Refactor of micropub request handling

Trying to organise the code better. It now temporarily doesn’t support
update requests. Thought the spec defines them as SHOULD features and
not MUST features. So safe for now :)

.env.dusk.testing

@@ -1,14 +0,0 @@
-APP_ENV=testing
-APP_DEBUG=true
-APP_KEY=base64:6DJhvZLVjE6dD4Cqrteh+6Z5vZlG+v/soCKcDHLOAH0=
-APP_URL=http://localhost:8000
-APP_LONGURL=localhost
-APP_SHORTURL=local
-
-DB_CONNECTION=travis
-
-CACHE_DRIVER=array
-SESSION_DRIVER=file
-QUEUE_DRIVER=sync
-
-SCOUT_DRIVER=pgsql

.env.example

@@ -4,15 +4,15 @@ APP_KEY=
 APP_DEBUG=true
 APP_TIMEZONE=UTC
 APP_URL=https://example.com
-APP_LONGURL=example.com
-APP_SHORTURL=examp.le
 
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
 APP_FAKER_LOCALE=en_US
 
 APP_MAINTENANCE_DRIVER=file
-APP_MAINTENANCE_STORE=database
+# APP_MAINTENANCE_STORE=database
+
+PHP_CLI_SERVER_WORKERS=4
 
 BCRYPT_ROUNDS=12
 
@@ -39,7 +39,7 @@ FILESYSTEM_DISK=local
 QUEUE_CONNECTION=database
 
 CACHE_STORE=database
-CACHE_PREFIX=
+# CACHE_PREFIX=
 
 MEMCACHED_HOST=127.0.0.1
 
@@ -49,6 +49,7 @@ REDIS_PASSWORD=null
 REDIS_PORT=6379
 
 MAIL_MAILER=log
+MAIL_SCHEME=null
 MAIL_HOST=127.0.0.1
 MAIL_PORT=2525
 MAIL_USERNAME=null

.env.github

@@ -1,70 +0,0 @@
-APP_NAME=Laravel
-APP_ENV=testing
-APP_KEY=SomeRandomString # Leave this
-APP_DEBUG=false
-APP_LOG_LEVEL=warning
-
-DB_CONNECTION=pgsql
-DB_HOST=127.0.0.1
-DB_PORT=5432
-DB_DATABASE=jbukdev_testing
-DB_USERNAME=postgres
-DB_PASSWORD=postgres
-
-BROADCAST_DRIVER=log
-CACHE_DRIVER=file
-SESSION_DRIVER=file
-QUEUE_DRIVER=sync
-
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=null
-REDIS_PORT=6379
-
-MAIL_DRIVER=smtp
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-MAIL_USERNAME=null
-MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
-
-PUSHER_APP_ID=
-PUSHER_APP_KEY=
-PUSHER_APP_SECRET=
-
-AWS_S3_KEY=your-key
-AWS_S3_SECRET=your-secret
-AWS_S3_REGION=region
-AWS_S3_BUCKET=your-bucket
-AWS_S3_URL=https://xxxxxxx.s3-region.amazonaws.com
-
-APP_URL=https://example.com # This one is necessary
-APP_LONGURL=example.com
-APP_SHORTURL=examp.le
-
-ADMIN_USER=admin # pick something better, this is used for `/admin`
-ADMIN_PASS=password
-DISPLAY_NAME="Joe Bloggs" # This is used for example in the header and titles
-
-TWITTER_CONSUMER_KEY=
-TWITTER_CONSUMER_SECRET=
-TWITTER_ACCESS_TOKEN=
-TWITTER_ACCESS_TOKEN_SECRET=
-
-SCOUT_DRIVER=database
-SCOUT_QUEUE=false
-
-PIWIK=false
-
-FATHOM_ID=
-
-APP_TIMEZONE=UTC
-APP_LANG=en
-APP_LOG=daily
-SECURE_SESSION_COOKIE=true
-
-LOG_SLACK_WEBHOOK_URL=
-FLARE_KEY=
-
-FONT_LINK=
-
-BRIDGY_MASTODON_TOKEN=

.eslintrc.yml

@@ -1,38 +0,0 @@
-parserOptions:
-  sourceType: 'module'
-  ecmaVersion: 'latest'
-extends: 'eslint:recommended'
-env:
-  browser: true
-  es6: true
-ignorePatterns:
-  - webpack.config.js
-rules:
-  indent:
-    - error
-    - 2
-  linebreak-style:
-    - error
-    - unix
-  quotes:
-    - error
-    - single
-  semi:
-    - error
-    - always
-  no-console:
-    - error
-    - allow:
-      - warn
-      - error
-  no-await-in-loop:
-    - error
-  no-promise-executor-return:
-    - error
-  require-atomic-updates:
-    - error
-  max-nested-callbacks:
-    - error
-    - 3
-  prefer-promise-reject-errors:
-    - error

.gitattributes

@@ -5,7 +5,3 @@
 *.html diff=html
 *.md diff=markdown
 *.php diff=php
-
-/.github export-ignore
-CHANGELOG.md export-ignore
-.styleci.yml export-ignore

.github/dependabot.yml

@@ -1,12 +0,0 @@
-version: 2
-
-updates:
-  - package-ecosystem: "composer"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "daily"

.github/workflows/deploy.yml

@@ -1,144 +0,0 @@
-name: Deploy
-
-on:
-  workflow_dispatch:
-  release:
-    types: [published]
-
-jobs:
-  deploy:
-    name: Deploy
-    runs-on: ubuntu-latest
-    environment: Hetzner
-    env:
-      repository: 'jonnybarnes/jonnybarnes.uk'
-      newReleaseName: '${{ github.run_id }}'
-
-    steps:
-      - name: 🌍 Set Environment Variables
-        run: |
-          echo "releasesDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/releases" >> $GITHUB_ENV
-          echo "persistentDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent" >> $GITHUB_ENV
-          echo "currentDir=${{ secrets.DEPLOYMENT_BASE_DIR }}/current" >> $GITHUB_ENV
-      - name: 🌎 Set Environment Variables Part 2
-        run: |
-          echo "newReleaseDir=${{ env.releasesDir }}/${{ env.newReleaseName }}" >> $GITHUB_ENV
-      - name: 🔄 Clone Repository
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            [ -d ${{ env.releasesDir }} ] || mkdir ${{ env.releasesDir }}
-            [ -d ${{ env.persistentDir }} ] || mkdir ${{ env.persistentDir }}
-            [ -d ${{ env.persistentDir }}/storage ] || mkdir ${{ env.persistentDir }}/storage
-
-            cd ${{ env.releasesDir }}
-
-            # Create new release directory
-            mkdir ${{ env.newReleaseDir }}
-
-            # Clone app
-            git clone --depth 1 --branch ${{ github.ref_name }} https://github.com/${{ env.repository }} ${{ env.newReleaseName }}
-
-            # Mark release
-            cd ${{ env.newReleaseDir }}
-            echo "${{ env.newReleaseName }}" > public/release-name.txt
-
-            # Fix cache directory permissions
-            sudo chown -R ${{ secrets.HTTP_USER }}:${{ secrets.HTTP_USER }} bootstrap/cache
-
-      - name: 🎵 Run Composer
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            cd ${{ env.newReleaseDir }}
-            composer install --prefer-dist --no-scripts --no-dev --no-progress --optimize-autoloader --quiet --no-interaction
-
-      - name: 🔗 Update Symlinks
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            # Import the environment config
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/.env .env;
-
-            # Remove the storage directory and replace with persistent data
-            rm -rf ${{ env.newReleaseDir }}/storage;
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/storage storage;
-
-            # Remove the public/profile-images directory and replace with persistent data
-            rm -rf ${{ env.newReleaseDir }}/public/assets/profile-images;
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/profile-images public/assets/profile-images;
-
-            # Add the persistent files data
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/files public/files;
-
-            # Add the persistent fonts data
-            cd ${{ env.newReleaseDir }};
-            ln -nfs ${{ secrets.DEPLOYMENT_BASE_DIR }}/persistent/fonts public/fonts;
-
-      - name: ✨ Optimize Installation
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            cd ${{ env.newReleaseDir }};
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan clear-compiled;
-
-      - name: 🙈 Migrate database
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            cd ${{ env.newReleaseDir }}
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan migrate --force
-
-      - name: 🙏 Bless release
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            ln -nfs ${{ env.newReleaseDir }} ${{ env.currentDir }};
-            cd ${{ env.newReleaseDir }}
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan horizon:terminate
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan config:cache
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan event:cache
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan route:cache
-            sudo runuser -u ${{ secrets.HTTP_USER }} -- php artisan view:cache
-
-            sudo systemctl restart php-fpm.service
-            sudo systemctl restart jbuk-horizon.service
-
-      - name: 🚾 Clean up old releases
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.DEPLOYMENT_HOST }}
-          port: ${{ secrets.DEPLOYMENT_PORT }}
-          username: ${{ secrets.DEPLOYMENT_USER }}
-          key: ${{ secrets.DEPLOYMENT_KEY }}
-          script: |
-            fd '.+' ${{ env.releasesDir }} -d 1 | head -n -3 | xargs -d "\n" -I'{}' sudo chown -R ${{ secrets.DEPLOYMENT_USER }}:${{ secrets.DEPLOYMENT_USER }} {}
-            fd '.+' ${{ env.releasesDir }} -d 1 | head -n -3 | xargs -d "\n" -I'{}' rm -rf {}

.github/workflows/phpunit.yml

@@ -1,65 +0,0 @@
-name: PHP Unit
-
-on:
-  pull_request:
-
-jobs:
-  phpunit:
-    runs-on: ubuntu-latest
-
-    name: PHPUnit test suite
-
-    services:
-      postgres:
-        image: postgres:latest
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: jbukdev_testing
-        ports:
-          - 5432:5432
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: '8.3'
-          extensions: mbstring, intl, phpredis, imagick
-          coverage: xdebug
-          tools: phpunit
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Copy .env
-        run: php -r "file_exists('.env') || copy('.env.github', '.env');"
-
-      - name: Get Composer Cache Directory
-        id: composer-cache
-        run: |
-          echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-      - name: Cache composer dependencies
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-php-8.3-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-php-8.3-composer-
-
-      - name: Install Composer Dependencies
-        run: composer install --quiet --no-ansi --no-interaction --no-progress
-
-      - name: Generate Key
-        run: php artisan key:generate
-
-      - name: Setup Directory Permissions
-        run: chmod -R 777 storage bootstrap/cache
-
-      - name: Setup Database
-        run: php artisan migrate
-
-      - name: Execute PHPUnit Tests
-        run: vendor/bin/phpunit

.github/workflows/pint.yml

@@ -1,38 +0,0 @@
-name: Laravel Pint
-
-on:
-  pull_request:
-
-jobs:
-  pint:
-    runs-on: ubuntu-latest
-
-    name: Laravel Pint
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Setup PHP with pecl extensions
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: '8.2'
-
-      - name: Get Composer Cache Directory
-        id: composer-cache
-        run: |
-          echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-      - name: Cache composer dependencies
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-composer-
-
-      - name: Install Composer Dependencies
-        run: composer install --quiet --no-ansi --no-interaction --no-progress
-
-      - name: Check Files with Laravel Pint
-        run: vendor/bin/pint --test

