example.com
+APP_SHORTURL=examp.le
 
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
 APP_FAKER_LOCALE=en_US
 
 APP_MAINTENANCE_DRIVER=file
-# APP_MAINTENANCE_STORE=database
-
-PHP_CLI_SERVER_WORKERS=4
+APP_MAINTENANCE_STORE=database
 
 BCRYPT_ROUNDS=12
 
@@ -39,7 +39,7 @@ FILESYSTEM_DISK=local
 QUEUE_CONNECTION=database
 
 CACHE_STORE=database
-# CACHE_PREFIX=
+CACHE_PREFIX=
 
 MEMCACHED_HOST=127.0.0.1
 
@@ -49,7 +49,6 @@ REDIS_PASSWORD=null
 REDIS_PORT=6379
 
 MAIL_MAILER=log
-MAIL_SCHEME=null
 MAIL_HOST=127.0.0.1
 MAIL_PORT=2525
 MAIL_USERNAME=null

.env.github

@@ -0,0 +1,70 @@
+APP_NAME=Laravel
+APP_ENV=testing
+APP_KEY=SomeRandomString # Leave this
+APP_DEBUG=false
+APP_LOG_LEVEL=warning
+
+DB_CONNECTION=pgsql
+DB_HOST=127.0.0.1
+DB_PORT=5432
+DB_DATABASE=jbukdev_testing
+DB_USERNAME=postgres
+DB_PASSWORD=postgres
+
+BROADCAST_DRIVER=log
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+QUEUE_DRIVER=sync
+
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+MAIL_DRIVER=smtp
+MAIL_HOST=smtp.mailtrap.io
+MAIL_PORT=2525
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+
+PUSHER_APP_ID=
+PUSHER_APP_KEY=
+PUSHER_APP_SECRET=
+
+AWS_S3_KEY=your-key
+AWS_S3_SECRET=your-secret
+AWS_S3_REGION=region
+AWS_S3_BUCKET=your-bucket
+AWS_S3_URL=https://xxxxxxx.s3-region.amazonaws.com
+
+APP_URL=https://example.com # This one is necessary
+APP_LONGURL=example.com
+APP_SHORTURL=examp.le
+
+ADMIN_USER=admin # pick something better, this is used for `/admin`
+ADMIN_PASS=password
+DISPLAY_NAME="Joe Bloggs" # This is used for example in the header and titles
+
+TWITTER_CONSUMER_KEY=
+TWITTER_CONSUMER_SECRET=
+TWITTER_ACCESS_TOKEN=
+TWITTER_ACCESS_TOKEN_SECRET=
+
+SCOUT_DRIVER=database
+SCOUT_QUEUE=false
+
+PIWIK=false
+
+FATHOM_ID=
+
+APP_TIMEZONE=UTC
+APP_LANG=en
+APP_LOG=daily
+SECURE_SESSION_COOKIE=true
+
+LOG_SLACK_WEBHOOK_URL=
+FLARE_KEY=
+
+FONT_LINK=
+
+BRIDGY_MASTODON_TOKEN=

.eslintrc.yml

@@ -0,0 +1,38 @@
+parserOptions:
+  sourceType: 'module'
+  ecmaVersion: 'latest'
+extends: 'eslint:recommended'
+env:
+  browser: true
+  es6: true
+ignorePatterns:
+  - webpack.config.js
+rules:
+  indent:
+    - error
+    - 2
+  linebreak-style:
+    - error
+    - unix
+  quotes:
+    - error
+    - single
+  semi:
+    - error
+    - always
+  no-console:
+    - error
+    - allow:
+      - warn
+      - error
+  no-await-in-loop:
+    - error
+  no-promise-executor-return:
+    - error
+  require-atomic-updates:
+    - error
+  max-nested-callbacks:
+    - error
+    - 3
+  prefer-promise-reject-errors:
+    - error

.gitattributes

@@ -5,3 +5,7 @@
 *.html diff=html
 *.md diff=markdown
 *.php diff=php
+
+/.github export-ignore
+CHANGELOG.md export-ignore
+.styleci.yml export-ignore

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+
+updates:
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/deploy.yml

@@ -0,0 +1,144 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    environment: Hetzner
+    env:
+      repository: 'jonnybarnes/jonnybarnes.uk'
+      newReleaseName: '${{ github.run_id }}'
+
+    steps:
+      - name: 🌍 Set Environment Variables
+        run: |
+          echo "releasesDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/releases" >> $GITHUB_ENV
+          echo "persistentDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent" >> $GITHUB_ENV
+          echo "currentDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/current" >> $GITHUB_ENV
+      - name: 🌎 Set Environment Variables Part 2
+        run: |
+          echo "newReleaseDir=${{ env.releasesDir }}/${{ env.newReleaseName }}" >> $GITHUB_ENV
+      - name: 🔄 Clone Repository
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEPLOYMENT_HOST }}
+          port: ${{ secrets.DEPLOYMENT_PORT }}
+          username: ${{ secrets.DEPLOYMENT_USER }}
+          key: ${{ secrets.DEPLOYMENT_KEY }}
+          script: |
+            [ -d ${{ env.releasesDir }} ] || mkdir ${{ env.releasesDir }}
+            [ -d ${{ env.persistentDir }} ] || mkdir ${{ env.persistentDir }}
+            [ -d ${{ env.persistentDir }}/storage ] || mkdir ${{ env.persistentDir }}/storage
+
+            cd ${{ env.releasesDir }}
+
+            # Create new release directory
+            mkdir ${{ env.newReleaseDir }}
+
+            # Clone app
+            git clone --depth 1 --branch ${{ github.ref_name }} https://github.com/${{ env.repository }} ${{ env.newReleaseName }}
+
+            # Mark release
+            cd ${{ env.newReleaseDir }}
+            echo "${{ env.newReleaseName }}" > public/release-name.txt
+
+            # Fix cache directory permissions
+            sudo chown -R ${{ secrets.HTTP_USER }}:${{ secrets.HTTP_USER }} bootstrap/cache
+
+      - name: 🎵 Run Composer
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEPLOYMENT_HOST }}
+          port: ${{ secrets.DEPLOYMENT_PORT }}
+          username: ${{ secrets.DEPLOYMENT_USER }}
+          key: ${{ secrets.DEPLOYMENT_KEY }}
+          script: |
+            cd ${{ env.newReleaseDir }}
+            composer install --prefer-dist --no-scripts --no-dev --no-progress --optimize-autoloader --quiet --no-interaction
+
+      - name: 🔗 Update Symlinks
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEPLOYMENT_HOST }}
+          port: ${{ secrets.DEPLOYMENT_PORT }}
+          username: ${{ secrets.DEPLOYMENT_USER }}
+          key: ${{ secrets.DEPLOYMENT_KEY }}
+          script: |
+            # Import the environment config
+            cd ${{ env.newReleaseDir }};
+            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/.env .env;
+
+            # Remove the storage directory and replace with persistent data
+            rm -rf ${{ env.newReleaseDir }}/storage;
+            cd ${{ env.newReleaseDir }};
+            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/storage storage;
+
+            # Remove the public/profile-images directory and replace with persistent data
+            rm -rf ${{ env.newReleaseDir }}/public/assets/profile-images;
+            cd ${{ env.newReleaseDir }};
+            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/profile-images public/assets/profile-images;
+
+            # Add the persistent files data
+            cd ${{ env.newReleaseDir }};
+            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/files public/files;
+
+            # Add the persistent fonts data
+            cd ${{ env.newReleaseDir }};
+            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/fonts public/fonts;
+
+      - name: ✨ Optimize Installation
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEPLOYMENT_HOST }}
+          port: ${{ secrets.DEPLOYMENT_PORT }}
+          username: ${{ secrets.DEPLOYMENT_USER }}
+          key: ${{ secrets.DEPLOYMENT_KEY }}
+          script: |
+            cd ${{ env.newReleaseDir }};
+            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan clear-compiled;
+
+      - name: 🙈 Migrate database
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEPLOYMENT_HOST }}
+          port: ${{ secrets.DEPLOYMENT_PORT }}
+          username: ${{ secrets.DEPLOYMENT_USER }}
+          key: ${{ secrets.DEPLOYMENT_KEY }}
+          script: |
+            cd ${{ env.newReleaseDir }}
+            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan migrate --force
+
+      - name: 🙏 Bless release
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEPLOYMENT_HOST }}
+          port: ${{ secrets.DEPLOYMENT_PORT }}
+          username: ${{ secrets.DEPLOYMENT_USER }}
+          key: ${{ secrets.DEPLOYMENT_KEY }}
+          script: |
+            ln -nfs ${{ env.newReleaseDir }} ${{ env.currentDir }};
+            cd ${{ env.newReleaseDir }}
+            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan horizon:terminate
+            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan config:cache
+            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan event:cache
+            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan route:cache
+            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan view:cache
+
+            sudo systemctl restart php-fpm.service
+            sudo systemctl restart jbuk-horizon.service
+
+      - name: 🚾 Clean up old releases
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEPLOYMENT_HOST }}
+          port: ${{ secrets.DEPLOYMENT_PORT }}
+          username: ${{ secrets.DEPLOYMENT_USER }}
+          key: ${{ secrets.DEPLOYMENT_KEY }}
+          script: |
+            fd '.+' ${{ env.releasesDir }} -d 1 | head -n -3 | xargs -d "\n" -I'{}' sudo chown -R ${{ secrets.DEPLOYMENT_USER }}:${{ secrets.DEPLOYMENT_USER }} {}
+            fd '.+' ${{ env.releasesDir }} -d 1 | head -n -3 | xargs -d "\n" -I'{}' rm -rf {}

.github/workflows/phpunit.yml

@@ -0,0 +1,65 @@
+name: PHP Unit
+
+on:
+  pull_request:
+
+jobs:
+  phpunit:
+    runs-on: ubuntu-latest
+
+    name: PHPUnit test suite
+
+    services:
+      postgres:
+        image: postgres:latest
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: jbukdev_testing
+        ports:
+          - 5432:5432
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.3'
+          extensions: mbstring, intl, phpredis, imagick
+          coverage: xdebug
+          tools: phpunit
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Copy .env
+        run: php -r "file_exists('.env') || copy('.env.github', '.env');"
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-php-8.3-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-php-8.3-composer-
+
+      - name: Install Composer Dependencies
+        run: composer install --quiet --no-ansi --no-interaction --no-progress
+
+      - name: Generate Key
+        run: php artisan key:generate
+
+      - name: Setup Directory Permissions
+        run: chmod -R 777 storage bootstrap/cache
+
+      - name: Setup Database
+        run: php artisan migrate
+
+      - name: Execute PHPUnit Tests
+        run: vendor/bin/phpunit

.github/workflows/pint.yml

@@ -0,0 +1,38 @@
+name: Laravel Pint
+
+on:
+  pull_request:
+
+jobs:
+  pint:
+    runs-on: ubuntu-latest
+
+    name: Laravel Pint
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup PHP with pecl extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.2'
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Install Composer Dependencies
+        run: composer install --quiet --no-ansi --no-interaction --no-progress
+
+      - name: Check Files with Laravel Pint
+        run: vendor/bin/pint --test

.gitignore

@@ -4,6 +4,7 @@
 /public/coverage
 /public/hot
 /public/files
+/public/fonts
 /public/storage
 /storage/*.key
 /vendor
@@ -20,5 +21,3 @@ yarn-error.log
 /.idea
 /.vscode
 ray.php
-/public/gpg.key
-/public/assets/img/favicon.png

.styleci.yml

@@ -0,0 +1,9 @@
+php:
+  preset: laravel
+  disabled:
+    - no_unused_imports
+  finder:
+    not-name:
+      - index.php
+js: true
+css: true

app/Console/Commands/CopyMediaToLocal.php

@@ -1,69 +0,0 @@
-<?php
-
-namespace App\Console\Commands;
-
-use App\Models\Media;
-use Illuminate\Console\Command;
-use Illuminate\Support\Facades\Storage;
-
-class CopyMediaToLocal extends Command
-{
-    /**
-     * The name and signature of the console command.
-     *
-     * @var string
-     */
-    protected $signature = 'app:copy-media-to-local';
-
-    /**
-     * The console command description.
-     *
-     * @var string
-     */
-    protected $description = 'Copy any historic media saved to S3 to the local filesystem';
-
-    /**
-     * Execute the console command.
-     */
-    public function handle()
-    {
-        // Load all the Media records
-        $media = Media::all();
-
-        // Loop through each media record and copy the file from S3 to the local filesystem
-        foreach ($media as $mediaItem) {
-            $filename = $mediaItem->path;
-
-            $this->info('Processing: ' . $filename);
-
-            // If the file is already saved locally skip to next one
-            if (Storage::disk('local')->exists('public/' . $filename)) {
-                $this->info('File already exists locally, skipping');
-
-                continue;
-            }
-
-            // Copy the file from S3 to the local filesystem
-            if (! Storage::disk('s3')->exists($filename)) {
-                $this->error('File does not exist on S3');
-
-                continue;
-            }
-            $contents = Storage::disk('s3')->get($filename);
-            Storage::disk('local')->put('public/' . $filename, $contents);
-
-            // Copy -medium and -small versions if they exist
-            $filenameParts = explode('.', $filename);
-            $extension = array_pop($filenameParts);
-            $basename = trim(implode('.', $filenameParts), '.');
-            $mediumFilename = $basename . '-medium.' . $extension;
-            $smallFilename = $basename . '-small.' . $extension;
-            if (Storage::disk('s3')->exists($mediumFilename)) {
-                Storage::disk('local')->put('public/' . $mediumFilename, Storage::disk('s3')->get($mediumFilename));
-            }
-            if (Storage::disk('s3')->exists($smallFilename)) {
-                Storage::disk('local')->put('public/' . $smallFilename, Storage::disk('s3')->get($smallFilename));
-            }
-        }
-    }
-}

app/Console/Commands/MigratePlaceDataFromPostgis.php

@@ -8,6 +8,8 @@ use Illuminate\Support\Facades\DB;
 
 /**
  * @codeCoverageIgnore
+ *
+ * @psalm-suppress UnusedClass
  */
 class MigratePlaceDataFromPostgis extends Command
 {

app/Console/Commands/ParseCachedWebMentions.php

@@ -9,6 +9,9 @@ use Illuminate\Console\Command;
 use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use Illuminate\FileSystem\FileSystem;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class ParseCachedWebMentions extends Command
 {
     /**
@@ -34,7 +37,7 @@ class ParseCachedWebMentions extends Command
     {
         $htmlFiles = $filesystem->allFiles(storage_path() . '/HTML');
         foreach ($htmlFiles as $file) {
-            if ($file->getExtension() !== 'backup') { // we don’t want to parse `.backup` files
+            if ($file->getExtension() !== 'backup') { //we don’t want to parse `.backup` files
                 $filepath = $file->getPathname();
                 $this->info('Loading HTML from: ' . $filepath);
                 $html = $filesystem->get($filepath);

app/Console/Commands/ReDownloadWebMentions.php

@@ -8,6 +8,9 @@ use App\Jobs\DownloadWebMention;
 use App\Models\WebMention;
 use Illuminate\Console\Command;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class ReDownloadWebMentions extends Command
 {
     /**

app/Console/Commands/UpdateWebmentionsRelationship.php

@@ -1,36 +0,0 @@
-<?php
-
-namespace App\Console\Commands;
-
-use App\Models\Note;
-use Illuminate\Console\Command;
-use Illuminate\Support\Facades\DB;
-
-class UpdateWebmentionsRelationship extends Command
-{
-    /**
-     * The name and signature of the console command.
-     *
-     * @var string
-     */
-    protected $signature = 'webmentions:update-model-relationship';
-
-    /**
-     * The console command description.
-     *
-     * @var string
-     */
-    protected $description = 'Update webmentions to relate to the correct note model class';
-
-    /**
-     * Execute the console command.
-     */
-    public function handle()
-    {
-        DB::table('webmentions')
-            ->where('commentable_type', '=', 'App\Model\Note')
-            ->update(['commentable_type' => Note::class]);
-
-        $this->info('All webmentions updated to relate to the correct note model class');
-    }
-}

app/Exceptions/InternetArchiveException.php

@@ -2,4 +2,6 @@
 
 namespace App\Exceptions;
 