.gitignore

@@ -4,7 +4,6 @@
 /public/coverage
 /public/hot
 /public/files
-/public/fonts
 /public/storage
 /storage/*.key
 /vendor
@@ -21,3 +20,5 @@ yarn-error.log
 /.idea
 /.vscode
 ray.php
+/public/gpg.key
+/public/assets/img/favicon.png

.styleci.yml

@@ -1,9 +0,0 @@
-php:
-  preset: laravel
-  disabled:
-    - no_unused_imports
-  finder:
-    not-name:
-      - index.php
-js: true
-css: true

app/Console/Commands/CopyMediaToLocal.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Media;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Storage;
+
+class CopyMediaToLocal extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'app:copy-media-to-local';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Copy any historic media saved to S3 to the local filesystem';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        // Load all the Media records
+        $media = Media::all();
+
+        // Loop through each media record and copy the file from S3 to the local filesystem
+        foreach ($media as $mediaItem) {
+            $filename = $mediaItem->path;
+
+            $this->info('Processing: ' . $filename);
+
+            // If the file is already saved locally skip to next one
+            if (Storage::disk('local')->exists('public/' . $filename)) {
+                $this->info('File already exists locally, skipping');
+
+                continue;
+            }
+
+            // Copy the file from S3 to the local filesystem
+            if (! Storage::disk('s3')->exists($filename)) {
+                $this->error('File does not exist on S3');
+
+                continue;
+            }
+            $contents = Storage::disk('s3')->get($filename);
+            Storage::disk('local')->put('public/' . $filename, $contents);
+
+            // Copy -medium and -small versions if they exist
+            $filenameParts = explode('.', $filename);
+            $extension = array_pop($filenameParts);
+            $basename = trim(implode('.', $filenameParts), '.');
+            $mediumFilename = $basename . '-medium.' . $extension;
+            $smallFilename = $basename . '-small.' . $extension;
+            if (Storage::disk('s3')->exists($mediumFilename)) {
+                Storage::disk('local')->put('public/' . $mediumFilename, Storage::disk('s3')->get($mediumFilename));
+            }
+            if (Storage::disk('s3')->exists($smallFilename)) {
+                Storage::disk('local')->put('public/' . $smallFilename, Storage::disk('s3')->get($smallFilename));
+            }
+        }
+    }
+}

app/Console/Commands/MigratePlaceDataFromPostgis.php

@@ -8,8 +8,6 @@ use Illuminate\Support\Facades\DB;
 
 /**
  * @codeCoverageIgnore
- *
- * @psalm-suppress UnusedClass
  */
 class MigratePlaceDataFromPostgis extends Command
 {

app/Console/Commands/ParseCachedWebMentions.php

@@ -9,9 +9,6 @@ use Illuminate\Console\Command;
 use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use Illuminate\FileSystem\FileSystem;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ParseCachedWebMentions extends Command
 {
     /**
@@ -37,7 +34,7 @@ class ParseCachedWebMentions extends Command
     {
         $htmlFiles = $filesystem->allFiles(storage_path() . '/HTML');
         foreach ($htmlFiles as $file) {
-            if ($file->getExtension() !== 'backup') { //we don’t want to parse `.backup` files
+            if ($file->getExtension() !== 'backup') { // we don’t want to parse `.backup` files
                 $filepath = $file->getPathname();
                 $this->info('Loading HTML from: ' . $filepath);
                 $html = $filesystem->get($filepath);

app/Console/Commands/ReDownloadWebMentions.php

@@ -8,9 +8,6 @@ use App\Jobs\DownloadWebMention;
 use App\Models\WebMention;
 use Illuminate\Console\Command;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ReDownloadWebMentions extends Command
 {
     /**

app/Console/Commands/UpdateWebmentionsRelationship.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\Note;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\DB;
+
+class UpdateWebmentionsRelationship extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'webmentions:update-model-relationship';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Update webmentions to relate to the correct note model class';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        DB::table('webmentions')
+            ->where('commentable_type', '=', 'App\Model\Note')
+            ->update(['commentable_type' => Note::class]);
+
+        $this->info('All webmentions updated to relate to the correct note model class');
+    }
+}

app/Exceptions/InternetArchiveException.php

@@ -2,6 +2,4 @@
 
 namespace App\Exceptions;
 
-class InternetArchiveException extends \Exception
+class InternetArchiveException extends \Exception {}
-{
-}

app/Exceptions/InvalidTokenScopeException.php

@@ -0,0 +1,7 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions;
+
+class InvalidTokenScopeException extends \Exception {}

app/Exceptions/MicropubHandlerException.php

@@ -0,0 +1,7 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions;
+
+class MicropubHandlerException extends \Exception {}

app/Exceptions/RemoteContentNotFoundException.php

@@ -6,5 +6,5 @@ use Exception;
 
 class RemoteContentNotFoundException extends Exception
 {
-    //used when guzzle can’t find the remote content
+    // used when guzzle can’t find the remote content
 }

app/Http/Controllers/Admin/ArticlesController.php

@@ -9,9 +9,6 @@ use App\Models\Article;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ArticlesController extends Controller
 {
     public function index(): View
@@ -30,7 +27,7 @@ class ArticlesController extends Controller
 
     public function store(): RedirectResponse
     {
-        //if a `.md` is attached use that for the main content.
+        // if a `.md` is attached use that for the main content.
         if (request()->hasFile('article')) {
             $file = request()->file('article')->openFile();
             $content = $file->fread($file->getSize());

app/Http/Controllers/Admin/BioController.php

@@ -10,9 +10,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class BioController extends Controller
 {
     public function show(): View

app/Http/Controllers/Admin/ClientsController.php

@@ -9,9 +9,6 @@ use App\Models\MicropubClient;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ClientsController extends Controller
 {
     /**

app/Http/Controllers/Admin/ContactsController.php

@@ -12,9 +12,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Arr;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ContactsController extends Controller
 {
     /**
@@ -40,7 +37,7 @@ class ContactsController extends Controller
      */
     public function store(): RedirectResponse
     {
-        $contact = new Contact();
+        $contact = new Contact;
         $contact->name = request()->input('name');
         $contact->nick = request()->input('nick');
         $contact->homepage = request()->input('homepage');
@@ -79,7 +76,7 @@ class ContactsController extends Controller
         if (request()->hasFile('avatar') && (request()->input('homepage') != '')) {
             $dir = parse_url(request()->input('homepage'), PHP_URL_HOST);
             $destination = public_path() . '/assets/profile-images/' . $dir;
-            $filesystem = new Filesystem();
+            $filesystem = new Filesystem;
             if ($filesystem->isDirectory($destination) === false) {
                 $filesystem->makeDirectory($destination);
             }
@@ -139,7 +136,7 @@ class ContactsController extends Controller
             }
             if ($avatar !== null) {
                 $directory = public_path() . '/assets/profile-images/' . parse_url($contact->homepage, PHP_URL_HOST);
-                $filesystem = new Filesystem();
+                $filesystem = new Filesystem;
                 if ($filesystem->isDirectory($directory) === false) {
                     $filesystem->makeDirectory($directory);
                 }

app/Http/Controllers/Admin/HomeController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers\Admin;
 use App\Http\Controllers\Controller;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class HomeController extends Controller
 {
     /**

app/Http/Controllers/Admin/LikesController.php

@@ -10,9 +10,6 @@ use App\Models\Like;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class LikesController extends Controller
 {
     /**

app/Http/Controllers/Admin/NotesController.php

@@ -11,9 +11,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class NotesController extends Controller
 {
     /**
@@ -67,7 +64,7 @@ class NotesController extends Controller
      */
     public function update(int $noteId): RedirectResponse
     {
-        //update note data
+        // update note data
         $note = Note::findOrFail($noteId);
         $note->note = request()->input('content');
         $note->in_reply_to = request()->input('in-reply-to');

app/Http/Controllers/Admin/PasskeysController.php

@@ -18,8 +18,8 @@ use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\View\View;
 use ParagonIE\ConstantTime\Base64UrlSafe;
+use Random\RandomException;
 use Throwable;
-use Webauthn\AttestationStatement\AttestationObjectLoader;
 use Webauthn\AttestationStatement\AttestationStatementSupportManager;
 use Webauthn\AttestationStatement\NoneAttestationStatementSupport;
 use Webauthn\AuthenticationExtensions\ExtensionOutputCheckerHandler;
@@ -28,18 +28,17 @@ use Webauthn\AuthenticatorAssertionResponseValidator;
 use Webauthn\AuthenticatorAttestationResponse;
 use Webauthn\AuthenticatorAttestationResponseValidator;
 use Webauthn\AuthenticatorSelectionCriteria;
+use Webauthn\CeremonyStep\CeremonyStepManagerFactory;
+use Webauthn\Denormalizer\WebauthnSerializerFactory;
 use Webauthn\Exception\WebauthnException;
+use Webauthn\PublicKeyCredential;
 use Webauthn\PublicKeyCredentialCreationOptions;
-use Webauthn\PublicKeyCredentialLoader;
 use Webauthn\PublicKeyCredentialParameters;
 use Webauthn\PublicKeyCredentialRequestOptions;
 use Webauthn\PublicKeyCredentialRpEntity;
 use Webauthn\PublicKeyCredentialSource;
 use Webauthn\PublicKeyCredentialUserEntity;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class PasskeysController extends Controller
 {
     public function index(): View
@@ -51,22 +50,26 @@ class PasskeysController extends Controller
         return view('admin.passkeys.index', compact('passkeys'));
     }
 
-    public function getCreateOptions(): JsonResponse
+    /**
+     * @throws RandomException
+     * @throws \JsonException
+     */
+    public function getCreateOptions(Request $request): JsonResponse
     {
         /** @var User $user */
         $user = auth()->user();
 
         // RP Entity i.e. the application
         $rpEntity = PublicKeyCredentialRpEntity::create(
-            config('app.name'),
+            name: config('app.name'),
-            config('url.longurl'),
+            id: config('app.url'),
         );
 
         // User Entity
         $userEntity = PublicKeyCredentialUserEntity::create(
-            $user->name,
+            name: $user->name,
-            (string) $user->id,
+            id: (string) $user->id,
-            $user->name,
+            displayName: $user->name,
         );
 
         // Challenge
@@ -84,70 +87,100 @@ class PasskeysController extends Controller
         $authenticatorSelectionCriteria = AuthenticatorSelectionCriteria::create(
             userVerification: AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_REQUIRED,
             residentKey: AuthenticatorSelectionCriteria::RESIDENT_KEY_REQUIREMENT_REQUIRED,
-            requireResidentKey: true,
         );
 
-        $options = PublicKeyCredentialCreationOptions::create(
+        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::create(
-            $rpEntity,
+            rp: $rpEntity,
-            $userEntity,
+            user: $userEntity,
-            $challenge,
+            challenge: $challenge,
-            $pubKeyCredParams,
+            pubKeyCredParams: $pubKeyCredParams,
             authenticatorSelection: $authenticatorSelectionCriteria,
             attestation: PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE
         );
 
-        $options = json_encode($options, JSON_THROW_ON_ERROR);
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
+        $webauthnSerializerFactory = new WebauthnSerializerFactory(
+            attestationStatementSupportManager: $attestationStatementSupportManager
+        );
+        $webauthnSerializer = $webauthnSerializerFactory->create();
+        $publicKeyCredentialCreationOptions = $webauthnSerializer->serialize(
+            data: $publicKeyCredentialCreationOptions,
+            format: 'json'
+        );
 
-        session(['create_options' => $options]);
+        $request->session()->put('create_options', $publicKeyCredentialCreationOptions);
 
-        return JsonResponse::fromJsonString($options);
+        return JsonResponse::fromJsonString($publicKeyCredentialCreationOptions);
     }
 
+    /**
+     * @throws Throwable
+     * @throws WebauthnException
+     * @throws \JsonException
+     */
     public function create(Request $request): JsonResponse
     {
         /** @var User $user */
         $user = auth()->user();
 
         $publicKeyCredentialCreationOptionsData = session('create_options');
+        // Unset session data to mitigate replay attacks
+        $request->session()->forget('create_options');
         if (empty($publicKeyCredentialCreationOptionsData)) {
             throw new WebAuthnException('No public key credential request options found');
         }
-        $publicKeyCredentialCreationOptions = PublicKeyCredentialCreationOptions::createFromString($publicKeyCredentialCreationOptionsData);
 
-        // Unset session data to mitigate replay attacks
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
-        session()->forget('create_options');
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
+        $webauthnSerializerFactory = new WebauthnSerializerFactory(
+            attestationStatementSupportManager: $attestationStatementSupportManager
+        );
+        $webauthnSerializer = $webauthnSerializerFactory->create();
 
-        $attestationSupportManager = AttestationStatementSupportManager::create();
+        $publicKeyCredential = $webauthnSerializer->deserialize(
-        $attestationSupportManager->add(NoneAttestationStatementSupport::create());
+            json_encode($request->all(), JSON_THROW_ON_ERROR),
-        $attestationObjectLoader = AttestationObjectLoader::create($attestationSupportManager);
+            PublicKeyCredential::class,
-        $publicKeyCredentialLoader = PublicKeyCredentialLoader::create($attestationObjectLoader);
+            'json'
-
+        );
-        $publicKeyCredential = $publicKeyCredentialLoader->load(json_encode($request->all(), JSON_THROW_ON_ERROR));
 
         if (! $publicKeyCredential->response instanceof AuthenticatorAttestationResponse) {
             throw new WebAuthnException('Invalid response type');
         }
 
-        $attestationStatementSupportManager = AttestationStatementSupportManager::create();
+        $algorithmManager = new Manager;
-        $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
+        $algorithmManager->add(new Ed25519);
+        $algorithmManager->add(new ES256);
+        $algorithmManager->add(new RS256);
+
+        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory;
+        $ceremonyStepManagerFactory->setAlgorithmManager($algorithmManager);
+        $ceremonyStepManagerFactory->setAttestationStatementSupportManager(
+            $attestationStatementSupportManager
+        );
+        $ceremonyStepManagerFactory->setExtensionOutputCheckerHandler(
+            ExtensionOutputCheckerHandler::create()
+        );
+        $allowedOrigins = [];
+        if (App::environment('local', 'development')) {
+            $allowedOrigins = [config('app.url')];
+        }
+        $ceremonyStepManagerFactory->setAllowedOrigins($allowedOrigins);
 
         $authenticatorAttestationResponseValidator = AuthenticatorAttestationResponseValidator::create(
-            attestationStatementSupportManager: $attestationStatementSupportManager,
+            ceremonyStepManager: $ceremonyStepManagerFactory->creationCeremony()
-            publicKeyCredentialSourceRepository: null,
-            tokenBindingHandler: null,
-            extensionOutputCheckerHandler: ExtensionOutputCheckerHandler::create(),
         );
 
-        $securedRelyingPartyId = [];
+        $publicKeyCredentialCreationOptions = $webauthnSerializer->deserialize(
-        if (App::environment('local', 'development')) {
+            $publicKeyCredentialCreationOptionsData,
-            $securedRelyingPartyId = [config('url.longurl')];
+            PublicKeyCredentialCreationOptions::class,
-        }
+            'json'
+        );
 
         $publicKeyCredentialSource = $authenticatorAttestationResponseValidator->check(
             authenticatorAttestationResponse: $publicKeyCredential->response,
             publicKeyCredentialCreationOptions: $publicKeyCredentialCreationOptions,
-            request: config('url.longurl'),
+            host: config('app.url')
-            securedRelyingPartyId: $securedRelyingPartyId,
         );
 
         $user->passkey()->create([
@@ -161,24 +194,37 @@ class PasskeysController extends Controller
         ]);
     }
 
-    public function getRequestOptions(): JsonResponse
+    /**
+     * @throws RandomException
+     * @throws \JsonException
+     */
+    public function getRequestOptions(Request $request): JsonResponse
     {
         $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::create(
             challenge: random_bytes(16),
             userVerification: PublicKeyCredentialRequestOptions::USER_VERIFICATION_REQUIREMENT_REQUIRED
         );
 
-        $publicKeyCredentialRequestOptions = json_encode($publicKeyCredentialRequestOptions, JSON_THROW_ON_ERROR);
+        $attestationStatementSupportManager = AttestationStatementSupportManager::create();
+        $attestationStatementSupportManager->add(NoneAttestationStatementSupport::create());
+        $factory = new WebauthnSerializerFactory(
+            attestationStatementSupportManager: $attestationStatementSupportManager
+        );
+        $serializer = $factory->create();
+        $publicKeyCredentialRequestOptions = $serializer->serialize(data: $publicKeyCredentialRequestOptions, format: 'json');
 
-        session(['request_options' => $publicKeyCredentialRequestOptions]);
+        $request->session()->put('request_options', $publicKeyCredentialRequestOptions);
 
         return JsonResponse::fromJsonString($publicKeyCredentialRequestOptions);
     }
 
+    /**
+     * @throws \JsonException
+     */
     public function login(Request $request): JsonResponse
     {
         $requestOptions = session('request_options');
-        session()->forget('request_options');
+        $request->session()->forget('request_options');
 
         if (empty($requestOptions)) {
             return response()->json([
@@ -187,14 +233,19 @@ class PasskeysController extends Controller
             ], 400);
         }
 
-        $publicKeyCredentialRequestOptions = PublicKeyCredentialRequestOptions::createFromString($requestOptions);
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
 
-        $attestationSupportManager = AttestationStatementSupportManager::create();
+        $webauthnSerializerFactory = new WebauthnSerializerFactory(
-        $attestationSupportManager->add(NoneAttestationStatementSupport::create());
+            attestationStatementSupportManager: $attestationStatementSupportManager
-        $attestationObjectLoader = AttestationObjectLoader::create($attestationSupportManager);
+        );
-        $publicKeyCredentialLoader = PublicKeyCredentialLoader::create($attestationObjectLoader);
+        $webauthnSerializer = $webauthnSerializerFactory->create();
 
-        $publicKeyCredential = $publicKeyCredentialLoader->load(json_encode($request->all(), JSON_THROW_ON_ERROR));
+        $publicKeyCredential = $webauthnSerializer->deserialize(
+            json_encode($request->all(), JSON_THROW_ON_ERROR),
+            PublicKeyCredential::class,
+            'json'
+        );
 
         if (! $publicKeyCredential->response instanceof AuthenticatorAssertionResponse) {
             return response()->json([
@@ -211,33 +262,51 @@ class PasskeysController extends Controller
             ], 404);
         }
 
-        $credential = PublicKeyCredentialSource::createFromArray(json_decode($passkey->passkey, true, 512, JSON_THROW_ON_ERROR));
+        $publicKeyCredentialSource = $webauthnSerializer->deserialize(
-
+            $passkey->passkey,
-        $algorithmManager = Manager::create();
+            PublicKeyCredentialSource::class,
-        $algorithmManager->add(new Ed25519());
+            'json'
-        $algorithmManager->add(new ES256());
-        $algorithmManager->add(new RS256());
-
-        $authenticatorAssertionResponseValidator = new AuthenticatorAssertionResponseValidator(
-            publicKeyCredentialSourceRepository: null,
-            tokenBindingHandler: null,
-            extensionOutputCheckerHandler: ExtensionOutputCheckerHandler::create(),
-            algorithmManager: $algorithmManager,
         );
 
-        $securedRelyingPartyId = [];
+        $algorithmManager = new Manager;
+        $algorithmManager->add(new Ed25519);
+        $algorithmManager->add(new ES256);
+        $algorithmManager->add(new RS256);
+
+        $attestationStatementSupportManager = new AttestationStatementSupportManager;
+        $attestationStatementSupportManager->add(new NoneAttestationStatementSupport);
+
+        $ceremonyStepManagerFactory = new CeremonyStepManagerFactory;
+        $ceremonyStepManagerFactory->setAlgorithmManager($algorithmManager);
+        $ceremonyStepManagerFactory->setAttestationStatementSupportManager(
+            $attestationStatementSupportManager
+        );
+        $ceremonyStepManagerFactory->setExtensionOutputCheckerHandler(
+            ExtensionOutputCheckerHandler::create()
+        );
+        $allowedOrigins = [];
         if (App::environment('local', 'development')) {
-            $securedRelyingPartyId = [config('url.longurl')];
+            $allowedOrigins = [config('app.url')];
         }
+        $ceremonyStepManagerFactory->setAllowedOrigins($allowedOrigins);
+
+        $authenticatorAssertionResponseValidator = AuthenticatorAssertionResponseValidator::create(
+            ceremonyStepManager: $ceremonyStepManagerFactory->requestCeremony()
+        );
+
+        $publicKeyCredentialRequestOptions = $webauthnSerializer->deserialize(
+            $requestOptions,
+            PublicKeyCredentialRequestOptions::class,
+            'json'
+        );
 
         try {
             $authenticatorAssertionResponseValidator->check(
-                credentialId: $credential,
+                publicKeyCredentialSource: $publicKeyCredentialSource,
                 authenticatorAssertionResponse: $publicKeyCredential->response,
                 publicKeyCredentialRequestOptions: $publicKeyCredentialRequestOptions,
-                request: config('url.longurl'),
+                host: config('app.url'),
                 userHandle: null,
-                securedRelyingPartyId: $securedRelyingPartyId,
             );
         } catch (Throwable) {
             return response()->json([

app/Http/Controllers/Admin/PlacesController.php

@@ -10,9 +10,6 @@ use App\Services\PlaceService;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class PlacesController extends Controller
 {
     protected PlaceService $placeService;

app/Http/Controllers/Admin/SyndicationTargetsController.php

@@ -10,9 +10,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class SyndicationTargetsController extends Controller
 {
     /**

app/Http/Controllers/ArticlesController.php

@@ -10,9 +10,6 @@ use Illuminate\Http\RedirectResponse;
 use Illuminate\View\View;
 use Jonnybarnes\IndieWeb\Numbers;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ArticlesController extends Controller
 {
     /**

app/Http/Controllers/AuthController.php

@@ -9,9 +9,6 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class AuthController extends Controller
 {
     /**

app/Http/Controllers/BookmarksController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers;
 use App\Models\Bookmark;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class BookmarksController extends Controller
 {
     /**

app/Http/Controllers/ContactsController.php

@@ -8,9 +8,6 @@ use App\Models\Contact;
 use Illuminate\Filesystem\Filesystem;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class ContactsController extends Controller
 {
     /**
@@ -18,7 +15,7 @@ class ContactsController extends Controller
      */
     public function index(): View
     {
-        $filesystem = new Filesystem();
+        $filesystem = new Filesystem;
         $contacts = Contact::all();
         foreach ($contacts as $contact) {
             $contact->homepageHost = parse_url($contact->homepage, PHP_URL_HOST);
@@ -40,7 +37,7 @@ class ContactsController extends Controller
         $contact->homepageHost = parse_url($contact->homepage, PHP_URL_HOST);
         $file = public_path() . '/assets/profile-images/' . $contact->homepageHost . '/image';
 