-class InternetArchiveException extends \Exception {}
+class InternetArchiveException extends \Exception
+{
+}

app/Exceptions/InvalidTokenScopeException.php

@@ -1,7 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Exceptions;
-
-class InvalidTokenScopeException extends \Exception {}

app/Exceptions/MicropubHandlerException.php

@@ -1,7 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Exceptions;
-
-class MicropubHandlerException extends \Exception {}

app/Exceptions/RemoteContentNotFoundException.php

@@ -6,5 +6,5 @@ use Exception;
 
 class RemoteContentNotFoundException extends Exception
 {
-    // used when guzzle can’t find the remote content
+    //used when guzzle can’t find the remote content
 }

app/Http/Controllers/Admin/ArticlesController.php

@@ -9,6 +9,9 @@ use App\Models\Article;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class ArticlesController extends Controller
 {
     public function index(): View
@@ -27,7 +30,7 @@ class ArticlesController extends Controller
 
     public function store(): RedirectResponse
     {
-        // if a `.md` is attached use that for the main content.
+        //if a `.md` is attached use that for the main content.
         if (request()->hasFile('article')) {
             $file = request()->file('article')->openFile();
             $content = $file->fread($file->getSize());

app/Http/Controllers/Admin/BioController.php

@@ -10,6 +10,9 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class BioController extends Controller
 {
     public function show(): View

app/Http/Controllers/Admin/ClientsController.php

@@ -9,6 +9,9 @@ use App\Models\MicropubClient;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class ClientsController extends Controller
 {
     /**

app/Http/Controllers/Admin/ContactsController.php

@@ -12,6 +12,9 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Arr;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class ContactsController extends Controller
 {
     /**
@@ -37,7 +40,7 @@ class ContactsController extends Controller
      */
     public function store(): RedirectResponse
     {
-        $contact = new Contact;
+        $contact = new Contact();
         $contact->name = request()->input('name');
         $contact->nick = request()->input('nick');
         $contact->homepage = request()->input('homepage');
@@ -76,7 +79,7 @@ class ContactsController extends Controller
         if (request()->hasFile('avatar') && (request()->input('homepage') != '')) {
             $dir = parse_url(request()->input('homepage'), PHP_URL_HOST);
             $destination = public_path() . '/assets/profile-images/' . $dir;
-            $filesystem = new Filesystem;
+            $filesystem = new Filesystem();
             if ($filesystem->isDirectory($destination) === false) {
                 $filesystem->makeDirectory($destination);
             }
@@ -136,7 +139,7 @@ class ContactsController extends Controller
             }
             if ($avatar !== null) {
                 $directory = public_path() . '/assets/profile-images/' . parse_url($contact->homepage, PHP_URL_HOST);
-                $filesystem = new Filesystem;
+                $filesystem = new Filesystem();
                 if ($filesystem->isDirectory($directory) === false) {
                     $filesystem->makeDirectory($directory);
                 }

app/Http/Controllers/Admin/HomeController.php

@@ -7,6 +7,9 @@ namespace App\Http\Controllers\Admin;
 use App\Http\Controllers\Controller;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class HomeController extends Controller
 {
     /**

app/Http/Controllers/Admin/LikesController.php

@@ -10,6 +10,9 @@ use App\Models\Like;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class LikesController extends Controller
 {
     /**

app/Http/Controllers/Admin/NotesController.php

@@ -11,6 +11,9 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class NotesController extends Controller
 {
     /**
@@ -64,7 +67,7 @@ class NotesController extends Controller
      */
     public function update(int $noteId): RedirectResponse
     {
-        // update note data
+        //update note data
         $note = Note::findOrFail($noteId);
         $note->note = request()->input('content');
         $note->in_reply_to = request()->input('in-reply-to');

app/Http/Controllers/Admin/PasskeysController.php

@@ -18,8 +18,8 @@ use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\View\View;
 use ParagonIE\ConstantTime\Base64UrlSafe;
-use Random\RandomException;
 use Throwable;
+use Webauthn\AttestationStatement\AttestationObjectLoader;
 use Webauthn\AttestationStatement\AttestationStatementSupportManager;
 use Webauthn\AttestationStatement\NoneAttestationStatementSupport;
 use Webauthn\AuthenticationExtensions\ExtensionOutputCheckerHandler;
@@ -28,17 +28,18 @@ use Webauthn\AuthenticatorAssertionResponseValidator;
 use Webauthn\AuthenticatorAttestationResponse;
 use Webauthn\AuthenticatorAttestationResponseValidator;
 use Webauthn\AuthenticatorSelectionCriteria;
-use Webauthn\CeremonyStep\CeremonyStepManagerFactory;
-use Webauthn\Denormalizer\WebauthnSerializerFactory;
 use Webauthn\Exception\WebauthnException;
-use Webauthn\PublicKeyCredential;
 use Webauthn\PublicKeyCredentialCreationOptions;
+use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialParameters;
 use Webauthn\PublicKeyCredentialRequestOptions;
 use Webauthn\PublicKeyCredentialRpEntity;
 use Webauthn\PublicKeyCredentialSource;
 use Webauthn\PublicKeyCredentialUserEntity;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class PasskeysController extends Controller
 {
     public function index(): View
@@ -50,26 +51,22 @@ class PasskeysController extends Controller
         return view('admin.passkeys.index', compact('passkeys'));
     }
 
-    /**
-     * @throws RandomException
-     * @throws \JsonException
-     */
-    public function getCreateOptions(Request $request): JsonResponse
+    public function getCreateOptions(): JsonResponse
     {
         /** @var User $user */
         $user = auth()->user();
 
         // RP Entity i.e. the application
         $rpEntity = PublicKeyCredentialRpEntity::create(
-            name: config('app.name'),
-            id: config('app.url'),
+            config('app.name'),
+            config('url.longurl'),
         );
 
         // User Entity
         $userEntity = PublicKeyCredentialUserEntity::create(
-            name: $user->name,
-            id: (string) $user->id,
-            displayName: $user->name,
+            $user->name,
+            (string) $user->id,
+            $user->name,
         );
 
         // Challenge
@@ -87,100 +84,70 @@ class PasskeysController extends Controller
         $authenticatorSelectionCriteria = AuthenticatorSelectionCriteria::create(
             userVerification: AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED,
             residentKey: AuthenticatorSelectionCriteria::RESIDENT_KEY_REQUIREMENT_REQUIRED,
+            requireResidentKey: true,
         );
 
-        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
-            rp: $rpEntity,
-            user: $userEntity,
-            challenge: $challenge,
-            pubKeyCredParams: $pubKeyCredParams,
+        $options = PublicKeyCredentialCreationOptions::create(
+            $rpEntity,
+            $userEntity,
+            $challenge,
+            $pubKeyCredParams,
             authenticatorSelection: $authenticatorSelectionCriteria,
             attestation: PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE
         );
 
-        $attestationStatementSupportManager = new AttestationStatementSupportManager;
-        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
-        $webauthnSerializerFactory = new WebauthnSerializerFactory(
-            attestationStatementSupportManager: $attestationStatementSupportManager
-        );
-        $webauthnSerializer = $webauthnSerializerFactory->create();
-        $publicKeyCredentialCreationOptions = $webauthnSerializer->serialize(
-            data: $publicKeyCredentialCreationOptions,
-            format: 'json'
-        );
+        $options = json_encode($options, JSON_THROW_ON_ERROR);
 
-        $request->session()->put('create_options', $publicKeyCredentialCreationOptions);
+        session(['create_options' => $options]);
 
-        return JsonResponse::fromJsonString($publicKeyCredentialCreationOptions);
+        return JsonResponse::fromJsonString($options);
     }
 
-    /**
-     * @throws Throwable
-     * @throws WebauthnException
-     * @throws \JsonException
-     */
     public function create(Request $request): JsonResponse
     {
         /** @var User $user */
         $user = auth()->user();
 
         $publicKeyCredentialCreationOptionsData = session('create_options');
-        // Unset session data to mitigate replay attacks
-        $request->session()->forget('create_options');
         if (empty($publicKeyCredentialCreationOptionsData)) {
             throw new WebAuthnException('No public key credential request options found');
         }
+        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::createFromString($publicKeyCredentialCreationOptionsData);
 
-        $attestationStatementSupportManager = new AttestationStatementSupportManager;
-        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
-        $webauthnSerializerFactory = new WebauthnSerializerFactory(
-            attestationStatementSupportManager: $attestationStatementSupportManager
-        );
-        $webauthnSerializer = $webauthnSerializerFactory->create();
+        // Unset session data to mitigate replay attacks
+        session()->forget('create_options');
 
-        $publicKeyCredential = $webauthnSerializer->deserialize(
-            json_encode($request->all(), JSON_THROW_ON_ERROR),
-            PublicKeyCredential::class,
-            'json'
-        );
+        $attestationSupportManager = AttestationStatementSupportManager::create();
+        $attestationSupportManager->add(NoneAttestationStatementSupport::create());
+        $attestationObjectLoader = AttestationObjectLoader::create($attestationSupportManager);
+        $publicKeyCredentialLoader = PublicKeyCredentialLoader::create($attestationObjectLoader);
+
+        $publicKeyCredential = $publicKeyCredentialLoader->load(json_encode($request->all(), JSON_THROW_ON_ERROR));
 
         if (! $publicKeyCredential->response instanceof AuthenticatorAttestationResponse) {
             throw new WebAuthnException('Invalid response type');
         }
 
-        $algorithmManager = new Manager;
-        $algorithmManager->add(new Ed25519);
-        $algorithmManager->add(new ES256);
-        $algorithmManager->add(new RS256);
-
-        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory;
-        $ceremonyStepManagerFactory->setAlgorithmManager($algorithmManager);
-        $ceremonyStepManagerFactory->setAttestationStatementSupportManager(
-            $attestationStatementSupportManager
-        );
-        $ceremonyStepManagerFactory->setExtensionOutputCheckerHandler(
-            ExtensionOutputCheckerHandler::create()
-        );
-        $allowedOrigins = [];
-        if (App::environment('local', 'development')) {
-            $allowedOrigins = [config('app.url')];
-        }
-        $ceremonyStepManagerFactory->setAllowedOrigins($allowedOrigins);
+        $attestationStatementSupportManager = AttestationStatementSupportManager::create();
+        $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
 
         $authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
-            ceremonyStepManager: $ceremonyStepManagerFactory->creationCeremony()
+            attestationStatementSupportManager: $attestationStatementSupportManager,
+            publicKeyCredentialSourceRepository: null,
+            tokenBindingHandler: null,
+            extensionOutputCheckerHandler: ExtensionOutputCheckerHandler::create(),
         );
 
-        $publicKeyCredentialCreationOptions = $webauthnSerializer->deserialize(
-            $publicKeyCredentialCreationOptionsData,
-            PublicKeyCredentialCreationOptions::class,
-            'json'
-        );
+        $securedRelyingPartyId = [];
+        if (App::environment('local', 'development')) {
+            $securedRelyingPartyId = [config('url.longurl')];
+        }
 
         $publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
             authenticatorAttestationResponse: $publicKeyCredential->response,
             publicKeyCredentialCreationOptions: $publicKeyCredentialCreationOptions,
-            host: config('app.url')
+            request: config('url.longurl'),
+            securedRelyingPartyId: $securedRelyingPartyId,
         );
 
         $user->passkey()->create([
@@ -194,37 +161,24 @@ class PasskeysController extends Controller
         ]);
     }
 
-    /**
-     * @throws RandomException
-     * @throws \JsonException
-     */
-    public function getRequestOptions(Request $request): JsonResponse
+    public function getRequestOptions(): JsonResponse
     {
         $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::create(
             challenge: random_bytes(16),
             userVerification: PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_REQUIRED
         );
 
-        $attestationStatementSupportManager = AttestationStatementSupportManager::create();
-        $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
-        $factory = new WebauthnSerializerFactory(
-            attestationStatementSupportManager: $attestationStatementSupportManager
-        );
-        $serializer = $factory->create();
-        $publicKeyCredentialRequestOptions = $serializer->serialize(data: $publicKeyCredentialRequestOptions, format: 'json');
+        $publicKeyCredentialRequestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_THROW_ON_ERROR);
 
-        $request->session()->put('request_options', $publicKeyCredentialRequestOptions);
+        session(['request_options' => $publicKeyCredentialRequestOptions]);
 
         return JsonResponse::fromJsonString($publicKeyCredentialRequestOptions);
     }
 
-    /**
-     * @throws \JsonException
-     */
     public function login(Request $request): JsonResponse
     {
         $requestOptions = session('request_options');
-        $request->session()->forget('request_options');
+        session()->forget('request_options');
 
         if (empty($requestOptions)) {
             return response()->json([
@@ -233,19 +187,14 @@ class PasskeysController extends Controller
             ], 400);
         }
 
-        $attestationStatementSupportManager = new AttestationStatementSupportManager;
-        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
+        $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::createFromString($requestOptions);
 
-        $webauthnSerializerFactory = new WebauthnSerializerFactory(
-            attestationStatementSupportManager: $attestationStatementSupportManager
-        );
-        $webauthnSerializer = $webauthnSerializerFactory->create();
+        $attestationSupportManager = AttestationStatementSupportManager::create();
+        $attestationSupportManager->add(NoneAttestationStatementSupport::create());
+        $attestationObjectLoader = AttestationObjectLoader::create($attestationSupportManager);
+        $publicKeyCredentialLoader = PublicKeyCredentialLoader::create($attestationObjectLoader);
 
-        $publicKeyCredential = $webauthnSerializer->deserialize(
-            json_encode($request->all(), JSON_THROW_ON_ERROR),
-            PublicKeyCredential::class,
-            'json'
-        );
+        $publicKeyCredential = $publicKeyCredentialLoader->load(json_encode($request->all(), JSON_THROW_ON_ERROR));
 
         if (! $publicKeyCredential->response instanceof AuthenticatorAssertionResponse) {
             return response()->json([
@@ -262,51 +211,33 @@ class PasskeysController extends Controller
             ], 404);
         }
 
-        $publicKeyCredentialSource = $webauthnSerializer->deserialize(
-            $passkey->passkey,
-            PublicKeyCredentialSource::class,
-            'json'
+        $credential = PublicKeyCredentialSource::createFromArray(json_decode($passkey->passkey, true, 512, JSON_THROW_ON_ERROR));
+
+        $algorithmManager = Manager::create();
+        $algorithmManager->add(new Ed25519());
+        $algorithmManager->add(new ES256());
+        $algorithmManager->add(new RS256());
+
+        $authenticatorAssertionResponseValidator = new AuthenticatorAssertionResponseValidator(
+            publicKeyCredentialSourceRepository: null,
+            tokenBindingHandler: null,
+            extensionOutputCheckerHandler: ExtensionOutputCheckerHandler::create(),
+            algorithmManager: $algorithmManager,
         );
 