-        $filesystem = new Filesystem();
+        $filesystem = new Filesystem;
         $image = ($filesystem->exists($file)) ?
             '/assets/profile-images/' . $contact->homepageHost . '/image'
         :

app/Http/Controllers/FeedsController.php

@@ -9,9 +9,6 @@ use App\Models\Note;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Response;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class FeedsController extends Controller
 {
     /**
@@ -122,8 +119,8 @@ class FeedsController extends Controller
 
         foreach ($notes as $key => $note) {
             $data['items'][$key] = [
-                'id' => $note->longurl,
+                'id' => $note->uri,
-                'url' => $note->longurl,
+                'url' => $note->uri,
                 'content_text' => $note->content,
                 'date_published' => $note->created_at->tz('UTC')->toRfc3339String(),
                 'date_modified' => $note->updated_at->tz('UTC')->toRfc3339String(),
@@ -164,7 +161,7 @@ class FeedsController extends Controller
             'author' => [
                 'type' => 'card',
                 'name' => config('user.display_name'),
-                'url' => config('url.longurl'),
+                'url' => config('app.url'),
             ],
             'children' => $items,
         ], 200, [
@@ -183,8 +180,8 @@ class FeedsController extends Controller
             $items[] = [
                 'type' => 'entry',
                 'published' => $note->created_at,
-                'uid' => $note->longurl,
+                'uid' => $note->uri,
-                'url' => $note->longurl,
+                'url' => $note->uri,
                 'content' => [
                     'text' => $note->getRawOriginal('note'),
                     'html' => $note->note,
@@ -200,7 +197,7 @@ class FeedsController extends Controller
             'author' => [
                 'type' => 'card',
                 'name' => config('user.display_name'),
-                'url' => config('url.longurl'),
+                'url' => config('app.url'),
             ],
             'children' => $items,
         ], 200, [

app/Http/Controllers/FrontPageController.php

@@ -10,9 +10,6 @@ use App\Models\Note;
 use Illuminate\Http\Response;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class FrontPageController extends Controller
 {
     /**

app/Http/Controllers/IndieAuthController.php

@@ -0,0 +1,327 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use App\Services\TokenService;
+use Exception;
+use GuzzleHttp\Client;
+use GuzzleHttp\Psr7\Uri;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\View\View;
+use Random\RandomException;
+use SodiumException;
+
+class IndieAuthController extends Controller
+{
+    public function indieAuthMetadataEndpoint(): JsonResponse
+    {
+        return response()->json([
+            'issuer' => config('app.url'),
+            'authorization_endpoint' => route('indieauth.start'),
+            'token_endpoint' => route('indieauth.token'),
+            'code_challenge_methods_supported' => ['S256'],
+            // 'introspection_endpoint' => route('indieauth.introspection'),
+            // 'introspection_endpoint_auth_methods_supported' => ['none'],
+        ]);
+    }
+
+    /**
+     * Process a GET request to the IndieAuth endpoint.
+     *
+     * This is the first step in the IndieAuth flow, where the client app sends the user to the IndieAuth endpoint.
+     */
+    public function start(Request $request): View
+    {
+        // First check all required params are present
+        $validator = Validator::make($request->all(), [
+            'response_type' => 'required:string',
+            'client_id' => 'required',
+            'redirect_uri' => 'required',
+            'state' => 'required',
+            'code_challenge' => 'required:string',
+            'code_challenge_method' => 'required:string',
+        ], [
+            'response_type' => 'response_type is required',
+            'client_id.required' => 'client_id is required to display which app is asking for authentication',
+            'redirect_uri.required' => 'redirect_uri is required so we can progress successful requests',
+            'state.required' => 'state is required',
+            'code_challenge.required' => 'code_challenge is required',
+            'code_challenge_method.required' => 'code_challenge_method is required',
+        ]);
+
+        if ($validator->fails()) {
+            return view('indieauth.error')->withErrors($validator);
+        }
+
+        if ($request->get('response_type') !== 'code') {
+            return view('indieauth.error')->withErrors(['response_type' => 'only a response_type of "code" is supported']);
+        }
+
+        if (mb_strtoupper($request->get('code_challenge_method')) !== 'S256') {
+            return view('indieauth.error')->withErrors(['code_challenge_method' => 'only a code_challenge_method of "S256" is supported']);
+        }
+
+        if (! $this->isValidRedirectUri($request->get('client_id'), $request->get('redirect_uri'))) {
+            return view('indieauth.error')->withErrors(['redirect_uri' => 'redirect_uri is not valid for this client_id']);
+        }
+
+        $scopes = $request->get('scope', '');
+        $scopes = explode(' ', $scopes);
+
+        return view('indieauth.start', [
+            'me' => $request->get('me'),
+            'client_id' => $request->get('client_id'),
+            'redirect_uri' => $request->get('redirect_uri'),
+            'state' => $request->get('state'),
+            'scopes' => $scopes,
+            'code_challenge' => $request->get('code_challenge'),
+            'code_challenge_method' => $request->get('code_challenge_method'),
+        ]);
+    }
+
+    /**
+     * Confirm an IndieAuth approval request.
+     *
+     * Generates an auth code and redirects the user back to the client app.
+     *
+     * @throws RandomException
+     */
+    public function confirm(Request $request): RedirectResponse
+    {
+        $authCode = bin2hex(random_bytes(16));
+
+        $cacheKey = hash('xxh3', $request->get('client_id'));
+
+        $indieAuthRequestData = [
+            'code_challenge' => $request->get('code_challenge'),
+            'code_challenge_method' => $request->get('code_challenge_method'),
+            'client_id' => $request->get('client_id'),
+            'redirect_uri' => $request->get('redirect_uri'),
+            'auth_code' => $authCode,
+            'scope' => implode(' ', $request->get('scope', '')),
+        ];
+
+        Cache::put($cacheKey, $indieAuthRequestData, now()->addMinutes(10));
+
+        $redirectUri = new Uri($request->get('redirect_uri'));
+        $redirectUri = Uri::withQueryValues($redirectUri, [
+            'code' => $authCode,
+            'state' => $request->get('state'),
+            'iss' => config('app.url'),
+        ]);
+
+        return redirect()->away($redirectUri);
+    }
+
+    /**
+     * Process a POST request to the IndieAuth auth endpoint.
+     *
+     * This is one possible second step in the IndieAuth flow, where the client app sends the auth code to the IndieAuth
+     * endpoint. As it is to the auth endpoint we return profile information. A similar request can be made to the token
+     * endpoint to get an access token.
+     */
+    public function processCodeExchange(Request $request): JsonResponse
+    {
+        $invalidCodeResponse = $this->validateAuthorizationCode($request);
+
+        if ($invalidCodeResponse instanceof JsonResponse) {
+            return $invalidCodeResponse;
+        }
+
+        return response()->json([
+            'me' => config('app.url'),
+        ]);
+    }
+
+    /**
+     * Process a POST request to the IndieAuth token endpoint.
+     *
+     * This is another possible second step in the IndieAuth flow, where the client app sends the auth code to the
+     * IndieAuth token endpoint. As it is to the token endpoint we return an access token.
+     *
+     * @throws SodiumException
+     */
+    public function processTokenRequest(Request $request): JsonResponse
+    {
+        $indieAuthData = $this->validateAuthorizationCode($request);
+
+        if ($indieAuthData instanceof JsonResponse) {
+            return $indieAuthData;
+        }
+
+        if ($indieAuthData['scope'] === '') {
+            return response()->json(['errors' => [
+                'scope' => [
+                    'The scope property must be non-empty for an access token to be issued.',
+                ],
+            ]], 400);
+        }
+
+        $tokenData = [
+            'me' => config('app.url'),
+            'client_id' => $request->get('client_id'),
+            'scope' => $indieAuthData['scope'],
+        ];
+        $tokenService = resolve(TokenService::class);
+        $token = $tokenService->getNewToken($tokenData);
+
+        return response()->json([
+            'access_token' => $token,
+            'token_type' => 'Bearer',
+            'scope' => $indieAuthData['scope'],
+            'me' => config('app.url'),
+        ]);
+    }
+
+    protected function isValidRedirectUri(string $clientId, string $redirectUri): bool
+    {
+        // If client_id is not a valid URL, then it's not valid
+        $clientIdParsed = \Mf2\parseUriToComponents($clientId);
+        if (! isset($clientIdParsed['authority'])) {
+            return false;
+        }
+
+        // If redirect_uri is not a valid URL, then it's not valid
+        $redirectUriParsed = \Mf2\parseUriToComponents($redirectUri);
+        if (! isset($redirectUriParsed['authority'])) {
+            return false;
+        }
+
+        // If client_id and redirect_uri are the same host, then it's valid
+        if ($clientIdParsed['authority'] === $redirectUriParsed['authority']) {
+            return true;
+        }
+
+        // Otherwise we need to check the redirect_uri is in the client_id's redirect_uris
+        $guzzle = resolve(Client::class);
+
+        try {
+            $clientInfo = $guzzle->get($clientId);
+        } catch (Exception) {
+            return false;
+        }
+
+        $clientInfoParsed = \Mf2\parse($clientInfo->getBody()->getContents(), $clientId);
+
+        $redirectUris = $clientInfoParsed['rels']['redirect_uri'] ?? [];
+
+        return in_array($redirectUri, $redirectUris, true);
+    }
+
+    /**
+     * @throws SodiumException
+     */
+    protected function validateAuthorizationCode(Request $request): JsonResponse|array
+    {
+        // First check all the data is present
+        $validator = Validator::make($request->all(), [
+            'grant_type' => 'required:string',
+            'code' => 'required:string',
+            'client_id' => 'required',
+            'redirect_uri' => 'required',
+            'code_verifier' => 'required',
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json(['errors' => $validator->errors()], 400);
+        }
+
+        if ($request->get('grant_type') !== 'authorization_code') {
+            return response()->json(['errors' => [
+                'grant_type' => [
+                    'Only a grant type of "authorization_code" is supported.',
+                ],
+            ]], 400);
+        }
+
+        // Check cache for auth code
+        $cacheKey = hash('xxh3', $request->get('client_id'));
+        $indieAuthRequestData = Cache::pull($cacheKey);
+
+        if ($indieAuthRequestData === null) {
+            return response()->json(['errors' => [
+                'code' => [
+                    'The code is invalid.',
+                ],
+            ]], 404);
+        }
+
+        // Check the IndieAuth code
+        if (! array_key_exists('auth_code', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'code' => [
+                    'The code is invalid.',
+                ],
+            ]], 400);
+        }
+        if ($indieAuthRequestData['auth_code'] !== $request->get('code')) {
+            return response()->json(['errors' => [
+                'code' => [
+                    'The code is invalid.',
+                ],
+            ]], 400);
+        }
+
+        // Check code verifier
+        if (! array_key_exists('code_challenge', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'code_verifier' => [
+                    'The code verifier is invalid.',
+                ],
+            ]], 400);
+        }
+        if (! hash_equals(
+            $indieAuthRequestData['code_challenge'],
+            sodium_bin2base64(
+                hash('sha256', $request->get('code_verifier'), true),
+                SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING
+            )
+        )) {
+            return response()->json(['errors' => [
+                'code_verifier' => [
+                    'The code verifier is invalid.',
+                ],
+            ]], 400);
+        }
+
+        // Check redirect_uri
+        if (! array_key_exists('redirect_uri', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'redirect_uri' => [
+                    'The redirect uri is invalid.',
+                ],
+            ]], 400);
+        }
+        if ($indieAuthRequestData['redirect_uri'] !== $request->get('redirect_uri')) {
+            return response()->json(['errors' => [
+                'redirect_uri' => [
+                    'The redirect uri is invalid.',
+                ],
+            ]], 400);
+        }
+
+        // Check client_id
+        if (! array_key_exists('client_id', $indieAuthRequestData)) {
+            return response()->json(['errors' => [
+                'client_id' => [
+                    'The client id is invalid.',
+                ],
+            ]], 400);
+        }
+        if ($indieAuthRequestData['client_id'] !== $request->get('client_id')) {
+            return response()->json(['errors' => [
+                'client_id' => [
+                    'The client id is invalid.',
+                ],
+            ]], 400);
+        }
+
+        return $indieAuthRequestData;
+    }
+}