-        $algorithmManager = new Manager;
-        $algorithmManager->add(new Ed25519);
-        $algorithmManager->add(new ES256);
-        $algorithmManager->add(new RS256);
-
-        $attestationStatementSupportManager = new AttestationStatementSupportManager;
-        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
-
-        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory;
-        $ceremonyStepManagerFactory->setAlgorithmManager($algorithmManager);
-        $ceremonyStepManagerFactory->setAttestationStatementSupportManager(
-            $attestationStatementSupportManager
-        );
-        $ceremonyStepManagerFactory->setExtensionOutputCheckerHandler(
-            ExtensionOutputCheckerHandler::create()
-        );
-        $allowedOrigins = [];
+        $securedRelyingPartyId = [];
         if (App::environment('local', 'development')) {
-            $allowedOrigins = [config('app.url')];
+            $securedRelyingPartyId = [config('url.longurl')];
         }
-        $ceremonyStepManagerFactory->setAllowedOrigins($allowedOrigins);
-
-        $authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
-            ceremonyStepManager: $ceremonyStepManagerFactory->requestCeremony()
-        );
-
-        $publicKeyCredentialRequestOptions = $webauthnSerializer->deserialize(
-            $requestOptions,
-            PublicKeyCredentialRequestOptions::class,
-            'json'
-        );
 
         try {
             $authenticatorAssertionResponseValidator->check(
-                publicKeyCredentialSource: $publicKeyCredentialSource,
+                credentialId: $credential,
                 authenticatorAssertionResponse: $publicKeyCredential->response,
                 publicKeyCredentialRequestOptions: $publicKeyCredentialRequestOptions,
-                host: config('app.url'),
+                request: config('url.longurl'),
                 userHandle: null,
+                securedRelyingPartyId: $securedRelyingPartyId,
             );
         } catch (Throwable) {
             return response()->json([

app/Http/Controllers/Admin/PlacesController.php

@@ -10,6 +10,9 @@ use App\Services\PlaceService;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class PlacesController extends Controller
 {
     protected PlaceService $placeService;

app/Http/Controllers/Admin/SyndicationTargetsController.php

@@ -10,6 +10,9 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class SyndicationTargetsController extends Controller
 {
     /**

app/Http/Controllers/ArticlesController.php

@@ -10,6 +10,9 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 use Jonnybarnes\IndieWeb\Numbers;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class ArticlesController extends Controller
 {
     /**

app/Http/Controllers/AuthController.php

@@ -9,6 +9,9 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class AuthController extends Controller
 {
     /**

app/Http/Controllers/BookmarksController.php

@@ -7,6 +7,9 @@ namespace App\Http\Controllers;
 use App\Models\Bookmark;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class BookmarksController extends Controller
 {
     /**

app/Http/Controllers/ContactsController.php

@@ -8,6 +8,9 @@ use App\Models\Contact;
 use Illuminate\Filesystem\Filesystem;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class ContactsController extends Controller
 {
     /**
@@ -15,7 +18,7 @@ class ContactsController extends Controller
      */
     public function index(): View
     {
-        $filesystem = new Filesystem;
+        $filesystem = new Filesystem();
         $contacts = Contact::all();
         foreach ($contacts as $contact) {
             $contact->homepageHost = parse_url($contact->homepage, PHP_URL_HOST);
@@ -37,7 +40,7 @@ class ContactsController extends Controller
         $contact->homepageHost = parse_url($contact->homepage, PHP_URL_HOST);
         $file = public_path() . '/assets/profile-images/' . $contact->homepageHost . '/image';
 
-        $filesystem = new Filesystem;
+        $filesystem = new Filesystem();
         $image = ($filesystem->exists($file)) ?
             '/assets/profile-images/' . $contact->homepageHost . '/image'
         :

app/Http/Controllers/FeedsController.php

@@ -9,6 +9,9 @@ use App\Models\Note;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Response;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class FeedsController extends Controller
 {
     /**
@@ -119,8 +122,8 @@ class FeedsController extends Controller
 
         foreach ($notes as $key => $note) {
             $data['items'][$key] = [
-                'id' => $note->uri,
-                'url' => $note->uri,
+                'id' => $note->longurl,
+                'url' => $note->longurl,
                 'content_text' => $note->content,
                 'date_published' => $note->created_at->tz('UTC')->toRfc3339String(),
                 'date_modified' => $note->updated_at->tz('UTC')->toRfc3339String(),
@@ -161,7 +164,7 @@ class FeedsController extends Controller
             'author' => [
                 'type' => 'card',
                 'name' => config('user.display_name'),
-                'url' => config('app.url'),
+                'url' => config('url.longurl'),
             ],
             'children' => $items,
         ], 200, [
@@ -180,8 +183,8 @@ class FeedsController extends Controller
             $items[] = [
                 'type' => 'entry',
                 'published' => $note->created_at,
-                'uid' => $note->uri,
-                'url' => $note->uri,
+                'uid' => $note->longurl,
+                'url' => $note->longurl,
                 'content' => [
                     'text' => $note->getRawOriginal('note'),
                     'html' => $note->note,
@@ -197,7 +200,7 @@ class FeedsController extends Controller
             'author' => [
                 'type' => 'card',
                 'name' => config('user.display_name'),
-                'url' => config('app.url'),
+                'url' => config('url.longurl'),
             ],
             'children' => $items,
         ], 200, [

app/Http/Controllers/FrontPageController.php

@@ -10,6 +10,9 @@ use App\Models\Note;
 use Illuminate\Http\Response;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class FrontPageController extends Controller
 {
     /**

app/Http/Controllers/IndieAuthController.php

@@ -1,327 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Controllers;
-
-use App\Services\TokenService;
-use Exception;
-use GuzzleHttp\Client;
-use GuzzleHttp\Psr7\Uri;
-use Illuminate\Http\JsonResponse;
-use Illuminate\Http\RedirectResponse;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Cache;
-use Illuminate\Support\Facades\Validator;
-use Illuminate\View\View;
-use Random\RandomException;
-use SodiumException;
-
-class IndieAuthController extends Controller
-{
-    public function indieAuthMetadataEndpoint(): JsonResponse
-    {
-        return response()->json([
-            'issuer' => config('app.url'),
-            'authorization_endpoint' => route('indieauth.start'),
-            'token_endpoint' => route('indieauth.token'),
-            'code_challenge_methods_supported' => ['S256'],
-            // 'introspection_endpoint' => route('indieauth.introspection'),
-            // 'introspection_endpoint_auth_methods_supported' => ['none'],
-        ]);
-    }
-
-    /**
-     * Process a GET request to the IndieAuth endpoint.
-     *
-     * This is the first step in the IndieAuth flow, where the client app sends the user to the IndieAuth endpoint.
-     */
-    public function start(Request $request): View
-    {
-        // First check all required params are present
-        $validator = Validator::make($request->all(), [
-            'response_type' => 'required:string',
-            'client_id' => 'required',
-            'redirect_uri' => 'required',
-            'state' => 'required',
-            'code_challenge' => 'required:string',
-            'code_challenge_method' => 'required:string',
-        ], [
-            'response_type' => 'response_type is required',
-            'client_id.required' => 'client_id is required to display which app is asking for authentication',
-            'redirect_uri.required' => 'redirect_uri is required so we can progress successful requests',
-            'state.required' => 'state is required',
-            'code_challenge.required' => 'code_challenge is required',
-            'code_challenge_method.required' => 'code_challenge_method is required',
-        ]);
-
-        if ($validator->fails()) {
-            return view('indieauth.error')->withErrors($validator);
-        }
-
-        if ($request->get('response_type') !== 'code') {
-            return view('indieauth.error')->withErrors(['response_type' => 'only a response_type of "code" is supported']);
-        }
-
-        if (mb_strtoupper($request->get('code_challenge_method')) !== 'S256') {
-            return view('indieauth.error')->withErrors(['code_challenge_method' => 'only a code_challenge_method of "S256" is supported']);
-        }
-
-        if (! $this->isValidRedirectUri($request->get('client_id'), $request->get('redirect_uri'))) {
-            return view('indieauth.error')->withErrors(['redirect_uri' => 'redirect_uri is not valid for this client_id']);
-        }
-
-        $scopes = $request->get('scope', '');
-        $scopes = explode(' ', $scopes);
-
-        return view('indieauth.start', [
-            'me' => $request->get('me'),
-            'client_id' => $request->get('client_id'),
-            'redirect_uri' => $request->get('redirect_uri'),
-            'state' => $request->get('state'),
-            'scopes' => $scopes,
-            'code_challenge' => $request->get('code_challenge'),
-            'code_challenge_method' => $request->get('code_challenge_method'),
-        ]);
-    }
-
-    /**
-     * Confirm an IndieAuth approval request.
-     *
-     * Generates an auth code and redirects the user back to the client app.
-     *
-     * @throws RandomException
-     */
-    public function confirm(Request $request): RedirectResponse
-    {
-        $authCode = bin2hex(random_bytes(16));
-
-        $cacheKey = hash('xxh3', $request->get('client_id'));
-
-        $indieAuthRequestData = [
-            'code_challenge' => $request->get('code_challenge'),
-            'code_challenge_method' => $request->get('code_challenge_method'),
-            'client_id' => $request->get('client_id'),
-            'redirect_uri' => $request->get('redirect_uri'),
-            'auth_code' => $authCode,
-            'scope' => implode(' ', $request->get('scope', '')),
-        ];
-
-        Cache::put($cacheKey, $indieAuthRequestData, now()->addMinutes(10));
-
-        $redirectUri = new Uri($request->get('redirect_uri'));
-        $redirectUri = Uri::withQueryValues($redirectUri, [
-            'code' => $authCode,
-            'state' => $request->get('state'),
-            'iss' => config('app.url'),
-        ]);
-
-        return redirect()->away($redirectUri);
-    }
-
-    /**
-     * Process a POST request to the IndieAuth auth endpoint.
-     *
-     * This is one possible second step in the IndieAuth flow, where the client app sends the auth code to the IndieAuth
-     * endpoint. As it is to the auth endpoint we return profile information. A similar request can be made to the token
-     * endpoint to get an access token.
-     */
-    public function processCodeExchange(Request $request): JsonResponse
-    {
-        $invalidCodeResponse = $this->validateAuthorizationCode($request);
-
-        if ($invalidCodeResponse instanceof JsonResponse) {
-            return $invalidCodeResponse;
-        }
-
-        return response()->json([
-            'me' => config('app.url'),
-        ]);
-    }
-
-    /**
-     * Process a POST request to the IndieAuth token endpoint.
-     *
-     * This is another possible second step in the IndieAuth flow, where the client app sends the auth code to the
-     * IndieAuth token endpoint. As it is to the token endpoint we return an access token.
-     *
-     * @throws SodiumException
-     */
-    public function processTokenRequest(Request $request): JsonResponse
-    {
-        $indieAuthData = $this->validateAuthorizationCode($request);
-
-        if ($indieAuthData instanceof JsonResponse) {
-            return $indieAuthData;
-        }
-
-        if ($indieAuthData['scope'] === '') {
-            return response()->json(['errors' => [
-                'scope' => [
-                    'The scope property must be non-empty for an access token to be issued.',
-                ],
-            ]], 400);
-        }
-
-        $tokenData = [
-            'me' => config('app.url'),
-            'client_id' => $request->get('client_id'),
-            'scope' => $indieAuthData['scope'],
-        ];
-        $tokenService = resolve(TokenService::class);
-        $token = $tokenService->getNewToken($tokenData);
-
-        return response()->json([
-            'access_token' => $token,
-            'token_type' => 'Bearer',
-            'scope' => $indieAuthData['scope'],
-            'me' => config('app.url'),
-        ]);
-    }
-
-    protected function isValidRedirectUri(string $clientId, string $redirectUri): bool
-    {
-        // If client_id is not a valid URL, then it's not valid
-        $clientIdParsed = \Mf2\parseUriToComponents($clientId);
-        if (! isset($clientIdParsed['authority'])) {
-            return false;
-        }
-
-        // If redirect_uri is not a valid URL, then it's not valid
-        $redirectUriParsed = \Mf2\parseUriToComponents($redirectUri);
-        if (! isset($redirectUriParsed['authority'])) {
-            return false;
-        }
-
-        // If client_id and redirect_uri are the same host, then it's valid
-        if ($clientIdParsed['authority'] === $redirectUriParsed['authority']) {
-            return true;
-        }
-
-        // Otherwise we need to check the redirect_uri is in the client_id's redirect_uris
-        $guzzle = resolve(Client::class);
-
-        try {
-            $clientInfo = $guzzle->get($clientId);
-        } catch (Exception) {
-            return false;
-        }
-
-        $clientInfoParsed = \Mf2\parse($clientInfo->getBody()->getContents(), $clientId);
-
-        $redirectUris = $clientInfoParsed['rels']['redirect_uri'] ?? [];
-
-        return in_array($redirectUri, $redirectUris, true);
-    }
-
-    /**
-     * @throws SodiumException
-     */
-    protected function validateAuthorizationCode(Request $request): JsonResponse|array
-    {
-        // First check all the data is present
-        $validator = Validator::make($request->all(), [
-            'grant_type' => 'required:string',
-            'code' => 'required:string',
-            'client_id' => 'required',
-            'redirect_uri' => 'required',
-            'code_verifier' => 'required',
-        ]);
-
-        if ($validator->fails()) {
-            return response()->json(['errors' => $validator->errors()], 400);
-        }
-
-        if ($request->get('grant_type') !== 'authorization_code') {
-            return response()->json(['errors' => [
-                'grant_type' => [
-                    'Only a grant type of "authorization_code" is supported.',
-                ],
-            ]], 400);
-        }
-
-        // Check cache for auth code
-        $cacheKey = hash('xxh3', $request->get('client_id'));
-        $indieAuthRequestData = Cache::pull($cacheKey);
-
-        if ($indieAuthRequestData === null) {
-            return response()->json(['errors' => [
-                'code' => [
-                    'The code is invalid.',
-                ],
-            ]], 404);
-        }
-
-        // Check the IndieAuth code
-        if (! array_key_exists('auth_code', $indieAuthRequestData)) {
-            return response()->json(['errors' => [
-                'code' => [
-                    'The code is invalid.',
-                ],
-            ]], 400);
-        }
-        if ($indieAuthRequestData['auth_code'] !== $request->get('code')) {
-            return response()->json(['errors' => [
-                'code' => [
-                    'The code is invalid.',
-                ],
-            ]], 400);
-        }
-
-        // Check code verifier
-        if (! array_key_exists('code_challenge', $indieAuthRequestData)) {
-            return response()->json(['errors' => [
-                'code_verifier' => [
-                    'The code verifier is invalid.',
-                ],
-            ]], 400);
-        }
-        if (! hash_equals(
-            $indieAuthRequestData['code_challenge'],
-            sodium_bin2base64(
-                hash('sha256', $request->get('code_verifier'), true),
-                SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING
-            )
-        )) {
-            return response()->json(['errors' => [
-                'code_verifier' => [
-                    'The code verifier is invalid.',
-                ],
-            ]], 400);
-        }
-
-        // Check redirect_uri
-        if (! array_key_exists('redirect_uri', $indieAuthRequestData)) {
-            return response()->json(['errors' => [
-                'redirect_uri' => [
-                    'The redirect uri is invalid.',
-                ],
-            ]], 400);
-        }
-        if ($indieAuthRequestData['redirect_uri'] !== $request->get('redirect_uri')) {
-            return response()->json(['errors' => [
-                'redirect_uri' => [
-                    'The redirect uri is invalid.',
-                ],
-            ]], 400);
-        }
-
-        // Check client_id
-        if (! array_key_exists('client_id', $indieAuthRequestData)) {
-            return response()->json(['errors' => [
-                'client_id' => [
-                    'The client id is invalid.',
-                ],
-            ]], 400);
-        }
-        if ($indieAuthRequestData['client_id'] !== $request->get('client_id')) {
-            return response()->json(['errors' => [
-                'client_id' => [
-                    'The client id is invalid.',
-                ],
-            ]], 400);
-        }
-
-        return $indieAuthRequestData;
-    }
-}

app/Http/Controllers/LikesController.php

@@ -7,6 +7,9 @@ namespace App\Http\Controllers;
 use App\Models\Like;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class LikesController extends Controller
 {
     /**

app/Http/Controllers/MicropubController.php

@@ -4,73 +4,110 @@ declare(strict_types=1);
 
 namespace App\Http\Controllers;
 
-use App\Exceptions\InvalidTokenScopeException;
-use App\Exceptions\MicropubHandlerException;
-use App\Http\Requests\MicropubRequest;
+use App\Http\Responses\MicropubResponses;
 use App\Models\Place;
 use App\Models\SyndicationTarget;
-use App\Services\Micropub\MicropubHandlerRegistry;
+use App\Services\Micropub\HCardService;
+use App\Services\Micropub\HEntryService;
+use App\Services\Micropub\UpdateService;
+use App\Services\TokenService;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Lcobucci\JWT\Token;
+use Lcobucci\JWT\Encoding\CannotDecodeContent;
+use Lcobucci\JWT\Token\InvalidTokenStructure;
+use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
+use Monolog\Handler\StreamHandler;
+use Monolog\Logger;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class MicropubController extends Controller
 {
-    protected MicropubHandlerRegistry $handlerRegistry;
+    protected TokenService $tokenService;
 
-    public function __construct(MicropubHandlerRegistry $handlerRegistry)
-    {
-        $this->handlerRegistry = $handlerRegistry;
+    protected HEntryService $hentryService;
+
+    protected HCardService $hcardService;
+
+    protected UpdateService $updateService;
+
+    public function __construct(
+        TokenService $tokenService,
+        HEntryService $hentryService,
+        HCardService $hcardService,
+        UpdateService $updateService
+    ) {
+        $this->tokenService = $tokenService;
+        $this->hentryService = $hentryService;
+        $this->hcardService = $hcardService;
+        $this->updateService = $updateService;
     }
 
     /**
-     * Respond to a POST request to the micropub endpoint.
-     *
-     * The request is initially processed by the MicropubRequest form request
-     * class. The normalizes the data, so we can pass it into the handlers for
-     * the different micropub requests, h-entry or h-card, for example.
+     * This function receives an API request, verifies the authenticity
+     * then passes over the info to the relevant Service class.
      */
-    public function post(MicropubRequest $request): JsonResponse
+    public function post(Request $request): JsonResponse
     {
-        $type = $request->getType();
-
-        if (! $type) {
-            return response()->json([
-                'error' => 'invalid_request',
-                'error_description' => 'Microformat object type is missing, for example: h-entry or h-card',
-            ], 400);
-        }
-
         try {
-            $handler = $this->handlerRegistry->getHandler($type);
-            $result = $handler->handle($request->getMicropubData());
+            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
+        } catch (RequiredConstraintsViolated|InvalidTokenStructure|CannotDecodeContent) {
+            $micropubResponses = new MicropubResponses();
 
-            // Return appropriate response based on the handler result
-            return response()->json([
-                'response' => $result['response'],
-                'location' => $result['url'] ?? null,
-            ], 201)->header('Location', $result['url']);
-        } catch (\InvalidArgumentException $e) {
-            return response()->json([
-                'error' => 'invalid_request',
-                'error_description' => $e->getMessage(),
-            ], 400);
-        } catch (MicropubHandlerException) {
-            return response()->json([
-                'error' => 'Unknown Micropub type',
-                'error_description' => 'The request could not be processed by this server',
-            ], 500);
-        } catch (InvalidTokenScopeException) {
-            return response()->json([
-                'error' => 'invalid_scope',
-                'error_description' => 'The token does not have the required scope for this request',
-            ], 403);
-        } catch (\Exception) {
-            return response()->json([
-                'error' => 'server_error',
-                'error_description' => 'An error occurred processing the request',
-            ], 500);
+            return $micropubResponses->invalidTokenResponse();
         }
+
+        if ($tokenData->claims()->has('scope') === false) {
+            $micropubResponses = new MicropubResponses();
+
+            return $micropubResponses->tokenHasNoScopeResponse();
+        }
+
+        $this->logMicropubRequest($request->all());
+
+        if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) {
+            if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
+                $micropubResponses = new MicropubResponses();
+
+                return $micropubResponses->insufficientScopeResponse();
+            }
+            $location = $this->hentryService->process($request->all(), $this->getCLientId());
+
+            return response()->json([
+                'response' => 'created',
+                'location' => $location,
+            ], 201)->header('Location', $location);
+        }
+
+        if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') {
+            if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
+                $micropubResponses = new MicropubResponses();
+
+                return $micropubResponses->insufficientScopeResponse();
+            }
+            $location = $this->hcardService->process($request->all());
+
+            return response()->json([
+                'response' => 'created',
+                'location' => $location,
+            ], 201)->header('Location', $location);
+        }
+
+        if ($request->input('action') === 'update') {
+            if (stripos($tokenData->claims()->get('scope'), 'update') === false) {
+                $micropubResponses = new MicropubResponses();
+
+                return $micropubResponses->insufficientScopeResponse();
+            }
+
+            return $this->updateService->process($request->all());
+        }
+
+        return response()->json([
+            'response' => 'error',
+            'error_description' => 'unsupported_request_type',
+        ], 500);
     }
 
     /**
@@ -83,6 +120,12 @@ class MicropubController extends Controller
      */
     public function get(Request $request): JsonResponse
     {
+        try {
+            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
+        } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
+            return (new MicropubResponses())->invalidTokenResponse();
+        }
+
         if ($request->input('q') === 'syndicate-to') {
             return response()->json([
                 'syndicate-to' => SyndicationTarget::all(),
@@ -114,17 +157,36 @@ class MicropubController extends Controller
             ]);
         }
 
-        // the default response is just to return the token data
-        /** @var Token $tokenData */
-        $tokenData = $request->input('token_data');
-
+        // default response is just to return the token data
         return response()->json([
             'response' => 'token',
             'token' => [
-                'me' => $tokenData['me'],
-                'scope' => $tokenData['scope'],
-                'client_id' => $tokenData['client_id'],
+                'me' => $tokenData->claims()->get('me'),
+                'scope' => $tokenData->claims()->get('scope'),
+                'client_id' => $tokenData->claims()->get('client_id'),
             ],
         ]);
     }
+
+    /**
+     * Determine the client id from the access token sent with the request.
+     *
+     * @throws RequiredConstraintsViolated
+     */
+    private function getClientId(): string
+    {
+        return resolve(TokenService::class)
+            ->validateToken(app('request')->input('access_token'))
+            ->claims()->get('client_id');
+    }
+
+    /**
+     * Save the details of the micropub request to a log file.
+     */
+    private function logMicropubRequest(array $request): void
+    {
+        $logger = new Logger('micropub');
+        $logger->pushHandler(new StreamHandler(storage_path('logs/micropub.log')));
+        $logger->debug('MicropubLog', $request);
+    }
 }

app/Http/Controllers/MicropubMediaController.php

@@ -7,29 +7,54 @@ namespace App\Http\Controllers;
 use App\Http\Responses\MicropubResponses;
 use App\Jobs\ProcessMedia;
 use App\Models\Media;
+use App\Services\TokenService;
 use Exception;
 use Illuminate\Contracts\Container\BindingResolutionException;
+use Illuminate\Http\File;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Http\UploadedFile;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Str;
 use Intervention\Image\ImageManager;
+use Lcobucci\JWT\Token\InvalidTokenStructure;
+use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
 use Ramsey\Uuid\Uuid;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class MicropubMediaController extends Controller
 {
+    protected TokenService $tokenService;
+
+    public function __construct(TokenService $tokenService)
+    {
+        $this->tokenService = $tokenService;
+    }
+
     public function getHandler(Request $request): JsonResponse
     {
-        $tokenData = $request->input('token_data');
+        try {
+            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
+        } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
+            $micropubResponses = new MicropubResponses();
 
-        $scopes = $tokenData['scope'];
-        if (is_string($scopes)) {
-            $scopes = explode(' ', $scopes);
+            return $micropubResponses->invalidTokenResponse();
         }
-        if (! in_array('create', $scopes, true)) {
-            return (new MicropubResponses)->insufficientScopeResponse();
+
+        if ($tokenData->claims()->has('scope') === false) {
+            $micropubResponses = new MicropubResponses();
+
+            return $micropubResponses->tokenHasNoScopeResponse();
+        }
+
+        if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
+            $micropubResponses = new MicropubResponses();
+
+            return $micropubResponses->insufficientScopeResponse();
         }
 
         if ($request->input('q') === 'last') {
@@ -80,14 +105,24 @@ class MicropubMediaController extends Controller
      */
     public function media(Request $request): JsonResponse
     {
-        $tokenData = $request->input('token_data');
+        try {
+            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
+        } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
+            $micropubResponses = new MicropubResponses();
 
-        $scopes = $tokenData['scope'];
-        if (is_string($scopes)) {
-            $scopes = explode(' ', $scopes);
+            return $micropubResponses->invalidTokenResponse();
         }
-        if (! in_array('create', $scopes, true)) {
-            return (new MicropubResponses)->insufficientScopeResponse();
+
+        if ($tokenData->claims()->has('scope') === false) {
+            $micropubResponses = new MicropubResponses();
+
+            return $micropubResponses->tokenHasNoScopeResponse();
+        }
+
+        if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
+            $micropubResponses = new MicropubResponses();
+
+            return $micropubResponses->insufficientScopeResponse();
         }
 
         if ($request->hasFile('file') === false) {
@@ -98,10 +133,7 @@ class MicropubMediaController extends Controller
             ], 400);
         }
 
-        /** @var UploadedFile $file */
-        $file = $request->file('file');
-
-        if ($file->isValid() === false) {
+        if ($request->file('file')->isValid() === false) {
             return response()->json([
                 'response' => 'error',
                 'error' => 'invalid_request',
@@ -109,7 +141,7 @@ class MicropubMediaController extends Controller
             ], 400);
         }
 
-        $filename = Storage::disk('local')->putFile('media', $file);
+        $filename = $this->saveFile($request->file('file'));
 
         /** @var ImageManager $manager */
         $manager = resolve(ImageManager::class);
@@ -122,12 +154,19 @@ class MicropubMediaController extends Controller
         }
 
         $media = Media::create([
-            'token' => $request->input('access_token'),
-            'path' => $filename,
+            'token' => $request->bearerToken(),
+            'path' => 'media/' . $filename,
             'type' => $this->getFileTypeFromMimeType($request->file('file')->getMimeType()),
             'image_widths' => $width,
         ]);
 
+        // put the file on S3 initially, the ProcessMedia job may edit this
+        Storage::disk('s3')->putFileAs(
+            'media',
+            new File(storage_path('app') . '/' . $filename),
+            $filename
+        );
+
         ProcessMedia::dispatch($filename);
 
         return response()->json([
@@ -149,7 +188,7 @@ class MicropubMediaController extends Controller
      */
     private function getFileTypeFromMimeType(string $mimeType): string
     {
-        // try known images
+        //try known images
         $imageMimeTypes = [
             'image/gif',
             'image/jpeg',
@@ -161,7 +200,7 @@ class MicropubMediaController extends Controller
         if (in_array($mimeType, $imageMimeTypes)) {
             return 'image';
         }
-        // try known video
+        //try known video
         $videoMimeTypes = [
             'video/mp4',
             'video/mpeg',
@@ -172,7 +211,7 @@ class MicropubMediaController extends Controller
         if (in_array($mimeType, $videoMimeTypes)) {
             return 'video';
         }
-        // try known audio types
+        //try known audio types
         $audioMimeTypes = [
             'audio/midi',
             'audio/mpeg',
@@ -191,7 +230,7 @@ class MicropubMediaController extends Controller
      *
      * @throws Exception
      */
-    private function saveFileToLocal(UploadedFile $file): string
+    private function saveFile(UploadedFile $file): string
     {
         $filename = Uuid::uuid4()->toString() . '.' . $file->extension();
         Storage::disk('local')->putFileAs('', $file, $filename);

app/Http/Controllers/NotesController.php

@@ -14,6 +14,8 @@ use Jonnybarnes\IndieWeb\Numbers;
 
 /**
  * @todo Need to sort out Twitter and webmentions!
+ *
+ * @psalm-suppress UnusedClass
  */
 class NotesController extends Controller
 {
@@ -65,7 +67,7 @@ class NotesController extends Controller
      */
     public function redirect(int $decId): RedirectResponse
     {
-        return redirect(config('app.url') . '/notes/' . (new Numbers)->numto60($decId));
+        return redirect(config('app.url') . '/notes/' . (new Numbers())->numto60($decId));
     }
 
     /**

app/Http/Controllers/PlacesController.php

@@ -7,6 +7,9 @@ namespace App\Http\Controllers;
 use App\Models\Place;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class PlacesController extends Controller
 {
     /**

app/Http/Controllers/SearchController.php

@@ -6,6 +6,9 @@ use App\Models\Note;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class SearchController extends Controller
 {
     public function search(Request $request): View

app/Http/Controllers/ShortURLsController.php

@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\RedirectResponse;
+
+/**
+ * @psalm-suppress UnusedClass
+ */
+class ShortURLsController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Short URL Controller
+    |--------------------------------------------------------------------------
+    |
+    |    This redirects the short urls to long ones
+    |
+    */
+
+    /**
+     * Redirect from '/' to the long url.
+     */
+    public function baseURL(): RedirectResponse
+    {
+        return redirect(config('app.url'));
+    }
+
+    /**
+     * Redirect from '/@' to a twitter profile.
+     */
+    public function twitter(): RedirectResponse
+    {
+        return redirect('https://twitter.com/jonnybarnes');
+    }
+
+    /**
+     * Redirect a short url of this site out to a long one based on post type.
+     *
+     * Further redirects may happen.
+     */
+    public function expandType(string $type, string $postId): RedirectResponse
+    {
+        if ($type === 't') {
+            $type = 'notes';
+        }
+        if ($type === 'b') {
+            $type = 'blog/s';
+        }
+
+        return redirect(config('app.url') . '/' . $type . '/' . $postId);
+    }
+}

app/Http/Controllers/TokenEndpointController.php

@@ -0,0 +1,109 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use App\Services\TokenService;
+use GuzzleHttp\Client as GuzzleClient;
+use GuzzleHttp\Exception\BadResponseException;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use IndieAuth\Client;
+use JsonException;
+
+/**
+ * @psalm-suppress UnusedClass
+ */
+class TokenEndpointController extends Controller
+{
+    /**
+     * @var Client The IndieAuth Client.
+     */
+    protected Client $client;
+
+    /**
+     * @var GuzzleClient The GuzzleHttp client.
+     */
+    protected GuzzleClient $guzzle;
+
+    protected TokenService $tokenService;
+
+    /**
+     * Inject the dependencies.
+     */
+    public function __construct(
+        Client $client,
+        GuzzleClient $guzzle,
+        TokenService $tokenService
+    ) {
+        $this->client = $client;
+        $this->guzzle = $guzzle;
+        $this->tokenService = $tokenService;
+    }
+
+    /**
+     * If the user has auth’d via the IndieAuth protocol, issue a valid token.
+     */
+    public function create(Request $request): JsonResponse
+    {
+        $auth = $this->verifyIndieAuthCode(
+            config('url.authorization_endpoint'),
+            $request->input('code'),
+            $request->input('redirect_uri'),
+            $request->input('client_id'),
+        );
+
+        if ($auth === null || ! array_key_exists('me', $auth)) {
+            return response()->json([
+                'error' => 'There was an error verifying the IndieAuth code',
+            ], 401);
+        }
+
+        $scope = $auth['scope'] ?? '';
+        $tokenData = [
+            'me' => config('app.url'),
+            'client_id' => $request->input('client_id'),
+            'scope' => $scope,
+        ];
+        $token = $this->tokenService->getNewToken($tokenData);
+        $content = [
+            'me' => config('app.url'),
+            'scope' => $scope,
+            'access_token' => $token,
+        ];
+
+        return response()->json($content);
+    }
+
+    protected function verifyIndieAuthCode(
+        string $authorizationEndpoint,
+        string $code,
+        string $redirectUri,
+        string $clientId
+    ): ?array {
+        try {
+            $response = $this->guzzle->request('POST', $authorizationEndpoint, [
+                'headers' => [
+                    'Accept' => 'application/json',
+                ],
+                'form_params' => [
+                    'code' => $code,
+                    'me' => config('app.url'),
+                    'redirect_uri' => $redirectUri,
+                    'client_id' => $clientId,
+                ],
+            ]);
+        } catch (BadResponseException) {
+            return null;
+        }
+
+        try {
+            $authData = json_decode((string) $response->getBody(), true, 512, JSON_THROW_ON_ERROR);
+        } catch (JsonException) {
+            return null;
+        }
+
+        return $authData;
+    }
+}

app/Http/Controllers/WebMentionsController.php

@@ -12,6 +12,9 @@ use Illuminate\Http\Response;
 use Illuminate\View\View;
 use Jonnybarnes\IndieWeb\Numbers;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class WebMentionsController extends Controller
 {
     /**
@@ -30,7 +33,7 @@ class WebMentionsController extends Controller
      */
     public function receive(Request $request): Response
     {
-        // first we trivially reject requests that lack all required inputs
+        //first we trivially reject requests that lack all required inputs
         if (($request->has('target') !== true) || ($request->has('source') !== true)) {
             return response(
                 'You need both the target and source parameters',
@@ -38,12 +41,12 @@ class WebMentionsController extends Controller
             );
         }
 