app/Http/Controllers/LikesController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers;
 use App\Models\Like;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class LikesController extends Controller
 {
     /**

app/Http/Controllers/MicropubController.php

@@ -4,110 +4,73 @@ declare(strict_types=1);
 
 namespace App\Http\Controllers;
 
-use App\Http\Responses\MicropubResponses;
+use App\Exceptions\InvalidTokenScopeException;
+use App\Exceptions\MicropubHandlerException;
+use App\Http\Requests\MicropubRequest;
 use App\Models\Place;
 use App\Models\SyndicationTarget;
-use App\Services\Micropub\HCardService;
+use App\Services\Micropub\MicropubHandlerRegistry;
-use App\Services\Micropub\HEntryService;
-use App\Services\Micropub\UpdateService;
-use App\Services\TokenService;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Lcobucci\JWT\Encoding\CannotDecodeContent;
+use Lcobucci\JWT\Token;
-use Lcobucci\JWT\Token\InvalidTokenStructure;
-use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
-use Monolog\Handler\StreamHandler;
-use Monolog\Logger;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class MicropubController extends Controller
 {
-    protected TokenService $tokenService;
+    protected MicropubHandlerRegistry $handlerRegistry;
 
-    protected HEntryService $hentryService;
+    public function __construct(MicropubHandlerRegistry $handlerRegistry)
-
+    {
-    protected HCardService $hcardService;
+        $this->handlerRegistry = $handlerRegistry;
-
-    protected UpdateService $updateService;
-
-    public function __construct(
-        TokenService $tokenService,
-        HEntryService $hentryService,
-        HCardService $hcardService,
-        UpdateService $updateService
-    ) {
-        $this->tokenService = $tokenService;
-        $this->hentryService = $hentryService;
-        $this->hcardService = $hcardService;
-        $this->updateService = $updateService;
     }
 
     /**
-     * This function receives an API request, verifies the authenticity
+     * Respond to a POST request to the micropub endpoint.
-     * then passes over the info to the relevant Service class.
+     *
+     * The request is initially processed by the MicropubRequest form request
+     * class. The normalizes the data, so we can pass it into the handlers for
+     * the different micropub requests, h-entry or h-card, for example.
      */
-    public function post(Request $request): JsonResponse
+    public function post(MicropubRequest $request): JsonResponse
     {
+        $type = $request->getType();
+
+        if (! $type) {
+            return response()->json([
+                'error' => 'invalid_request',
+                'error_description' => 'Microformat object type is missing, for example: h-entry or h-card',
+            ], 400);
+        }
+
         try {
-            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
+            $handler = $this->handlerRegistry->getHandler($type);
-        } catch (RequiredConstraintsViolated|InvalidTokenStructure|CannotDecodeContent) {
+            $result = $handler->handle($request->getMicropubData());
-            $micropubResponses = new MicropubResponses();
-
-            return $micropubResponses->invalidTokenResponse();
-        }
-
-        if ($tokenData->claims()->has('scope') === false) {
-            $micropubResponses = new MicropubResponses();
-
-            return $micropubResponses->tokenHasNoScopeResponse();
-        }
-
-        $this->logMicropubRequest($request->all());
-
-        if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) {
-            if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
-                $micropubResponses = new MicropubResponses();
-
-                return $micropubResponses->insufficientScopeResponse();
-            }
-            $location = $this->hentryService->process($request->all(), $this->getCLientId());
 
+            // Return appropriate response based on the handler result
             return response()->json([
-                'response' => 'created',
+                'response' => $result['response'],
-                'location' => $location,
+                'location' => $result['url'] ?? null,
-            ], 201)->header('Location', $location);
+            ], 201)->header('Location', $result['url']);
-        }
+        } catch (\InvalidArgumentException $e) {
-
-        if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') {
-            if (stripos($tokenData->claims()->get('scope'), 'create') === false) {
-                $micropubResponses = new MicropubResponses();
-
-                return $micropubResponses->insufficientScopeResponse();
-            }
-            $location = $this->hcardService->process($request->all());
-
             return response()->json([
-                'response' => 'created',
+                'error' => 'invalid_request',
-                'location' => $location,
+                'error_description' => $e->getMessage(),
-            ], 201)->header('Location', $location);
+            ], 400);
-        }
+        } catch (MicropubHandlerException) {
-
-        if ($request->input('action') === 'update') {
-            if (stripos($tokenData->claims()->get('scope'), 'update') === false) {
-                $micropubResponses = new MicropubResponses();
-
-                return $micropubResponses->insufficientScopeResponse();
-            }
-
-            return $this->updateService->process($request->all());
-        }
-
             return response()->json([
-            'response' => 'error',
+                'error' => 'Unknown Micropub type',
-            'error_description' => 'unsupported_request_type',
+                'error_description' => 'The request could not be processed by this server',
             ], 500);
+        } catch (InvalidTokenScopeException) {
+            return response()->json([
+                'error' => 'invalid_scope',
+                'error_description' => 'The token does not have the required scope for this request',
+            ], 403);
+        } catch (\Exception) {
+            return response()->json([
+                'error' => 'server_error',
+                'error_description' => 'An error occurred processing the request',
+            ], 500);
+        }
     }
 
     /**
@@ -120,12 +83,6 @@ class MicropubController extends Controller
      */
     public function get(Request $request): JsonResponse
     {
-        try {
-            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
-        } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
-            return (new MicropubResponses())->invalidTokenResponse();
-        }
-
         if ($request->input('q') === 'syndicate-to') {
             return response()->json([
                 'syndicate-to' => SyndicationTarget::all(),
@@ -157,36 +114,17 @@ class MicropubController extends Controller
             ]);
         }
 
-        // default response is just to return the token data
+        // the default response is just to return the token data
+        /** @var Token $tokenData */
+        $tokenData = $request->input('token_data');
+
         return response()->json([
             'response' => 'token',
             'token' => [
-                'me' => $tokenData->claims()->get('me'),
+                'me' => $tokenData['me'],
-                'scope' => $tokenData->claims()->get('scope'),
+                'scope' => $tokenData['scope'],
-                'client_id' => $tokenData->claims()->get('client_id'),
+                'client_id' => $tokenData['client_id'],
             ],
         ]);
     }
-
-    /**
-     * Determine the client id from the access token sent with the request.
-     *
-     * @throws RequiredConstraintsViolated
-     */
-    private function getClientId(): string
-    {
-        return resolve(TokenService::class)
-            ->validateToken(app('request')->input('access_token'))
-            ->claims()->get('client_id');
-    }
-
-    /**
-     * Save the details of the micropub request to a log file.
-     */
-    private function logMicropubRequest(array $request): void
-    {
-        $logger = new Logger('micropub');
-        $logger->pushHandler(new StreamHandler(storage_path('logs/micropub.log')));
-        $logger->debug('MicropubLog', $request);
-    }
 }

app/Http/Controllers/MicropubMediaController.php

@@ -7,54 +7,29 @@ namespace App\Http\Controllers;
 use App\Http\Responses\MicropubResponses;
 use App\Jobs\ProcessMedia;
 use App\Models\Media;
-use App\Services\TokenService;
 use Exception;
 use Illuminate\Contracts\Container\BindingResolutionException;
-use Illuminate\Http\File;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Http\UploadedFile;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Storage;
-use Illuminate\Support\Str;
 use Intervention\Image\ImageManager;
-use Lcobucci\JWT\Token\InvalidTokenStructure;
-use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
 use Ramsey\Uuid\Uuid;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class MicropubMediaController extends Controller
 {
-    protected TokenService $tokenService;
-
-    public function __construct(TokenService $tokenService)
-    {
-        $this->tokenService = $tokenService;
-    }
-
     public function getHandler(Request $request): JsonResponse
     {
-        try {
+        $tokenData = $request->input('token_data');
-            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
-        } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
-            $micropubResponses = new MicropubResponses();
 
-            return $micropubResponses->invalidTokenResponse();
+        $scopes = $tokenData['scope'];
+        if (is_string($scopes)) {
+            $scopes = explode(' ', $scopes);
         }
-
+        if (! in_array('create', $scopes, true)) {
-        if ($tokenData->claims()->has('scope') === false) {
+            return (new MicropubResponses)->insufficientScopeResponse();
-            $micropubResponses = new MicropubResponses();
-
-            return $micropubResponses->tokenHasNoScopeResponse();
-        }
-
-        if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
-            $micropubResponses = new MicropubResponses();
-
-            return $micropubResponses->insufficientScopeResponse();
         }
 
         if ($request->input('q') === 'last') {
@@ -105,24 +80,14 @@ class MicropubMediaController extends Controller
      */
     public function media(Request $request): JsonResponse
     {
-        try {
+        $tokenData = $request->input('token_data');
-            $tokenData = $this->tokenService->validateToken($request->input('access_token'));
-        } catch (RequiredConstraintsViolated|InvalidTokenStructure) {
-            $micropubResponses = new MicropubResponses();
 
-            return $micropubResponses->invalidTokenResponse();
+        $scopes = $tokenData['scope'];
+        if (is_string($scopes)) {
+            $scopes = explode(' ', $scopes);
         }
-
+        if (! in_array('create', $scopes, true)) {
-        if ($tokenData->claims()->has('scope') === false) {
+            return (new MicropubResponses)->insufficientScopeResponse();
-            $micropubResponses = new MicropubResponses();
-
-            return $micropubResponses->tokenHasNoScopeResponse();
-        }
-
-        if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) {
-            $micropubResponses = new MicropubResponses();
-
-            return $micropubResponses->insufficientScopeResponse();
         }
 
         if ($request->hasFile('file') === false) {
@@ -133,7 +98,10 @@ class MicropubMediaController extends Controller
             ], 400);
         }
 
-        if ($request->file('file')->isValid() === false) {
+        /** @var UploadedFile $file */
+        $file = $request->file('file');
+
+        if ($file->isValid() === false) {
             return response()->json([
                 'response' => 'error',
                 'error' => 'invalid_request',
@@ -141,7 +109,7 @@ class MicropubMediaController extends Controller
             ], 400);
         }
 
-        $filename = $this->saveFile($request->file('file'));
+        $filename = Storage::disk('local')->putFile('media', $file);
 
         /** @var ImageManager $manager */
         $manager = resolve(ImageManager::class);
@@ -154,19 +122,12 @@ class MicropubMediaController extends Controller
         }
 
         $media = Media::create([
-            'token' => $request->bearerToken(),
+            'token' => $request->input('access_token'),
-            'path' => 'media/' . $filename,
+            'path' => $filename,
             'type' => $this->getFileTypeFromMimeType($request->file('file')->getMimeType()),
             'image_widths' => $width,
         ]);
 
-        // put the file on S3 initially, the ProcessMedia job may edit this
-        Storage::disk('s3')->putFileAs(
-            'media',
-            new File(storage_path('app') . '/' . $filename),
-            $filename
-        );
-
         ProcessMedia::dispatch($filename);
 
         return response()->json([
@@ -188,7 +149,7 @@ class MicropubMediaController extends Controller
      */
     private function getFileTypeFromMimeType(string $mimeType): string
     {
-        //try known images
+        // try known images
         $imageMimeTypes = [
             'image/gif',
             'image/jpeg',
@@ -200,7 +161,7 @@ class MicropubMediaController extends Controller
         if (in_array($mimeType, $imageMimeTypes)) {
             return 'image';
         }
-        //try known video
+        // try known video
         $videoMimeTypes = [
             'video/mp4',
             'video/mpeg',
@@ -211,7 +172,7 @@ class MicropubMediaController extends Controller
         if (in_array($mimeType, $videoMimeTypes)) {
             return 'video';
         }
-        //try known audio types
+        // try known audio types
         $audioMimeTypes = [
             'audio/midi',
             'audio/mpeg',
@@ -230,7 +191,7 @@ class MicropubMediaController extends Controller
      *
      * @throws Exception
      */
-    private function saveFile(UploadedFile $file): string
+    private function saveFileToLocal(UploadedFile $file): string
     {
         $filename = Uuid::uuid4()->toString() . '.' . $file->extension();
         Storage::disk('local')->putFileAs('', $file, $filename);

app/Http/Controllers/NotesController.php

@@ -14,8 +14,6 @@ use Jonnybarnes\IndieWeb\Numbers;
 
 /**
  * @todo Need to sort out Twitter and webmentions!
- *
- * @psalm-suppress UnusedClass
  */
 class NotesController extends Controller
 {
@@ -67,7 +65,7 @@ class NotesController extends Controller
      */
     public function redirect(int $decId): RedirectResponse
     {
-        return redirect(config('app.url') . '/notes/' . (new Numbers())->numto60($decId));
+        return redirect(config('app.url') . '/notes/' . (new Numbers)->numto60($decId));
     }
 
     /**

app/Http/Controllers/PlacesController.php

@@ -7,9 +7,6 @@ namespace App\Http\Controllers;
 use App\Models\Place;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class PlacesController extends Controller
 {
     /**

app/Http/Controllers/SearchController.php

@@ -6,9 +6,6 @@ use App\Models\Note;
 use Illuminate\Http\Request;
 use Illuminate\View\View;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class SearchController extends Controller
 {
     public function search(Request $request): View

app/Http/Controllers/ShortURLsController.php

@@ -1,55 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Controllers;
-
-use Illuminate\Http\RedirectResponse;
-
-/**
- * @psalm-suppress UnusedClass
- */
-class ShortURLsController extends Controller
-{
-    /*
-    |--------------------------------------------------------------------------
-    | Short URL Controller
-    |--------------------------------------------------------------------------
-    |
-    |    This redirects the short urls to long ones
-    |
-    */
-
-    /**
-     * Redirect from '/' to the long url.
-     */
-    public function baseURL(): RedirectResponse
-    {
-        return redirect(config('app.url'));
-    }
-
-    /**
-     * Redirect from '/@' to a twitter profile.
-     */
-    public function twitter(): RedirectResponse
-    {
-        return redirect('https://twitter.com/jonnybarnes');
-    }
-
-    /**
-     * Redirect a short url of this site out to a long one based on post type.
-     *
-     * Further redirects may happen.
-     */
-    public function expandType(string $type, string $postId): RedirectResponse
-    {
-        if ($type === 't') {
-            $type = 'notes';
-        }
-        if ($type === 'b') {
-            $type = 'blog/s';
-        }
-
-        return redirect(config('app.url') . '/' . $type . '/' . $postId);
-    }
-}

app/Http/Controllers/TokenEndpointController.php

@@ -1,109 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Http\Controllers;
-
-use App\Services\TokenService;
-use GuzzleHttp\Client as GuzzleClient;
-use GuzzleHttp\Exception\BadResponseException;
-use Illuminate\Http\JsonResponse;
-use Illuminate\Http\Request;
-use IndieAuth\Client;
-use JsonException;
-
-/**
- * @psalm-suppress UnusedClass
- */
-class TokenEndpointController extends Controller
-{
-    /**
-     * @var Client The IndieAuth Client.
-     */
-    protected Client $client;
-
-    /**
-     * @var GuzzleClient The GuzzleHttp client.
-     */
-    protected GuzzleClient $guzzle;
-
-    protected TokenService $tokenService;
-
-    /**
-     * Inject the dependencies.
-     */
-    public function __construct(
-        Client $client,
-        GuzzleClient $guzzle,
-        TokenService $tokenService
-    ) {
-        $this->client = $client;
-        $this->guzzle = $guzzle;
-        $this->tokenService = $tokenService;
-    }
-
-    /**
-     * If the user has auth’d via the IndieAuth protocol, issue a valid token.
-     */
-    public function create(Request $request): JsonResponse
-    {
-        $auth = $this->verifyIndieAuthCode(
-            config('url.authorization_endpoint'),
-            $request->input('code'),
-            $request->input('redirect_uri'),
-            $request->input('client_id'),
-        );
-
-        if ($auth === null || ! array_key_exists('me', $auth)) {
-            return response()->json([
-                'error' => 'There was an error verifying the IndieAuth code',
-            ], 401);
-        }
-
-        $scope = $auth['scope'] ?? '';
-        $tokenData = [
-            'me' => config('app.url'),
-            'client_id' => $request->input('client_id'),
-            'scope' => $scope,
-        ];
-        $token = $this->tokenService->getNewToken($tokenData);
-        $content = [
-            'me' => config('app.url'),
-            'scope' => $scope,
-            'access_token' => $token,
-        ];
-
-        return response()->json($content);
-    }
-
-    protected function verifyIndieAuthCode(
-        string $authorizationEndpoint,
-        string $code,
-        string $redirectUri,
-        string $clientId
-    ): ?array {
-        try {
-            $response = $this->guzzle->request('POST', $authorizationEndpoint, [
-                'headers' => [
-                    'Accept' => 'application/json',
-                ],
-                'form_params' => [
-                    'code' => $code,
-                    'me' => config('app.url'),
-                    'redirect_uri' => $redirectUri,
-                    'client_id' => $clientId,
-                ],
-            ]);
-        } catch (BadResponseException) {
-            return null;
-        }
-
-        try {
-            $authData = json_decode((string) $response->getBody(), true, 512, JSON_THROW_ON_ERROR);
-        } catch (JsonException) {
-            return null;
-        }
-
-        return $authData;
-    }
-}

app/Http/Controllers/WebMentionsController.php

@@ -12,9 +12,6 @@ use Illuminate\Http\Response;
 use Illuminate\View\View;
 use Jonnybarnes\IndieWeb\Numbers;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class WebMentionsController extends Controller
 {
     /**
@@ -33,7 +30,7 @@ class WebMentionsController extends Controller
      */
     public function receive(Request $request): Response
     {
-        //first we trivially reject requests that lack all required inputs
+        // first we trivially reject requests that lack all required inputs
         if (($request->has('target') !== true) || ($request->has('source') !== true)) {
             return response(
                 'You need both the target and source parameters',
@@ -41,12 +38,12 @@ class WebMentionsController extends Controller
             );
         }
 
-        //next check the $target is valid
+        // next check the $target is valid
         $path = parse_url($request->input('target'), PHP_URL_PATH);
         $pathParts = explode('/', $path);
 
         if ($pathParts[1] === 'notes') {
-            //we have a note
+            // we have a note
             $noteId = $pathParts[2];
             try {
                 $note = Note::findOrFail(resolve(Numbers::class)->b60tonum($noteId));

app/Http/Kernel.php

@@ -1,74 +0,0 @@
-<?php
-
-namespace App\Http;
-
-use Illuminate\Foundation\Http\Kernel as HttpKernel;
-
-class Kernel extends HttpKernel
-{
-    /**
-     * The application's global HTTP middleware stack.
-     *
-     * These middleware are run during every request to your application.
-     *
-     * @var array<int, class-string|string>
-     */
-    protected $middleware = [
-        // \App\Http\Middleware\TrustHosts::class,
-        \App\Http\Middleware\TrustProxies::class,
-        \Illuminate\Http\Middleware\HandleCors::class,
-        \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
-    ];
-
-    /**
-     * The application's route middleware groups.
-     *
-     * @var array<string, array<int, class-string|string>>
-     */
-    protected $middlewareGroups = [
-        'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            \App\Http\Middleware\LinkHeadersMiddleware::class,
-            \App\Http\Middleware\LocalhostSessionMiddleware::class,
-            \App\Http\Middleware\CSPHeader::class,
-        ],
-
-        'api' => [
-            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        ],
-    ];
-
-    /**
-     * The application's middleware aliases.
-     *
-     * Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
-     *
-     * @var array<string, class-string|string>
-     */
-    protected $middlewareAliases = [
-        'auth' => \App\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
-        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
-        'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
-        'signed' => \App\Http\Middleware\ValidateSignature::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
-        'micropub.token' => \App\Http\Middleware\VerifyMicropubToken::class,
-        'myauth' => \App\Http\Middleware\MyAuthMiddleware::class,
-        'cors' => \App\Http\Middleware\CorsHeaders::class,
-    ];
-}