-        // next check the $target is valid
+        //next check the $target is valid
         $path = parse_url($request->input('target'), PHP_URL_PATH);
         $pathParts = explode('/', $path);
 
         if ($pathParts[1] === 'notes') {
-            // we have a note
+            //we have a note
             $noteId = $pathParts[2];
             try {
                 $note = Note::findOrFail(resolve(Numbers::class)->b60tonum($noteId));

app/Http/Kernel.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace App\Http;
+
+use Illuminate\Foundation\Http\Kernel as HttpKernel;
+
+class Kernel extends HttpKernel
+{
+    /**
+     * The application's global HTTP middleware stack.
+     *
+     * These middleware are run during every request to your application.
+     *
+     * @var array<int, class-string|string>
+     */
+    protected $middleware = [
+        // \App\Http\Middleware\TrustHosts::class,
+        \App\Http\Middleware\TrustProxies::class,
+        \Illuminate\Http\Middleware\HandleCors::class,
+        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
+        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
+        \App\Http\Middleware\TrimStrings::class,
+        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
+    ];
+
+    /**
+     * The application's route middleware groups.
+     *
+     * @var array<string, array<int, class-string|string>>
+     */
+    protected $middlewareGroups = [
+        'web' => [
+            \App\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
+            \App\Http\Middleware\VerifyCsrfToken::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            \App\Http\Middleware\LinkHeadersMiddleware::class,
+            \App\Http\Middleware\LocalhostSessionMiddleware::class,
+            \App\Http\Middleware\CSPHeader::class,
+        ],
+
+        'api' => [
+            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
+            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        ],
+    ];
+
+    /**
+     * The application's middleware aliases.
+     *
+     * Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
+     *
+     * @var array<string, class-string|string>
+     */
+    protected $middlewareAliases = [
+        'auth' => \App\Http\Middleware\Authenticate::class,
+        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
+        'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
+        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
+        'can' => \Illuminate\Auth\Middleware\Authorize::class,
+        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
+        'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
+        'signed' => \App\Http\Middleware\ValidateSignature::class,
+        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
+        'micropub.token' => \App\Http\Middleware\VerifyMicropubToken::class,
+        'myauth' => \App\Http\Middleware\MyAuthMiddleware::class,
+        'cors' => \App\Http\Middleware\CorsHeaders::class,
+    ];
+}

app/Http/Middleware/CSPHeader.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\App;
+use Symfony\Component\HttpFoundation\Response;
+
+class CSPHeader
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (App::environment('local', 'development')) {
+            return $next($request);
+        }
+
+        // headers have to be single-line strings,
+        // so we concat multiple lines
+        // phpcs:disable Generic.Files.LineLength.TooLong
+        return $next($request)
+            ->header(
+                'Content-Security-Policy',
+                "default-src 'self'; " .
+                "style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
+                "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
+                "font-src 'self' data:; " .
+                "frame-src 'self' https://www.youtube.com blob:; " .
+                'upgrade-insecure-requests; ' .
+                'block-all-mixed-content; ' .
+                'report-to csp-endpoint; ' .
+                'report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;'
+            )->header(
+                'Report-To',
+                '{' .
+                        "'url': 'https://jonnybarnes.report-uri.io/r/default/csp/enforce', " .
+                        "'group': 'csp-endpoint', " .
+                        "'max-age': 10886400" .
+                '}'
+            );
+        // phpcs:enable Generic.Files.LineLength.TooLong
+    }
+}

app/Http/Middleware/CorsHeaders.php

@@ -10,6 +10,8 @@ class CorsHeaders
 {
     /**
      * Handle an incoming request.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {

app/Http/Middleware/LinkHeadersMiddleware.php

@@ -10,15 +10,16 @@ class LinkHeadersMiddleware
 {
     /**
      * Handle an incoming request.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {
         $response = $next($request);
-        $response->header('Link', '<' . route('indieauth.metadata') . '>; rel="indieauth-metadata"', false);
-        $response->header('Link', '<' . route('indieauth.start') . '>; rel="authorization_endpoint"', false);
-        $response->header('Link', '<' . route('indieauth.token') . '>; rel="token_endpoint"', false);
-        $response->header('Link', '<' . route('micropub-endpoint') . '>; rel="micropub"', false);
-        $response->header('Link', '<' . route('webmention-endpoint') . '>; rel="webmention"', false);
+        $response->header('Link', '<https://indieauth.com/auth>; rel="authorization_endpoint"', false);
+        $response->header('Link', '<' . config('app.url') . '/api/token>; rel="token_endpoint"', false);
+        $response->header('Link', '<' . config('app.url') . '/api/post>; rel="micropub"', false);
+        $response->header('Link', '<' . config('app.url') . '/webmention>; rel="webmention"', false);
 
         return $response;
     }

app/Http/Middleware/LocalhostSessionMiddleware.php

@@ -14,6 +14,8 @@ class LocalhostSessionMiddleware
      * Whilst we are developing locally, automatically log in as
      * `['me' => config('app.url')]` as I can’t manually log in as
      * a .localhost domain.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {

app/Http/Middleware/LogMicropubRequest.php

@@ -1,24 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\JsonResponse;
-use Illuminate\Http\Request;
-use Illuminate\Http\Response;
-use Monolog\Handler\StreamHandler;
-use Monolog\Logger;
-
-class LogMicropubRequest
-{
-    public function handle(Request $request, Closure $next): Response|JsonResponse
-    {
-        $logger = new Logger('micropub');
-        $logger->pushHandler(new StreamHandler(storage_path('logs/micropub.log')));
-        $logger->debug('MicropubLog', $request->all());
-
-        return $next($request);
-    }
-}

app/Http/Middleware/MyAuthMiddleware.php

@@ -13,13 +13,13 @@ class MyAuthMiddleware
 {
     /**
      * Check the user is logged in.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {
         if (Auth::check() === false) {
             // they’re not logged in, so send them to login form
-            redirect()->setIntendedUrl($request->fullUrl());
-
             return redirect()->route('login');
         }
 

app/Http/Middleware/ValidateSignature.php

@@ -10,6 +10,8 @@ class ValidateSignature extends Middleware
      * The names of the query string parameters that should be ignored.
      *
      * @var array<int, string>
+     *
+     * @psalm-suppress PossiblyUnusedProperty
      */
     protected $except = [
         // 'fbclid',

app/Http/Middleware/VerifyMicropubToken.php

@@ -4,14 +4,8 @@ declare(strict_types=1);
 
 namespace App\Http\Middleware;
 
-use App\Http\Responses\MicropubResponses;
 use Closure;
 use Illuminate\Http\Request;
-use Lcobucci\JWT\Configuration;
-use Lcobucci\JWT\Encoding\CannotDecodeContent;
-use Lcobucci\JWT\Token;
-use Lcobucci\JWT\Token\InvalidTokenStructure;
-use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
 use Symfony\Component\HttpFoundation\Response;
 
 class VerifyMicropubToken
@@ -19,63 +13,24 @@ class VerifyMicropubToken
     /**
      * Handle an incoming request.
      *
-     * @param  Closure(Request): (Response)  $next
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {
-        $rawToken = null;
-
         if ($request->input('access_token')) {
-            $rawToken = $request->input('access_token');
-        } elseif ($request->bearerToken()) {
-            $rawToken = $request->bearerToken();
+            return $next($request);
         }
 
-        if (! $rawToken) {
-            return response()->json([
-                'response' => 'error',
-                'error' => 'unauthorized',
-                'error_description' => 'No access token was provided in the request',
-            ], 401);
+        if ($request->bearerToken()) {
+            return $next($request->merge([
+                'access_token' => $request->bearerToken(),
+            ]));
         }
 
-        try {
-            $tokenData = $this->validateToken($rawToken);
-        } catch (RequiredConstraintsViolated|InvalidTokenStructure|CannotDecodeContent) {
-            $micropubResponses = new MicropubResponses;
-
-            return $micropubResponses->invalidTokenResponse();
-        }
-
-        if ($tokenData->claims()->has('scope') === false) {
-            $micropubResponses = new MicropubResponses;
-
-            return $micropubResponses->tokenHasNoScopeResponse();
-        }
-
-        return $next($request->merge([
-            'access_token' => $rawToken,
-            'token_data' => [
-                'me' => $tokenData->claims()->get('me'),
-                'scope' => $tokenData->claims()->get('scope'),
-                'client_id' => $tokenData->claims()->get('client_id'),
-            ],
-        ]));
-    }
-
-    /**
-     * Check the token signature is valid.
-     */
-    private function validateToken(string $bearerToken): Token
-    {
-        $config = resolve(Configuration::class);
-
-        $token = $config->parser()->parse($bearerToken);
-
-        $constraints = $config->validationConstraints();
-
-        $config->validator()->assert($token, ...$constraints);
-
-        return $token;
+        return response()->json([
+            'response' => 'error',
+            'error' => 'unauthorized',
+            'error_description' => 'No access token was provided in the request',
+        ], 401);
     }
 }

app/Http/Requests/MicropubRequest.php

@@ -1,106 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Requests;
-
-use Illuminate\Foundation\Http\FormRequest;
-use Illuminate\Support\Arr;
-
-class MicropubRequest extends FormRequest
-{
-    protected array $micropubData = [];
-
-    public function rules(): array
-    {
-        return [
-            // Validation rules
-        ];
-    }
-
-    public function getMicropubData(): array
-    {
-        return $this->micropubData;
-    }
-
-    public function getType(): ?string
-    {
-        // Return consistent type regardless of input format
-        return $this->micropubData['type'] ?? null;
-    }
-
-    protected function prepareForValidation(): void
-    {
-        // Normalize the request data based on content type
-        if ($this->isJson()) {
-            $this->normalizeMicropubJson();
-        } else {
-            $this->normalizeMicropubForm();
-        }
-    }
-
-    private function normalizeMicropubJson(): void
-    {
-        $json = $this->json();
-        if ($json === null) {
-            throw new \InvalidArgumentException('`isJson()` passed but there is no json data');
-        }
-
-        $data = $json->all();
-
-        // Convert JSON type (h-entry) to simple type (entry)
-        if (isset($data['type']) && is_array($data['type'])) {
-            $type = current($data['type']);
-            if (strpos($type, 'h-') === 0) {
-                $this->micropubData['type'] = substr($type, 2);
-            }
-        }
-        // Or set the type to update
-        elseif (isset($data['action']) && $data['action'] === 'update') {
-            $this->micropubData['type'] = 'update';
-        }
-
-        // Add in the token data
-        $this->micropubData['token_data'] = $data['token_data'];
-
-        // Add h-entry values
-        $this->micropubData['content'] = Arr::get($data, 'properties.content.0');
-        $this->micropubData['in-reply-to'] = Arr::get($data, 'properties.in-reply-to.0');
-        $this->micropubData['published'] = Arr::get($data, 'properties.published.0');
-        $this->micropubData['location'] = Arr::get($data, 'location');
-        $this->micropubData['bookmark-of'] = Arr::get($data, 'properties.bookmark-of.0');
-        $this->micropubData['like-of'] = Arr::get($data, 'properties.like-of.0');
-        $this->micropubData['mp-syndicate-to'] = Arr::get($data, 'properties.mp-syndicate-to');
-
-        // Add h-card values
-        $this->micropubData['name'] = Arr::get($data, 'properties.name.0');
-        $this->micropubData['description'] = Arr::get($data, 'properties.description.0');
-        $this->micropubData['geo'] = Arr::get($data, 'properties.geo.0');
-
-        // Add checkin value
-        $this->micropubData['checkin'] = Arr::get($data, 'checkin');
-        $this->micropubData['syndication'] = Arr::get($data, 'properties.syndication.0');
-    }
-
-    private function normalizeMicropubForm(): void
-    {
-        // Convert form h=entry to type=entry
-        if ($h = $this->input('h')) {
-            $this->micropubData['type'] = $h;
-        }
-
-        // Add some fields to the micropub data with default null values
-        $this->micropubData['in-reply-to'] = null;
-        $this->micropubData['published'] = null;
-        $this->micropubData['location'] = null;
-        $this->micropubData['description'] = null;
-        $this->micropubData['geo'] = null;
-        $this->micropubData['latitude'] = null;
-        $this->micropubData['longitude'] = null;
-
-        // Map form fields to micropub data
-        foreach ($this->except(['h', 'access_token']) as $key => $value) {
-            $this->micropubData[$key] = $value;
-        }
-    }
-}

app/Jobs/DownloadWebMention.php

@@ -24,7 +24,8 @@ class DownloadWebMention implements ShouldQueue
      */
     public function __construct(
         protected string $source
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.
@@ -35,30 +36,30 @@ class DownloadWebMention implements ShouldQueue
     public function handle(Client $guzzle): void
     {
         $response = $guzzle->request('GET', $this->source);
-        // 4XX and 5XX responses should get Guzzle to throw an exception,
-        // Laravel should catch and retry these automatically.
+        //4XX and 5XX responses should get Guzzle to throw an exception,
+        //Laravel should catch and retry these automatically.
         if ($response->getStatusCode() === 200) {
-            $filesystem = new FileSystem;
+            $filesystem = new FileSystem();
             $filename = storage_path('HTML') . '/' . $this->createFilenameFromURL($this->source);
-            // backup file first
+            //backup file first
             $filenameBackup = $filename . '.' . date('Y-m-d') . '.backup';
             if ($filesystem->exists($filename)) {
                 $filesystem->copy($filename, $filenameBackup);
             }
-            // check if base directory exists
+            //check if base directory exists
             if (! $filesystem->exists($filesystem->dirname($filename))) {
                 $filesystem->makeDirectory(
                     $filesystem->dirname($filename),
-                    0755,  // mode
-                    true // recursive
+                    0755,  //mode
+                    true //recursive
                 );
             }
-            // save new HTML
+            //save new HTML
             $filesystem->put(
                 $filename,
                 (string) $response->getBody()
             );
-            // remove backup if the same
+            //remove backup if the same
             if ($filesystem->exists($filenameBackup)) {
                 if ($filesystem->get($filename) === $filesystem->get($filenameBackup)) {
                     $filesystem->delete($filenameBackup);

app/Jobs/ProcessBookmark.php

@@ -25,7 +25,8 @@ class ProcessBookmark implements ShouldQueue
      */
     public function __construct(
         protected Bookmark $bookmark
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.

app/Jobs/ProcessLike.php

@@ -30,7 +30,8 @@ class ProcessLike implements ShouldQueue
      */
     public function __construct(
         protected Like $like
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.
@@ -49,7 +50,7 @@ class ProcessLike implements ShouldQueue
             $this->like->content = $tweet->html;
             $this->like->save();
 