app/Http/Middleware/CSPHeader.php

@@ -1,48 +0,0 @@
-<?php
-
-namespace App\Http\Middleware;
-
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\App;
-use Symfony\Component\HttpFoundation\Response;
-
-class CSPHeader
-{
-    /**
-     * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
-     */
-    public function handle(Request $request, Closure $next): Response
-    {
-        if (App::environment('local', 'development')) {
-            return $next($request);
-        }
-
-        // headers have to be single-line strings,
-        // so we concat multiple lines
-        // phpcs:disable Generic.Files.LineLength.TooLong
-        return $next($request)
-            ->header(
-                'Content-Security-Policy',
-                "default-src 'self'; " .
-                "style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
-                "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
-                "font-src 'self' data:; " .
-                "frame-src 'self' https://www.youtube.com blob:; " .
-                'upgrade-insecure-requests; ' .
-                'block-all-mixed-content; ' .
-                'report-to csp-endpoint; ' .
-                'report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;'
-            )->header(
-                'Report-To',
-                '{' .
-                        "'url': 'https://jonnybarnes.report-uri.io/r/default/csp/enforce', " .
-                        "'group': 'csp-endpoint', " .
-                        "'max-age': 10886400" .
-                '}'
-            );
-        // phpcs:enable Generic.Files.LineLength.TooLong
-    }
-}

app/Http/Middleware/CorsHeaders.php

@@ -10,8 +10,6 @@ class CorsHeaders
 {
     /**
      * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {

app/Http/Middleware/LinkHeadersMiddleware.php

@@ -10,16 +10,15 @@ class LinkHeadersMiddleware
 {
     /**
      * Handle an incoming request.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {
         $response = $next($request);
-        $response->header('Link', '<https://indieauth.com/auth>; rel="authorization_endpoint"', false);
+        $response->header('Link', '<' . route('indieauth.metadata') . '>; rel="indieauth-metadata"', false);
-        $response->header('Link', '<' . config('app.url') . '/api/token>; rel="token_endpoint"', false);
+        $response->header('Link', '<' . route('indieauth.start') . '>; rel="authorization_endpoint"', false);
-        $response->header('Link', '<' . config('app.url') . '/api/post>; rel="micropub"', false);
+        $response->header('Link', '<' . route('indieauth.token') . '>; rel="token_endpoint"', false);
-        $response->header('Link', '<' . config('app.url') . '/webmention>; rel="webmention"', false);
+        $response->header('Link', '<' . route('micropub-endpoint') . '>; rel="micropub"', false);
+        $response->header('Link', '<' . route('webmention-endpoint') . '>; rel="webmention"', false);
 
         return $response;
     }

app/Http/Middleware/LocalhostSessionMiddleware.php

@@ -14,8 +14,6 @@ class LocalhostSessionMiddleware
      * Whilst we are developing locally, automatically log in as
      * `['me' => config('app.url')]` as I can’t manually log in as
      * a .localhost domain.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {

app/Http/Middleware/LogMicropubRequest.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Monolog\Handler\StreamHandler;
+use Monolog\Logger;
+
+class LogMicropubRequest
+{
+    public function handle(Request $request, Closure $next): Response|JsonResponse
+    {
+        $logger = new Logger('micropub');
+        $logger->pushHandler(new StreamHandler(storage_path('logs/micropub.log')));
+        $logger->debug('MicropubLog', $request->all());
+
+        return $next($request);
+    }
+}

app/Http/Middleware/MyAuthMiddleware.php

@@ -13,13 +13,13 @@ class MyAuthMiddleware
 {
     /**
      * Check the user is logged in.
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function handle(Request $request, Closure $next): Response
     {
         if (Auth::check() === false) {
             // they’re not logged in, so send them to login form
+            redirect()->setIntendedUrl($request->fullUrl());
+
             return redirect()->route('login');
         }
 

app/Http/Middleware/ValidateSignature.php

@@ -10,8 +10,6 @@ class ValidateSignature extends Middleware
      * The names of the query string parameters that should be ignored.
      *
      * @var array<int, string>
-     *
-     * @psalm-suppress PossiblyUnusedProperty
      */
     protected $except = [
         // 'fbclid',

app/Http/Middleware/VerifyMicropubToken.php

@@ -4,8 +4,14 @@ declare(strict_types=1);
 
 namespace App\Http\Middleware;
 
+use App\Http\Responses\MicropubResponses;
 use Closure;
 use Illuminate\Http\Request;
+use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Encoding\CannotDecodeContent;
+use Lcobucci\JWT\Token;
+use Lcobucci\JWT\Token\InvalidTokenStructure;
+use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
 use Symfony\Component\HttpFoundation\Response;
 
 class VerifyMicropubToken
@@ -13,24 +19,63 @@ class VerifyMicropubToken
     /**
      * Handle an incoming request.
      *
-     * @psalm-suppress PossiblyUnusedMethod
+     * @param  Closure(Request): (Response)  $next
      */
     public function handle(Request $request, Closure $next): Response
     {
+        $rawToken = null;
+
         if ($request->input('access_token')) {
-            return $next($request);
+            $rawToken = $request->input('access_token');
-        }
+        } elseif ($request->bearerToken()) {
-
+            $rawToken = $request->bearerToken();
-        if ($request->bearerToken()) {
-            return $next($request->merge([
-                'access_token' => $request->bearerToken(),
-            ]));
         }
 
+        if (! $rawToken) {
             return response()->json([
                 'response' => 'error',
                 'error' => 'unauthorized',
                 'error_description' => 'No access token was provided in the request',
             ], 401);
         }
+
+        try {
+            $tokenData = $this->validateToken($rawToken);
+        } catch (RequiredConstraintsViolated|InvalidTokenStructure|CannotDecodeContent) {
+            $micropubResponses = new MicropubResponses;
+
+            return $micropubResponses->invalidTokenResponse();
+        }
+
+        if ($tokenData->claims()->has('scope') === false) {
+            $micropubResponses = new MicropubResponses;
+
+            return $micropubResponses->tokenHasNoScopeResponse();
+        }
+
+        return $next($request->merge([
+            'access_token' => $rawToken,
+            'token_data' => [
+                'me' => $tokenData->claims()->get('me'),
+                'scope' => $tokenData->claims()->get('scope'),
+                'client_id' => $tokenData->claims()->get('client_id'),
+            ],
+        ]));
+    }
+
+    /**
+     * Check the token signature is valid.
+     */
+    private function validateToken(string $bearerToken): Token
+    {
+        $config = resolve(Configuration::class);
+
+        $token = $config->parser()->parse($bearerToken);
+
+        $constraints = $config->validationConstraints();
+
+        $config->validator()->assert($token, ...$constraints);
+
+        return $token;
+    }
 }

app/Http/Requests/MicropubRequest.php

@@ -0,0 +1,106 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Arr;
+
+class MicropubRequest extends FormRequest
+{
+    protected array $micropubData = [];
+
+    public function rules(): array
+    {
+        return [
+            // Validation rules
+        ];
+    }
+
+    public function getMicropubData(): array
+    {
+        return $this->micropubData;
+    }
+
+    public function getType(): ?string
+    {
+        // Return consistent type regardless of input format
+        return $this->micropubData['type'] ?? null;
+    }
+
+    protected function prepareForValidation(): void
+    {
+        // Normalize the request data based on content type
+        if ($this->isJson()) {
+            $this->normalizeMicropubJson();
+        } else {
+            $this->normalizeMicropubForm();
+        }
+    }
+
+    private function normalizeMicropubJson(): void
+    {
+        $json = $this->json();
+        if ($json === null) {
+            throw new \InvalidArgumentException('`isJson()` passed but there is no json data');
+        }
+
+        $data = $json->all();
+
+        // Convert JSON type (h-entry) to simple type (entry)
+        if (isset($data['type']) && is_array($data['type'])) {
+            $type = current($data['type']);
+            if (strpos($type, 'h-') === 0) {
+                $this->micropubData['type'] = substr($type, 2);
+            }
+        }
+        // Or set the type to update
+        elseif (isset($data['action']) && $data['action'] === 'update') {
+            $this->micropubData['type'] = 'update';
+        }
+
+        // Add in the token data
+        $this->micropubData['token_data'] = $data['token_data'];
+
+        // Add h-entry values
+        $this->micropubData['content'] = Arr::get($data, 'properties.content.0');
+        $this->micropubData['in-reply-to'] = Arr::get($data, 'properties.in-reply-to.0');
+        $this->micropubData['published'] = Arr::get($data, 'properties.published.0');
+        $this->micropubData['location'] = Arr::get($data, 'location');
+        $this->micropubData['bookmark-of'] = Arr::get($data, 'properties.bookmark-of.0');
+        $this->micropubData['like-of'] = Arr::get($data, 'properties.like-of.0');
+        $this->micropubData['mp-syndicate-to'] = Arr::get($data, 'properties.mp-syndicate-to');
+
+        // Add h-card values
+        $this->micropubData['name'] = Arr::get($data, 'properties.name.0');
+        $this->micropubData['description'] = Arr::get($data, 'properties.description.0');
+        $this->micropubData['geo'] = Arr::get($data, 'properties.geo.0');
+
+        // Add checkin value
+        $this->micropubData['checkin'] = Arr::get($data, 'checkin');
+        $this->micropubData['syndication'] = Arr::get($data, 'properties.syndication.0');
+    }
+
+    private function normalizeMicropubForm(): void
+    {
+        // Convert form h=entry to type=entry
+        if ($h = $this->input('h')) {
+            $this->micropubData['type'] = $h;
+        }
+
+        // Add some fields to the micropub data with default null values
+        $this->micropubData['in-reply-to'] = null;
+        $this->micropubData['published'] = null;
+        $this->micropubData['location'] = null;
+        $this->micropubData['description'] = null;
+        $this->micropubData['geo'] = null;
+        $this->micropubData['latitude'] = null;
+        $this->micropubData['longitude'] = null;
+
+        // Map form fields to micropub data
+        foreach ($this->except(['h', 'access_token']) as $key => $value) {
+            $this->micropubData[$key] = $value;
+        }
+    }
+}

app/Jobs/DownloadWebMention.php

@@ -24,8 +24,7 @@ class DownloadWebMention implements ShouldQueue
      */
     public function __construct(
         protected string $source
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.
@@ -36,30 +35,30 @@ class DownloadWebMention implements ShouldQueue
     public function handle(Client $guzzle): void
     {
         $response = $guzzle->request('GET', $this->source);
-        //4XX and 5XX responses should get Guzzle to throw an exception,
+        // 4XX and 5XX responses should get Guzzle to throw an exception,
-        //Laravel should catch and retry these automatically.
+        // Laravel should catch and retry these automatically.
         if ($response->getStatusCode() === 200) {
-            $filesystem = new FileSystem();
+            $filesystem = new FileSystem;
             $filename = storage_path('HTML') . '/' . $this->createFilenameFromURL($this->source);
-            //backup file first
+            // backup file first
             $filenameBackup = $filename . '.' . date('Y-m-d') . '.backup';
             if ($filesystem->exists($filename)) {
                 $filesystem->copy($filename, $filenameBackup);
             }
-            //check if base directory exists
+            // check if base directory exists
             if (! $filesystem->exists($filesystem->dirname($filename))) {
                 $filesystem->makeDirectory(
                     $filesystem->dirname($filename),
-                    0755,  //mode
+                    0755,  // mode
-                    true //recursive
+                    true // recursive
                 );
             }
-            //save new HTML
+            // save new HTML
             $filesystem->put(
                 $filename,
                 (string) $response->getBody()
             );
-            //remove backup if the same
+            // remove backup if the same
             if ($filesystem->exists($filenameBackup)) {
                 if ($filesystem->get($filename) === $filesystem->get($filenameBackup)) {
                     $filesystem->delete($filenameBackup);

app/Jobs/ProcessBookmark.php

@@ -25,8 +25,7 @@ class ProcessBookmark implements ShouldQueue
      */
     public function __construct(
         protected Bookmark $bookmark
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.