-            // POSSE like
+            //POSSE like
             try {
                 $client->request(
                     'POST',

app/Jobs/ProcessMedia.php

@@ -25,45 +25,43 @@ class ProcessMedia implements ShouldQueue
      */
     public function __construct(
         protected string $filename
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.
      */
     public function handle(ImageManager $manager): void
     {
-        // Load file
-        $file = Storage::disk('local')->get('media/' . $this->filename);
-
-        // Open file
+        //open file
         try {
-            $image = $manager->read($file);
+            $image = $manager->read(storage_path('app') . '/' . $this->filename);
         } catch (DecoderException) {
             // not an image; delete file and end job
-            Storage::disk('local')->delete('media/' . $this->filename);
+            unlink(storage_path('app') . '/' . $this->filename);
 
             return;
         }
-
-        // Save the file publicly
-        Storage::disk('public')->put('media/' . $this->filename, $file);
-
-        // Create smaller versions if necessary
+        //create smaller versions if necessary
         if ($image->width() > 1000) {
             $filenameParts = explode('.', $this->filename);
             $extension = array_pop($filenameParts);
             // the following achieves this data flow
             // foo.bar.png => ['foo', 'bar', 'png'] => ['foo', 'bar'] => foo.bar
-            $basename = trim(implode('.', $filenameParts), '.');
-
-            $medium = $image->resize(width: 1000);
-            Storage::disk('public')->put('media/' . $basename . '-medium.' . $extension, (string) $medium->encode());
-
-            $small = $image->resize(width: 500);
-            Storage::disk('public')->put('media/' . $basename . '-small.' . $extension, (string) $small->encode());
+            $basename = ltrim(array_reduce($filenameParts, function ($carry, $item) {
+                return $carry . '.' . $item;
+            }, ''), '.');
+            $medium = $image->resize(1000, null, function ($constraint) {
+                $constraint->aspectRatio();
+            });
+            Storage::disk('s3')->put('media/' . $basename . '-medium.' . $extension, (string) $medium->encode());
+            $small = $image->resize(500, null, function ($constraint) {
+                $constraint->aspectRatio();
+            });
+            Storage::disk('s3')->put('media/' . $basename . '-small.' . $extension, (string) $small->encode());
         }
 
-        // Now we can delete the locally saved image
-        Storage::disk('local')->delete('media/' . $this->filename);
+        // now we can delete the locally saved image
+        unlink(storage_path('app') . '/' . $this->filename);
     }
 }

app/Jobs/ProcessWebMention.php

@@ -30,7 +30,8 @@ class ProcessWebMention implements ShouldQueue
     public function __construct(
         protected Note $note,
         protected string $source
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.
@@ -44,7 +45,7 @@ class ProcessWebMention implements ShouldQueue
         try {
             $response = $guzzle->request('GET', $this->source);
         } catch (RequestException $e) {
-            throw new RemoteContentNotFoundException;
+            throw new RemoteContentNotFoundException();
         }
         $this->saveRemoteContent((string) $response->getBody(), $this->source);
         $microformats = Mf2\parse((string) $response->getBody(), $this->source);
@@ -53,7 +54,7 @@ class ProcessWebMention implements ShouldQueue
             // check webmention still references target
             // we try each type of mention (reply/like/repost)
             if ($webmention->type === 'in-reply-to') {
-                if ($parser->checkInReplyTo($microformats, $this->note->uri) === false) {
+                if ($parser->checkInReplyTo($microformats, $this->note->longurl) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -67,7 +68,7 @@ class ProcessWebMention implements ShouldQueue
                 return;
             }
             if ($webmention->type === 'like-of') {
-                if ($parser->checkLikeOf($microformats, $this->note->uri) === false) {
+                if ($parser->checkLikeOf($microformats, $this->note->longurl) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -75,7 +76,7 @@ class ProcessWebMention implements ShouldQueue
                 } // note we don’t need to do anything if it still is a like
             }
             if ($webmention->type === 'repost-of') {
-                if ($parser->checkRepostOf($microformats, $this->note->uri) === false) {
+                if ($parser->checkRepostOf($microformats, $this->note->longurl) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -85,13 +86,13 @@ class ProcessWebMention implements ShouldQueue
         }// foreach
 
         // no webmention in the db so create new one
-        $webmention = new WebMention;
+        $webmention = new WebMention();
         $type = $parser->getMentionType($microformats); // throw error here?
         dispatch(new SaveProfileImage($microformats));
         $webmention->source = $this->source;
-        $webmention->target = $this->note->uri;
+        $webmention->target = $this->note->longurl;
         $webmention->commentable_id = $this->note->id;
-        $webmention->commentable_type = Note::class;
+        $webmention->commentable_type = 'App\Model\Note';
         $webmention->type = $type;
         $webmention->mf2 = json_encode($microformats);
         $webmention->save();

app/Jobs/SaveProfileImage.php

@@ -25,7 +25,8 @@ class SaveProfileImage implements ShouldQueue
      */
     public function __construct(
         protected array $microformats
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.
@@ -49,7 +50,7 @@ class SaveProfileImage implements ShouldQueue
             $home = array_shift($home);
         }
 
-        // dont save pbs.twimg.com links
+        //dont save pbs.twimg.com links
         if (
             $photo
             && parse_url($photo, PHP_URL_HOST) !== 'pbs.twimg.com'

app/Jobs/SaveScreenshot.php

@@ -23,7 +23,8 @@ class SaveScreenshot implements ShouldQueue
      */
     public function __construct(
         protected Bookmark $bookmark
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.

app/Jobs/SendWebMentions.php

@@ -27,7 +27,8 @@ class SendWebMentions implements ShouldQueue
      */
     public function __construct(
         protected Note $note
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.
@@ -45,7 +46,7 @@ class SendWebMentions implements ShouldQueue
                 $guzzle = resolve(Client::class);
                 $guzzle->post($endpoint, [
                     'form_params' => [
-                        'source' => $this->note->uri,
+                        'source' => $this->note->longurl,
                         'target' => $url,
                     ],
                 ]);
@@ -61,7 +62,7 @@ class SendWebMentions implements ShouldQueue
     public function discoverWebmentionEndpoint(string $url): ?string
     {
         // let’s not send webmentions to myself
-        if (parse_url($url, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
+        if (parse_url($url, PHP_URL_HOST) === config('url.longurl')) {
             return null;
         }
         if (Str::startsWith($url, '/notes/tagged/')) {
@@ -72,7 +73,7 @@ class SendWebMentions implements ShouldQueue
 
         $guzzle = resolve(Client::class);
         $response = $guzzle->get($url);
-        // check HTTP Headers for webmention endpoint
+        //check HTTP Headers for webmention endpoint
         $links = Header::parse($response->getHeader('Link'));
         foreach ($links as $link) {
             if (array_key_exists('rel', $link) && mb_stristr($link['rel'], 'webmention')) {
@@ -80,7 +81,7 @@ class SendWebMentions implements ShouldQueue
             }
         }
 
-        // failed to find a header so parse HTML
+        //failed to find a header so parse HTML
         $html = (string) $response->getBody();
 
         $mf2 = new \Mf2\Parser($html, $url);
@@ -108,7 +109,7 @@ class SendWebMentions implements ShouldQueue
         }
 
         $urls = [];
-        $dom = new \DOMDocument;
+        $dom = new \DOMDocument();
         $dom->loadHTML($html);
         $anchors = $dom->getElementsByTagName('a');
         foreach ($anchors as $anchor) {

app/Jobs/SyndicateNoteToBluesky.php

@@ -1,62 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Jobs;
-
-use App\Models\Note;
-use GuzzleHttp\Client;
-use GuzzleHttp\Exception\GuzzleException;
-use Illuminate\Bus\Queueable;
-use Illuminate\Contracts\Queue\ShouldQueue;
-use Illuminate\Foundation\Bus\Dispatchable;
-use Illuminate\Queue\InteractsWithQueue;
-use Illuminate\Queue\SerializesModels;
-
-class SyndicateNoteToBluesky implements ShouldQueue
-{
-    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
-
-    /**
-     * Create a new job instance.
-     */
-    public function __construct(
-        protected Note $note
-    ) {}
-
-    /**
-     * Execute the job.
-     *
-     * @throws GuzzleException
-     */
-    public function handle(Client $guzzle): void
-    {
-        // We can only make the request if we have an access token
-        if (config('bridgy.bluesky_token') === null) {
-            return;
-        }
-
-        // Make micropub request
-        $response = $guzzle->request(
-            'POST',
-            'https://brid.gy/micropub',
-            [
-                'headers' => [
-                    'Authorization' => 'Bearer ' . config('bridgy.bluesky_token'),
-                ],
-                'json' => [
-                    'type' => ['h-entry'],
-                    'properties' => [
-                        'content' => [$this->note->getRawOriginal('note')],
-                    ],
-                ],
-            ]
-        );
-
-        // Parse for syndication URL
-        if ($response->getStatusCode() === 201) {
-            $this->note->bluesky_url = $response->getHeader('Location')[0];
-            $this->note->save();
-        }
-    }
-}

app/Jobs/SyndicateNoteToMastodon.php

@@ -22,7 +22,8 @@ class SyndicateNoteToMastodon implements ShouldQueue
      */
     public function __construct(
         protected Note $note
-    ) {}
+    ) {
+    }
 
     /**
      * Execute the job.

app/Models/Article.php

@@ -58,10 +58,10 @@ class Article extends Model
     {
         return Attribute::get(
             get: function () {
-                $environment = new Environment;
-                $environment->addExtension(new CommonMarkCoreExtension);
-                $environment->addRenderer(FencedCode::class, new FencedCodeRenderer);
-                $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer);
+                $environment = new Environment();
+                $environment->addExtension(new CommonMarkCoreExtension());
+                $environment->addRenderer(FencedCode::class, new FencedCodeRenderer());
+                $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer());
                 $markdownConverter = new MarkdownConverter($environment);
 
                 return $markdownConverter->convert($this->main)->getContent();

app/Models/Bookmark.php

@@ -26,7 +26,7 @@ class Bookmark extends Model
         return $this->belongsToMany('App\Models\Tag');
     }
 
-    protected function local_uri(): Attribute
+    protected function longurl(): Attribute
     {
         return Attribute::get(
             get: fn () => config('app.url') . '/bookmarks/' . $this->id,

app/Models/Media.php

@@ -33,7 +33,7 @@ class Media extends Model
                     return $attributes['path'];
                 }
 
-                return config('app.url') . '/storage/' . $attributes['path'];
+                return config('filesystems.disks.s3.url') . '/' . $attributes['path'];
             }
         );
     }
@@ -78,7 +78,7 @@ class Media extends Model
         $basename = $this->getBasename($path);
         $extension = $this->getExtension($path);
 
-        return config('app.url') . '/storage/' . $basename . '-' . $size . '.' . $extension;
+        return config('filesystems.disks.s3.url') . '/' . $basename . '-' . $size . '.' . $extension;
     }
 
     private function getBasename(string $path): string

app/Models/Note.php

@@ -111,7 +111,7 @@ class Note extends Model
     {
         if ($value !== null) {
             $normalized = normalizer_normalize($value, Normalizer::FORM_C);
-            if ($normalized === '') { // we don’t want to save empty strings to the db
+            if ($normalized === '') { //we don’t want to save empty strings to the db
                 $normalized = null;
             }
             $this->attributes['note'] = $normalized;
@@ -124,7 +124,7 @@ class Note extends Model
     public function getNoteAttribute(?string $value): ?string
     {
         if ($value === null && $this->place !== null) {
-            $value = '📍: <a href="' . $this->place->uri . '">' . $this->place->name . '</a>';
+            $value = '📍: <a href="' . $this->place->longurl . '">' . $this->place->name . '</a>';
         }
 
         // if $value is still null, just return null
@@ -172,11 +172,16 @@ class Note extends Model
         return (string) resolve(Numbers::class)->numto60($this->id);
     }
 
-    public function getUriAttribute(): string
+    public function getLongurlAttribute(): string
     {
         return config('app.url') . '/notes/' . $this->nb60id;
     }
 
+    public function getShorturlAttribute(): string
+    {
+        return config('url.shorturl') . '/notes/' . $this->nb60id;
+    }
+
     public function getIso8601Attribute(): string
     {
         return $this->updated_at->toISO8601String();
@@ -266,7 +271,7 @@ class Note extends Model
             ]);
 
             if ($oEmbed->httpstatus >= 400) {
-                throw new Exception;
+                throw new Exception();
             }
         } catch (Exception $e) {
             return null;
@@ -383,18 +388,18 @@ class Note extends Model
                 'mentions_handle' => [
                     'prefix' => '@',
                     'pattern' => '([\w@.])+(\b)',
-                    'generator' => new MentionGenerator,
+                    'generator' => new MentionGenerator(),
                 ],
             ],
         ];
 
         $environment = new Environment($config);
-        $environment->addExtension(new CommonMarkCoreExtension);
-        $environment->addExtension(new AutolinkExtension);
-        $environment->addExtension(new MentionExtension);
-        $environment->addRenderer(Mention::class, new MentionRenderer);
-        $environment->addRenderer(FencedCode::class, new FencedCodeRenderer);
-        $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer);
+        $environment->addExtension(new CommonMarkCoreExtension());
+        $environment->addExtension(new AutolinkExtension());
+        $environment->addExtension(new MentionExtension());
+        $environment->addRenderer(Mention::class, new MentionRenderer());
+        $environment->addRenderer(FencedCode::class, new FencedCodeRenderer());
+        $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer());
         $markdownConverter = new MarkdownConverter($environment);
 
         return $markdownConverter->convert($note)->getContent();

app/Models/Place.php

@@ -59,7 +59,7 @@ class Place extends Model
                      * sin(radians(places.latitude))))";
 
         return $query
-            ->select() // pick the columns you want here.
+            ->select() //pick the columns you want here.
             ->selectRaw("{$haversine} AS distance")
             ->whereRaw("{$haversine} < ?", [$distance]);
     }
@@ -74,10 +74,24 @@ class Place extends Model
         ]));
     }
 
+    protected function longurl(): Attribute
+    {
+        return Attribute::get(
+            get: fn ($value, $attributes) => config('app.url') . '/places/' . $attributes['slug'],
+        );
+    }
+
+    protected function shorturl(): Attribute
+    {
+        return Attribute::get(
+            get: fn ($value, $attributes) => config('url.shorturl') . '/places/' . $attributes['slug'],
+        );
+    }
+
     protected function uri(): Attribute
     {
         return Attribute::get(
-            get: static fn ($value, $attributes) => config('app.url') . '/places/' . $attributes['slug'],
+            get: fn () => $this->longurl,
         );
     }
 

app/Models/WebMention.php

@@ -42,7 +42,7 @@ class WebMention extends Model
                     return null;
                 }
 
-                $authorship = new Authorship;
+                $authorship = new Authorship();
                 $hCard = $authorship->findAuthor(json_decode($attributes['mf2'], true));
 
                 if ($hCard === false) {
@@ -109,21 +109,13 @@ class WebMention extends Model
     /**
      * Create the photo link.
      */
-    public function createPhotoLink(string|array $url): string
+    public function createPhotoLink(string $url): string
     {
-        if (is_array($url)) {
-            if (! array_key_exists('value', $url)) {
-                return '';
-            }
-
-            $url = $url['value'];
-        }
-
         $url = normalize_url($url);
         $host = parse_url($url, PHP_URL_HOST);
 
         if ($host === 'pbs.twimg.com') {
-            // make sure we use HTTPS, we know twitter supports it
+            //make sure we use HTTPS, we know twitter supports it
             return str_replace('http://', 'https://', $url);
         }
 
@@ -135,12 +127,12 @@ class WebMention extends Model
             $codebird = resolve(Codebird::class);
             $info = $codebird->users_show(['screen_name' => $username]);
             $profile_image = $info->profile_image_url_https;
-            Cache::put($url, $profile_image, 10080); // 1 week
+            Cache::put($url, $profile_image, 10080); //1 week
 
             return $profile_image;
         }
 
-        $filesystem = new Filesystem;
+        $filesystem = new Filesystem();
         if ($filesystem->exists(public_path() . '/assets/profile-images/' . $host . '/image')) {
             return '/assets/profile-images/' . $host . '/image';
         }

app/Observers/NoteObserver.php

@@ -9,10 +9,15 @@ use App\Models\Tag;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 
+/**
+ * @todo Do we need psalm-suppress for these observer methods?
+ */
 class NoteObserver
 {
     /**
-     * Listen to the Note created event.=
+     * Listen to the Note created event.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function created(Note $note): void
     {
@@ -34,7 +39,9 @@ class NoteObserver
     }
 
     /**
-     * Listen to the Note updated event.=
+     * Listen to the Note updated event.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function updated(Note $note): void
     {
@@ -58,7 +65,9 @@ class NoteObserver
     }
 
     /**
-     * Listen to the Note deleting event.=
+     * Listen to the Note deleting event.
+     *
+     * @psalm-suppress PossiblyUnusedMethod
      */
     public function deleting(Note $note): void
     {

app/Providers/AppServiceProvider.php

@@ -88,9 +88,9 @@ class AppServiceProvider extends ServiceProvider
         $this->app->bind('Lcobucci\JWT\Configuration', function () {
             $key = InMemory::plainText(config('app.key'));
 
-            $config = Configuration::forSymmetricSigner(new Sha256, $key);
+            $config = Configuration::forSymmetricSigner(new Sha256(), $key);
 
-            $config->setValidationConstraints(new SignedWith(new Sha256, $key));
+            $config->setValidationConstraints(new SignedWith(new Sha256(), $key));
 
             return $config;
         });
@@ -98,7 +98,7 @@ class AppServiceProvider extends ServiceProvider
         // Configure HtmlSanitizer
         $this->app->bind(HtmlSanitizer::class, function () {
             return new HtmlSanitizer(
-                (new HtmlSanitizerConfig)
+                (new HtmlSanitizerConfig())
                     ->allowSafeElements()
                     ->forceAttribute('a', 'rel', 'noopener nofollow')
             );

app/Providers/HorizonServiceProvider.php

@@ -5,6 +5,9 @@ namespace App\Providers;
 use Illuminate\Support\Facades\Gate;
 use Laravel\Horizon\HorizonApplicationServiceProvider;
 
+/**
+ * @psalm-suppress UnusedClass
+ */
 class HorizonServiceProvider extends HorizonApplicationServiceProvider
 {
     /**

app/Providers/MicropubServiceProvider.php

@@ -1,26 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Providers;
-
-use App\Services\Micropub\CardHandler;
-use App\Services\Micropub\EntryHandler;
-use App\Services\Micropub\MicropubHandlerRegistry;
-use Illuminate\Support\ServiceProvider;
-
-class MicropubServiceProvider extends ServiceProvider
-{
-    public function register(): void
-    {
-        $this->app->singleton(MicropubHandlerRegistry::class, function () {
-            $registry = new MicropubHandlerRegistry;
-
-            // Register handlers
-            $registry->register('card', new CardHandler);
-            $registry->register('entry', new EntryHandler);
-
-            return $registry;
-        });
-    }
-}

app/Services/ArticleService.php

@@ -6,13 +6,13 @@ namespace App\Services;
 
 use App\Models\Article;
 
-class ArticleService
+class ArticleService extends Service
 {
-    public function create(array $data): Article
+    public function create(array $request, ?string $client = null): Article
     {
         return Article::create([
-            'title' => $data['name'],
-            'main' => $data['content'],
+            'title' => $this->getDataByKey($request, 'name'),
+            'main' => $this->getDataByKey($request, 'content'),
             'published' => true,
         ]);
     }

app/Services/BookmarkService.php

@@ -10,29 +10,28 @@ use App\Models\Bookmark;
 use App\Models\Tag;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\ClientException;
-use GuzzleHttp\Exception\GuzzleException;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 
-class BookmarkService
+class BookmarkService extends Service
 {
     /**
      * Create a new Bookmark.
      */
-    public function create(array $data): Bookmark
+    public function create(array $request, ?string $client = null): Bookmark
     {
-        if (Arr::get($data, 'properties.bookmark-of.0')) {
-            // micropub request
-            $url = normalize_url(Arr::get($data, 'properties.bookmark-of.0'));
-            $name = Arr::get($data, 'properties.name.0');
-            $content = Arr::get($data, 'properties.content.0');
-            $categories = Arr::get($data, 'properties.category');
+        if (Arr::get($request, 'properties.bookmark-of.0')) {
+            //micropub request
+            $url = normalize_url(Arr::get($request, 'properties.bookmark-of.0'));
+            $name = Arr::get($request, 'properties.name.0');
+            $content = Arr::get($request, 'properties.content.0');
+            $categories = Arr::get($request, 'properties.category');
         }
-        if (Arr::get($data, 'bookmark-of')) {
-            $url = normalize_url(Arr::get($data, 'bookmark-of'));
-            $name = Arr::get($data, 'name');
-            $content = Arr::get($data, 'content');
-            $categories = Arr::get($data, 'category');
+        if (Arr::get($request, 'bookmark-of')) {
+            $url = normalize_url(Arr::get($request, 'bookmark-of'));
+            $name = Arr::get($request, 'name');
+            $content = Arr::get($request, 'content');
+            $categories = Arr::get($request, 'category');
         }
 
         $bookmark = Bookmark::create([
@@ -55,7 +54,6 @@ class BookmarkService
      * Given a URL, attempt to save it to the Internet Archive.
      *
      * @throws InternetArchiveException
-     * @throws GuzzleException
      */
     public function getArchiveLink(string $url): string
     {
@@ -63,8 +61,8 @@ class BookmarkService
         try {
             $response = $client->request('GET', 'https://web.archive.org/save/' . $url);
         } catch (ClientException $e) {
-            // throw an exception to be caught
-            throw new InternetArchiveException;
+            //throw an exception to be caught
+            throw new InternetArchiveException();
         }
         if ($response->hasHeader('Content-Location')) {
             if (Str::startsWith(Arr::get($response->getHeader('Content-Location'), 0), '/web')) {
@@ -72,7 +70,7 @@ class BookmarkService
             }
         }
 
-        // throw an exception to be caught
-        throw new InternetArchiveException;
+        //throw an exception to be caught
+        throw new InternetArchiveException();
     }
 }

app/Services/LikeService.php

@@ -8,19 +8,19 @@ use App\Jobs\ProcessLike;
 use App\Models\Like;
 use Illuminate\Support\Arr;
 
-class LikeService
+class LikeService extends Service
 {
     /**
      * Create a new Like.
      */
-    public function create(array $data): Like
+    public function create(array $request, ?string $client = null): Like
     {
-        if (Arr::get($data, 'properties.like-of.0')) {
-            // micropub request
-            $url = normalize_url(Arr::get($data, 'properties.like-of.0'));
+        if (Arr::get($request, 'properties.like-of.0')) {
+            //micropub request
+            $url = normalize_url(Arr::get($request, 'properties.like-of.0'));
         }
-        if (Arr::get($data, 'like-of')) {
-            $url = normalize_url(Arr::get($data, 'like-of'));
+        if (Arr::get($request, 'like-of')) {
+            $url = normalize_url(Arr::get($request, 'like-of'));
         }
 
         $like = Like::create(['url' => $url]);

app/Services/Micropub/CardHandler.php

@@ -1,34 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Services\Micropub;
-
-use App\Exceptions\InvalidTokenScopeException;
-use App\Services\PlaceService;
-
-class CardHandler implements MicropubHandlerInterface
-{
-    /**
-     * @throws InvalidTokenScopeException
-     */
-    public function handle(array $data): array
-    {
-        // Handle h-card requests
-        $scopes = $data['token_data']['scope'];
-        if (is_string($scopes)) {
-            $scopes = explode(' ', $scopes);
-        }
-
-        if (! in_array('create', $scopes, true)) {
-            throw new InvalidTokenScopeException;
-        }
-
-        $location = resolve(PlaceService::class)->createPlace($data)->uri;
-
-        return [
-            'response' => 'created',
-            'url' => $location,
-        ];
-    }
-}

app/Services/Micropub/EntryHandler.php

@@ -1,41 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Services\Micropub;
-
-use App\Exceptions\InvalidTokenScopeException;
-use App\Services\ArticleService;
-use App\Services\BookmarkService;
-use App\Services\LikeService;
-use App\Services\NoteService;
-
-class EntryHandler implements MicropubHandlerInterface
-{
-    /**
-     * @throws InvalidTokenScopeException
-     */
-    public function handle(array $data)
-    {
-        $scopes = $data['token_data']['scope'];
-        if (is_string($scopes)) {
-            $scopes = explode(' ', $scopes);
-        }
-
-        if (! in_array('create', $scopes, true)) {
-            throw new InvalidTokenScopeException;
-        }
-
-        $location = match (true) {
-            isset($data['like-of']) => resolve(LikeService::class)->create($data)->url,
-            isset($data['bookmark-of']) => resolve(BookmarkService::class)->create($data)->uri,
-            isset($data['name']) => resolve(ArticleService::class)->create($data)->link,
-            default => resolve(NoteService::class)->create($data)->uri,
-        };
-
-        return [
-            'response' => 'created',
-            'url' => $location,
-        ];
-    }
-}

app/Services/Micropub/HCardService.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services\Micropub;
+
+use App\Services\PlaceService;
+use Illuminate\Support\Arr;
+
+class HCardService
+{
+    /**
+     * Create a Place from h-card data, return the URL.
+     */
+    public function process(array $request): string
+    {
+        $data = [];
+        if (Arr::get($request, 'properties.name')) {
+            $data['name'] = Arr::get($request, 'properties.name');
+            $data['description'] = Arr::get($request, 'properties.description');
+            $data['geo'] = Arr::get($request, 'properties.geo');
+        } else {
+            $data['name'] = Arr::get($request, 'name');
+            $data['description'] = Arr::get($request, 'description');
+            $data['geo'] = Arr::get($request, 'geo');
+            $data['latitude'] = Arr::get($request, 'latitude');
+            $data['longitude'] = Arr::get($request, 'longitude');
+        }
+
+        return resolve(PlaceService::class)->createPlace($data)->longurl;
+    }
+}

app/Services/Micropub/HEntryService.php

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services\Micropub;
+
+use App\Services\ArticleService;
+use App\Services\BookmarkService;
+use App\Services\LikeService;
+use App\Services\NoteService;
+use Illuminate\Support\Arr;
+
+class HEntryService
+{
+    /**
+     * Create the relevant model from some h-entry data.
+     */
+    public function process(array $request, ?string $client = null): ?string
+    {
+        if (Arr::get($request, 'properties.like-of') || Arr::get($request, 'like-of')) {
+            return resolve(LikeService::class)->create($request)->longurl;
+        }
+
+        if (Arr::get($request, 'properties.bookmark-of') || Arr::get($request, 'bookmark-of')) {
+            return resolve(BookmarkService::class)->create($request)->longurl;
+        }
+
+        if (Arr::get($request, 'properties.name') || Arr::get($request, 'name')) {
+            return resolve(ArticleService::class)->create($request)->longurl;
+        }
+
+        return resolve(NoteService::class)->create($request, $client)->longurl;
+    }
+}

app/Services/Micropub/MicropubHandlerInterface.php

@@ -1,10 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Services\Micropub;
-
-interface MicropubHandlerInterface
-{
-    public function handle(array $data);
-}

app/Services/Micropub/MicropubHandlerRegistry.php

@@ -1,34 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Services\Micropub;
-
-use App\Exceptions\MicropubHandlerException;
-
-class MicropubHandlerRegistry
-{
-    /**
-     * @var MicropubHandlerInterface[]
-     */
-    protected array $handlers = [];
-
-    public function register(string $type, MicropubHandlerInterface $handler): self
-    {
-        $this->handlers[$type] = $handler;
-
-        return $this;
-    }
-
-    /**
-     * @throws MicropubHandlerException
-     */
-    public function getHandler(string $type): MicropubHandlerInterface
-    {
-        if (! isset($this->handlers[$type])) {
-            throw new MicropubHandlerException("No handler registered for '{$type}'");
-        }
-
-        return $this->handlers[$type];
-    }
-}

app/Services/Micropub/UpdateService.php

@@ -4,35 +4,23 @@ declare(strict_types=1);
 
 namespace App\Services\Micropub;
 
-use App\Exceptions\InvalidTokenScopeException;
 use App\Models\Media;
 use App\Models\Note;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 
-/*
- * @todo Implement this properly
- */
-class UpdateHandler implements MicropubHandlerInterface
+class UpdateService
 {
     /**
-     * @throws InvalidTokenScopeException
+     * Process a micropub request to update an entry.
      */
-    public function handle(array $data)
+    public function process(array $request): JsonResponse
     {
-        $scopes = $data['token_data']['scope'];
-        if (is_string($scopes)) {
-            $scopes = explode(' ', $scopes);
-        }
+        $urlPath = parse_url(Arr::get($request, 'url'), PHP_URL_PATH);
 
-        if (! in_array('update', $scopes, true)) {
-            throw new InvalidTokenScopeException;
-        }
-
-        $urlPath = parse_url(Arr::get($data, 'url'), PHP_URL_PATH);
-
-        // is it a note we are updating?
+        //is it a note we are updating?
         if (mb_substr($urlPath, 1, 5) !== 'notes') {
             return response()->json([
                 'error' => 'invalid',
@@ -42,16 +30,16 @@ class UpdateHandler implements MicropubHandlerInterface
 
         try {
             $note = Note::nb60(basename($urlPath))->firstOrFail();
-        } catch (ModelNotFoundException) {
+        } catch (ModelNotFoundException $exception) {
             return response()->json([
                 'error' => 'invalid_request',
                 'error_description' => 'No known note with given ID',
             ], 404);
         }
 
-        // got the note, are we dealing with a “replace” request?
-        if (Arr::get($data, 'replace')) {
-            foreach (Arr::get($data, 'replace') as $property => $value) {
+        //got the note, are we dealing with a “replace” request?
+        if (Arr::get($request, 'replace')) {
+            foreach (Arr::get($request, 'replace') as $property => $value) {
                 if ($property === 'content') {
                     $note->note = $value[0];
                 }
@@ -71,14 +59,14 @@ class UpdateHandler implements MicropubHandlerInterface
             }
             $note->save();
 
-            return [
+            return response()->json([
                 'response' => 'updated',
-            ];
+            ]);
         }
 
-        // how about “add”
-        if (Arr::get($data, 'add')) {
-            foreach (Arr::get($data, 'add') as $property => $value) {
+        //how about “add”
+        if (Arr::get($request, 'add')) {
+            foreach (Arr::get($request, 'add') as $property => $value) {
                 if ($property === 'syndication') {
                     foreach ($value as $syndicationURL) {
                         if (Str::startsWith($syndicationURL, 'https://www.facebook.com')) {
@@ -95,7 +83,7 @@ class UpdateHandler implements MicropubHandlerInterface
                 if ($property === 'photo') {
                     foreach ($value as $photoURL) {
                         if (Str::startsWith($photoURL, 'https://')) {
-                            $media = new Media;
+                            $media = new Media();
                             $media->path = $photoURL;
                             $media->type = 'image';
                             $media->save();

app/Services/NoteService.php

@@ -5,7 +5,6 @@ declare(strict_types=1);
 namespace App\Services;
 
 use App\Jobs\SendWebMentions;
-use App\Jobs\SyndicateNoteToBluesky;
 use App\Jobs\SyndicateNoteToMastodon;
 use App\Models\Media;
 use App\Models\Note;
@@ -14,52 +13,45 @@ use App\Models\SyndicationTarget;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 
-class NoteService
+class NoteService extends Service
 {
     /**
      * Create a new note.
      */
-    public function create(array $data): Note
+    public function create(array $request, ?string $client = null): Note
     {
-        // Get the content we want to save
-        if (is_string($data['content'])) {
-            $content = $data['content'];
-        } elseif (isset($data['content']['html'])) {
-            $content = $data['content']['html'];
-        } else {
-            $content = null;
-        }
-
         $note = Note::create(
             [
-                'note' => $content,
-                'in_reply_to' => $data['in-reply-to'],
-                'client_id' => $data['token_data']['client_id'],
+                'note' => $this->getDataByKey($request, 'content'),
+                'in_reply_to' => $this->getDataByKey($request, 'in-reply-to'),
+                'client_id' => $client,
             ]
         );
 
-        if ($published = $this->getPublished($data)) {
-            $note->created_at = $note->updated_at = $published;
+        if ($this->getPublished($request)) {
+            $note->created_at = $note->updated_at = $this->getPublished($request);
         }
 
-        $note->location = $this->getLocation($data);
+        $note->location = $this->getLocation($request);
 
-        if ($this->getCheckin($data)) {
-            $note->place()->associate($this->getCheckin($data));
-            $note->swarm_url = $this->getSwarmUrl($data);
+        if ($this->getCheckin($request)) {
+            $note->place()->associate($this->getCheckin($request));
+            $note->swarm_url = $this->getSwarmUrl($request);
+        }
+
+        $note->instagram_url = $this->getInstagramUrl($request);
+
+        foreach ($this->getMedia($request) as $media) {
+            $note->media()->save($media);
         }
-        //
-        //        $note->instagram_url = $this->getInstagramUrl($request);
-        //
-        //        foreach ($this->getMedia($request) as $media) {
-        //            $note->media()->save($media);
-        //        }
 
         $note->save();
 
         dispatch(new SendWebMentions($note));
 
-        $this->dispatchSyndicationJobs($note, $data);
+        if (in_array('mastodon', $this->getSyndicationTargets($request), true)) {
+            dispatch(new SyndicateNoteToMastodon($note));
+        }
 
         return $note;
     }
@@ -67,10 +59,14 @@ class NoteService
     /**
      * Get the published time from the request to create a new note.
      */
-    private function getPublished(array $data): ?string
+    private function getPublished(array $request): ?string
     {
-        if ($data['published']) {
-            return carbon($data['published'])->toDateTimeString();
+        if (Arr::get($request, 'properties.published.0')) {
+            return carbon(Arr::get($request, 'properties.published.0'))
+                ->toDateTimeString();
+        }
+        if (Arr::get($request, 'published')) {
+            return carbon(Arr::get($request, 'published'))->toDateTimeString();
         }
 
         return null;
@@ -79,13 +75,12 @@ class NoteService
     /**
      * Get the location data from the request to create a new note.
      */
-    private function getLocation(array $data): ?string
+    private function getLocation(array $request): ?string
     {
-        $location = Arr::get($data, 'location');
-
+        $location = Arr::get($request, 'properties.location.0') ?? Arr::get($request, 'location');
         if (is_string($location) && str_starts_with($location, 'geo:')) {
             preg_match_all(
-                '/([0-9.\-]+)/',
+                '/([0-9\.\-]+)/',
                 $location,
                 $matches
             );
@@ -99,9 +94,9 @@ class NoteService
     /**
      * Get the checkin data from the request to create a new note. This will be a Place.
      */
-    private function getCheckin(array $data): ?Place
+    private function getCheckin(array $request): ?Place
     {
-        $location = Arr::get($data, 'location');
+        $location = Arr::get($request, 'location');
         if (is_string($location) && Str::startsWith($location, config('app.url'))) {
             return Place::where(
                 'slug',
@@ -113,12 +108,12 @@ class NoteService
                 )
             )->first();
         }
-        if (Arr::get($data, 'checkin')) {
+        if (Arr::get($request, 'checkin')) {
             try {
                 $place = resolve(PlaceService::class)->createPlaceFromCheckin(
-                    Arr::get($data, 'checkin')
+                    Arr::get($request, 'checkin')
                 );
-            } catch (\InvalidArgumentException) {
+            } catch (\InvalidArgumentException $e) {
                 return null;
             }
 
@@ -142,47 +137,34 @@ class NoteService
     /**
      * Get the Swarm URL from the syndication data in the request to create a new note.
      */
-    private function getSwarmUrl(array $data): ?string
+    private function getSwarmUrl(array $request): ?string
     {
-        $syndication = Arr::get($data, 'syndication');
-        if ($syndication === null) {
-            return null;
-        }
-
-        if (str_contains($syndication, 'swarmapp')) {
-            return $syndication;
+        if (str_contains(Arr::get($request, 'properties.syndication.0', ''), 'swarmapp')) {
+            return Arr::get($request, 'properties.syndication.0');
         }
 
         return null;
     }
 
     /**
-     * Dispatch syndication jobs based on the request data.
+     * Get the syndication targets from the request to create a new note.
      */
-    private function dispatchSyndicationJobs(Note $note, array $request): void
+    private function getSyndicationTargets(array $request): array
     {
-        // If no syndication targets are specified, return early
-        if (empty($request['mp-syndicate-to'])) {
-            return;
-        }
-
-        // Get the configured syndication targets
-        $syndicationTargets = SyndicationTarget::all();
-
-        foreach ($syndicationTargets as $target) {
-            // Check if the target is in the request data
-            if (in_array($target->uid, $request['mp-syndicate-to'], true)) {
-                // Dispatch the appropriate job based on the target service name
-                switch ($target->service_name) {
-                    case 'Mastodon':
-                        dispatch(new SyndicateNoteToMastodon($note));
-                        break;
-                    case 'Bluesky':
-                        dispatch(new SyndicateNoteToBluesky($note));
-                        break;
-                }
+        $syndication = [];
+        $mpSyndicateTo = Arr::get($request, 'mp-syndicate-to') ?? Arr::get($request, 'properties.mp-syndicate-to');
+        $mpSyndicateTo = Arr::wrap($mpSyndicateTo);
+        foreach ($mpSyndicateTo as $uid) {
+            $target = SyndicationTarget::where('uid', $uid)->first();
+            if ($target && $target->service_name === 'Twitter') {
+                $syndication[] = 'twitter';
+            }
+            if ($target && $target->service_name === 'Mastodon') {
+                $syndication[] = 'mastodon';
             }
         }
+
+        return $syndication;
     }
 
     /**

app/Services/PlaceService.php

@@ -14,8 +14,8 @@ class PlaceService
      */
     public function createPlace(array $data): Place
     {
-        // obviously a place needs a lat/lng, but this could be sent in a geo-url
-        // if no geo array key, we assume the array already has lat/lng values
+        //obviously a place needs a lat/lng, but this could be sent in a geo-url
+        //if no geo array key, we assume the array already has lat/lng values
         if (array_key_exists('geo', $data) && $data['geo'] !== null) {
             preg_match_all(
                 '/([0-9\.\-]+)/',
@@ -25,7 +25,7 @@ class PlaceService
             $data['latitude'] = $matches[0][0];
             $data['longitude'] = $matches[0][1];
         }
-        $place = new Place;
+        $place = new Place();
         $place->name = $data['name'];
         $place->description = $data['description'];
         $place->latitude = $data['latitude'];
@@ -40,7 +40,7 @@ class PlaceService
      */
     public function createPlaceFromCheckin(array $checkin): Place
     {
-        // check if the place exists if from swarm
+        //check if the place exists if from swarm
         if (Arr::has($checkin, 'properties.url')) {
             $place = Place::whereExternalURL(Arr::get($checkin, 'properties.url.0'))->get();
             if (count($place) === 1) {
@@ -53,7 +53,7 @@ class PlaceService
         if (Arr::has($checkin, 'properties.latitude') === false) {
             throw new \InvalidArgumentException('Missing required longitude/latitude');
         }
-        $place = new Place;
+        $place = new Place();
         $place->name = Arr::get($checkin, 'properties.name.0');
         $place->external_urls = Arr::get($checkin, 'properties.url.0');
         $place->latitude = Arr::get($checkin, 'properties.latitude.0');

app/Services/Service.php

@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services;
+
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Arr;
+
+abstract class Service
+{
+    abstract public function create(array $request, ?string $client = null): Model;
+
+    protected function getDataByKey(array $request, string $key): ?string
+    {
+        if (Arr::get($request, "properties.{$key}.0.html")) {
+            return Arr::get($request, "properties.{$key}.0.html");
+        }
+
+        if (is_string(Arr::get($request, "properties.{$key}.0"))) {
+            return Arr::get($request, "properties.{$key}.0");
+        }
+
+        if (is_string(Arr::get($request, "properties.{$key}"))) {
+            return Arr::get($request, "properties.{$key}");
+        }
+
+        return Arr::get($request, $key);
+    }
+}

app/Services/TokenService.php

@@ -7,6 +7,7 @@ namespace App\Services;
 use App\Jobs\AddClientToDatabase;
 use DateTimeImmutable;
 use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Token;
 
 class TokenService
 {
@@ -18,7 +19,7 @@ class TokenService
         $config = resolve(Configuration::class);
 
         $token = $config->builder()
-            ->issuedAt(new DateTimeImmutable)
+            ->issuedAt(new DateTimeImmutable())
             ->withClaim('client_id', $data['client_id'])
             ->withClaim('me', $data['me'])
             ->withClaim('scope', $data['scope'])
@@ -29,4 +30,20 @@ class TokenService
 
         return $token->toString();
     }
+
+    /**
+     * Check the token signature is valid.
+     */
+    public function validateToken(string $bearerToken): Token
+    {
+        $config = resolve('Lcobucci\JWT\Configuration');
+
+        $token = $config->parser()->parse($bearerToken);
+
+        $constraints = $config->validationConstraints();
+
+        $config->validator()->assert($token, ...$constraints);
+
+        return $token;
+    }
 }

bootstrap/app.php

@@ -1,6 +1,6 @@
 <?php
 
-use App\Http\Middleware\LinkHeadersMiddleware;
+use App\Http\Middleware\CSPHeader;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
@@ -12,16 +12,7 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
-        $middleware
-            ->append(LinkHeadersMiddleware::class)
-            ->validateCsrfTokens(except: [
-                'auth',  // This is the IndieAuth auth endpoint
-                'token', // This is the IndieAuth token endpoint
-                'api/post',
-                'api/media',
-                'micropub/places',
-                'webmention',
-            ]);
+        $middleware->append(CSPHeader::class);
     })
     ->withExceptions(function (Exceptions $exceptions) {
         //

bootstrap/providers.php

@@ -3,5 +3,4 @@
 return [
     App\Providers\AppServiceProvider::class,
     App\Providers\HorizonServiceProvider::class,
-    App\Providers\MicropubServiceProvider::class,
 ];

composer.json

@@ -1,8 +1,7 @@
 {
-    "$schema": "https://getcomposer.org/schema.json",
     "name": "jonnybarnes/jonnybarnes.uk",
     "type": "project",
-    "description": "The code for jonnybarnes.uk, based on Laravel 11",
+    "description": "The code for jonnybarnes.uk, based on Laravel 10",
     "keywords": ["laravel", "framework", "indieweb"],
     "license": "CC0-1.0",
     "require": {
@@ -11,15 +10,14 @@
         "ext-intl": "*",
         "ext-json": "*",
         "ext-pgsql": "*",
-        "ext-sodium": "*",
-        "cviebrock/eloquent-sluggable": "^12.0",
+        "cviebrock/eloquent-sluggable": "^11.0",
         "guzzlehttp/guzzle": "^7.2",
         "indieauth/client": "^1.1",
         "intervention/image": "^3",
         "jonnybarnes/indieweb": "~0.2",
         "jonnybarnes/webmentions-parser": "~0.5",
         "jublonet/codebird-php": "4.0.0-beta.1",
-        "laravel/framework": "^12.0",
+        "laravel/framework": "^11.0",
         "laravel/horizon": "^5.0",
         "laravel/sanctum": "^4.0",
         "laravel/scout": "^10.1",
@@ -28,29 +26,26 @@
         "league/commonmark": "^2.0",
         "league/flysystem-aws-s3-v3": "^3.0",
         "mf2/mf2": "~0.3",
-        "phpdocumentor/reflection-docblock": "^5.3",
         "spatie/commonmark-highlighter": "^3.0",
         "spatie/laravel-ignition": "^2.1",
         "symfony/html-sanitizer": "^7.0",
-        "symfony/property-access": "^7.0",
-        "symfony/serializer": "^7.0",
-        "web-auth/webauthn-lib": "^5.0"
+        "web-auth/webauthn-lib": "^4.7"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "^3.0",
         "barryvdh/laravel-ide-helper": "^3.0",
         "fakerphp/faker": "^1.9.2",
         "laravel/dusk": "^8.0",
-        "laravel/pail": "^1.2",
         "laravel/pint": "^1.0",
         "laravel/sail": "^1.18",
         "mockery/mockery": "^1.4.4",
         "nunomaduro/collision": "^8.1",
-        "openai-php/client": "^0.10.1",
-        "phpunit/php-code-coverage": "^11.0",
-        "phpunit/phpunit": "^11.0",
+        "openai-php/client": "^0.8.0",
+        "phpunit/php-code-coverage": "^10.0",
+        "phpunit/phpunit": "^10.1",
+        "psalm/plugin-laravel": "^2.8",
         "spatie/laravel-ray": "^1.12",
-        "spatie/x-ray": "^1.2"
+        "vimeo/psalm": "^5.0"
     },
     "autoload": {
         "psr-4": {
@@ -79,13 +74,7 @@
             "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
         ],
         "post-create-project-cmd": [
-            "@php artisan key:generate --ansi",
-            "@php -r \"file_exists('database/database.sqlite') || touch('database/database.sqlite');\"",
-            "@php artisan migrate --graceful --ansi"
-        ],
-        "dev": [
-            "Composer\\Config::disableProcessTimeout",
-            "npx concurrently -c \"#93c5fd,#c4b5fd,#fb7185,#fdba74\" \"php artisan serve\" \"php artisan queue:listen --tries=1\" \"php artisan pail --timeout=0\" \"npm run dev\" --names=server,queue,logs,vite"
+            "@php artisan key:generate --ansi"
         ]
     },
     "extra": {

config/app.php

@@ -65,7 +65,7 @@ return [
     |
     */
 
-    'timezone' => 'UTC',
+    'timezone' => env('APP_TIMEZONE', 'UTC'),
 
     /*
     |--------------------------------------------------------------------------

config/bridgy.php

@@ -15,17 +15,4 @@ return [
 
     'mastodon_token' => env('BRIDGY_MASTODON_TOKEN'),
 
-    /*
-    |--------------------------------------------------------------------------
-    | Bluesky Token
-    |--------------------------------------------------------------------------
-    |
-    | When syndicating posts to Bluesky using Brid.gy’s Micropub endpoint, we
-    | need to provide an access token. This token can be generated by going to
-    | https://brid.gy/bluesky and clicking the “Get token” button.
-    |
-    */
-
-    'bluesky_token' => env('BRIDGY_BLUESKY_TOKEN'),
-
 ];

config/database.php

@@ -37,9 +37,6 @@ return [
             'database' => env('DB_DATABASE', database_path('database.sqlite')),
             'prefix' => '',
             'foreign_key_constraints' => env('DB_FOREIGN_KEYS', true),
-            'busy_timeout' => null,
-            'journal_mode' => null,
-            'synchronous' => null,
         ],
 
         'mysql' => [
@@ -148,7 +145,6 @@ return [
         'options' => [
             'cluster' => env('REDIS_CLUSTER', 'redis'),
             'prefix' => env('REDIS_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_database_'),
-            'persistent' => env('REDIS_PERSISTENT', false),
         ],
 
         'default' => [

config/debugbar.php

@@ -119,7 +119,7 @@ return [
             'full_log' => false,
         ],
         'views' => [
-            'data' => false,    // Note: Can slow down the application, because the data can be quite large..
+            'data' => false,    //Note: Can slow down the application, because the data can be quite large..
         ],
         'route' => [
             'label' => true,  // show complete route on bar

config/filesystems.php

@@ -32,10 +32,8 @@ return [
 
         'local' => [
             'driver' => 'local',
-            'root' => storage_path('app/private'),
-            'serve' => true,
+            'root' => storage_path('app'),
             'throw' => false,
-            'report' => false,
         ],
 
         'public' => [
@@ -44,7 +42,6 @@ return [
             'url' => env('APP_URL').'/storage',
             'visibility' => 'public',
             'throw' => false,
-            'report' => false,
         ],
 
         's3' => [
@@ -57,7 +54,6 @@ return [
             'endpoint' => env('AWS_ENDPOINT'),
             'use_path_style_endpoint' => env('AWS_USE_PATH_STYLE_ENDPOINT', false),
             'throw' => false,
-            'report' => false,
         ],
 
     ],

config/logging.php

@@ -127,10 +127,6 @@ return [
             'path' => storage_path('logs/laravel.log'),
         ],
 
-        'flare' => [
-            'driver' => 'flare',
-        ],
-
     ],
 
 ];