app/Jobs/ProcessLike.php

@@ -30,8 +30,7 @@ class ProcessLike implements ShouldQueue
      */
     public function __construct(
         protected Like $like
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.
@@ -50,7 +49,7 @@ class ProcessLike implements ShouldQueue
             $this->like->content = $tweet->html;
             $this->like->save();
 
-            //POSSE like
+            // POSSE like
             try {
                 $client->request(
                     'POST',

app/Jobs/ProcessMedia.php

@@ -25,43 +25,45 @@ class ProcessMedia implements ShouldQueue
      */
     public function __construct(
         protected string $filename
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.
      */
     public function handle(ImageManager $manager): void
     {
-        //open file
+        // Load file
+        $file = Storage::disk('local')->get('media/' . $this->filename);
+
+        // Open file
         try {
-            $image = $manager->read(storage_path('app') . '/' . $this->filename);
+            $image = $manager->read($file);
         } catch (DecoderException) {
             // not an image; delete file and end job
-            unlink(storage_path('app') . '/' . $this->filename);
+            Storage::disk('local')->delete('media/' . $this->filename);
 
             return;
         }
-        //create smaller versions if necessary
+
+        // Save the file publicly
+        Storage::disk('public')->put('media/' . $this->filename, $file);
+
+        // Create smaller versions if necessary
         if ($image->width() > 1000) {
             $filenameParts = explode('.', $this->filename);
             $extension = array_pop($filenameParts);
             // the following achieves this data flow
             // foo.bar.png => ['foo', 'bar', 'png'] => ['foo', 'bar'] => foo.bar
-            $basename = ltrim(array_reduce($filenameParts, function ($carry, $item) {
+            $basename = trim(implode('.', $filenameParts), '.');
-                return $carry . '.' . $item;
+
-            }, ''), '.');
+            $medium = $image->resize(width: 1000);
-            $medium = $image->resize(1000, null, function ($constraint) {
+            Storage::disk('public')->put('media/' . $basename . '-medium.' . $extension, (string) $medium->encode());
-                $constraint->aspectRatio();
+
-            });
+            $small = $image->resize(width: 500);
-            Storage::disk('s3')->put('media/' . $basename . '-medium.' . $extension, (string) $medium->encode());
+            Storage::disk('public')->put('media/' . $basename . '-small.' . $extension, (string) $small->encode());
-            $small = $image->resize(500, null, function ($constraint) {
-                $constraint->aspectRatio();
-            });
-            Storage::disk('s3')->put('media/' . $basename . '-small.' . $extension, (string) $small->encode());
         }
 
-        // now we can delete the locally saved image
+        // Now we can delete the locally saved image
-        unlink(storage_path('app') . '/' . $this->filename);
+        Storage::disk('local')->delete('media/' . $this->filename);
     }
 }

app/Jobs/ProcessWebMention.php

@@ -30,8 +30,7 @@ class ProcessWebMention implements ShouldQueue
     public function __construct(
         protected Note $note,
         protected string $source
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.
@@ -45,7 +44,7 @@ class ProcessWebMention implements ShouldQueue
         try {
             $response = $guzzle->request('GET', $this->source);
         } catch (RequestException $e) {
-            throw new RemoteContentNotFoundException();
+            throw new RemoteContentNotFoundException;
         }
         $this->saveRemoteContent((string) $response->getBody(), $this->source);
         $microformats = Mf2\parse((string) $response->getBody(), $this->source);
@@ -54,7 +53,7 @@ class ProcessWebMention implements ShouldQueue
             // check webmention still references target
             // we try each type of mention (reply/like/repost)
             if ($webmention->type === 'in-reply-to') {
-                if ($parser->checkInReplyTo($microformats, $this->note->longurl) === false) {
+                if ($parser->checkInReplyTo($microformats, $this->note->uri) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -68,7 +67,7 @@ class ProcessWebMention implements ShouldQueue
                 return;
             }
             if ($webmention->type === 'like-of') {
-                if ($parser->checkLikeOf($microformats, $this->note->longurl) === false) {
+                if ($parser->checkLikeOf($microformats, $this->note->uri) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -76,7 +75,7 @@ class ProcessWebMention implements ShouldQueue
                 } // note we don’t need to do anything if it still is a like
             }
             if ($webmention->type === 'repost-of') {
-                if ($parser->checkRepostOf($microformats, $this->note->longurl) === false) {
+                if ($parser->checkRepostOf($microformats, $this->note->uri) === false) {
                     // it doesn’t so delete
                     $webmention->delete();
 
@@ -86,13 +85,13 @@ class ProcessWebMention implements ShouldQueue
         }// foreach
 
         // no webmention in the db so create new one
-        $webmention = new WebMention();
+        $webmention = new WebMention;
         $type = $parser->getMentionType($microformats); // throw error here?
         dispatch(new SaveProfileImage($microformats));
         $webmention->source = $this->source;
-        $webmention->target = $this->note->longurl;
+        $webmention->target = $this->note->uri;
         $webmention->commentable_id = $this->note->id;
-        $webmention->commentable_type = 'App\Model\Note';
+        $webmention->commentable_type = Note::class;
         $webmention->type = $type;
         $webmention->mf2 = json_encode($microformats);
         $webmention->save();

app/Jobs/SaveProfileImage.php

@@ -25,8 +25,7 @@ class SaveProfileImage implements ShouldQueue
      */
     public function __construct(
         protected array $microformats
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.
@@ -50,7 +49,7 @@ class SaveProfileImage implements ShouldQueue
             $home = array_shift($home);
         }
 
-        //dont save pbs.twimg.com links
+        // dont save pbs.twimg.com links
         if (
             $photo
             && parse_url($photo, PHP_URL_HOST) !== 'pbs.twimg.com'

app/Jobs/SaveScreenshot.php

@@ -23,8 +23,7 @@ class SaveScreenshot implements ShouldQueue
      */
     public function __construct(
         protected Bookmark $bookmark
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.

app/Jobs/SendWebMentions.php

@@ -27,8 +27,7 @@ class SendWebMentions implements ShouldQueue
      */
     public function __construct(
         protected Note $note
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.
@@ -46,7 +45,7 @@ class SendWebMentions implements ShouldQueue
                 $guzzle = resolve(Client::class);
                 $guzzle->post($endpoint, [
                     'form_params' => [
-                        'source' => $this->note->longurl,
+                        'source' => $this->note->uri,
                         'target' => $url,
                     ],
                 ]);
@@ -62,7 +61,7 @@ class SendWebMentions implements ShouldQueue
     public function discoverWebmentionEndpoint(string $url): ?string
     {
         // let’s not send webmentions to myself
-        if (parse_url($url, PHP_URL_HOST) === config('url.longurl')) {
+        if (parse_url($url, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
             return null;
         }
         if (Str::startsWith($url, '/notes/tagged/')) {
@@ -73,7 +72,7 @@ class SendWebMentions implements ShouldQueue
 
         $guzzle = resolve(Client::class);
         $response = $guzzle->get($url);
-        //check HTTP Headers for webmention endpoint
+        // check HTTP Headers for webmention endpoint
         $links = Header::parse($response->getHeader('Link'));
         foreach ($links as $link) {
             if (array_key_exists('rel', $link) && mb_stristr($link['rel'], 'webmention')) {
@@ -81,7 +80,7 @@ class SendWebMentions implements ShouldQueue
             }
         }
 
-        //failed to find a header so parse HTML
+        // failed to find a header so parse HTML
         $html = (string) $response->getBody();
 
         $mf2 = new \Mf2\Parser($html, $url);
@@ -109,7 +108,7 @@ class SendWebMentions implements ShouldQueue
         }
 
         $urls = [];
-        $dom = new \DOMDocument();
+        $dom = new \DOMDocument;
         $dom->loadHTML($html);
         $anchors = $dom->getElementsByTagName('a');
         foreach ($anchors as $anchor) {

app/Jobs/SyndicateNoteToBluesky.php

@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Jobs;
+
+use App\Models\Note;
+use GuzzleHttp\Client;
+use GuzzleHttp\Exception\GuzzleException;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+
+class SyndicateNoteToBluesky implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    /**
+     * Create a new job instance.
+     */
+    public function __construct(
+        protected Note $note
+    ) {}
+
+    /**
+     * Execute the job.
+     *
+     * @throws GuzzleException
+     */
+    public function handle(Client $guzzle): void
+    {
+        // We can only make the request if we have an access token
+        if (config('bridgy.bluesky_token') === null) {
+            return;
+        }
+
+        // Make micropub request
+        $response = $guzzle->request(
+            'POST',
+            'https://brid.gy/micropub',
+            [
+                'headers' => [
+                    'Authorization' => 'Bearer ' . config('bridgy.bluesky_token'),
+                ],
+                'json' => [
+                    'type' => ['h-entry'],
+                    'properties' => [
+                        'content' => [$this->note->getRawOriginal('note')],
+                    ],
+                ],
+            ]
+        );
+
+        // Parse for syndication URL
+        if ($response->getStatusCode() === 201) {
+            $this->note->bluesky_url = $response->getHeader('Location')[0];
+            $this->note->save();
+        }
+    }
+}

app/Jobs/SyndicateNoteToMastodon.php

@@ -22,8 +22,7 @@ class SyndicateNoteToMastodon implements ShouldQueue
      */
     public function __construct(
         protected Note $note
-    ) {
+    ) {}
-    }
 
     /**
      * Execute the job.

app/Models/Article.php

@@ -58,10 +58,10 @@ class Article extends Model
     {
         return Attribute::get(
             get: function () {
-                $environment = new Environment();
+                $environment = new Environment;
-                $environment->addExtension(new CommonMarkCoreExtension());
+                $environment->addExtension(new CommonMarkCoreExtension);
-                $environment->addRenderer(FencedCode::class, new FencedCodeRenderer());
+                $environment->addRenderer(FencedCode::class, new FencedCodeRenderer);
-                $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer());
+                $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer);
                 $markdownConverter = new MarkdownConverter($environment);
 
                 return $markdownConverter->convert($this->main)->getContent();

app/Models/Bookmark.php

@@ -26,7 +26,7 @@ class Bookmark extends Model
         return $this->belongsToMany('App\Models\Tag');
     }
 
-    protected function longurl(): Attribute
+    protected function local_uri(): Attribute
     {
         return Attribute::get(
             get: fn () => config('app.url') . '/bookmarks/' . $this->id,

app/Models/Media.php

@@ -33,7 +33,7 @@ class Media extends Model
                     return $attributes['path'];
                 }
 
-                return config('filesystems.disks.s3.url') . '/' . $attributes['path'];
+                return config('app.url') . '/storage/' . $attributes['path'];
             }
         );
     }
@@ -78,7 +78,7 @@ class Media extends Model
         $basename = $this->getBasename($path);
         $extension = $this->getExtension($path);
 
-        return config('filesystems.disks.s3.url') . '/' . $basename . '-' . $size . '.' . $extension;
+        return config('app.url') . '/storage/' . $basename . '-' . $size . '.' . $extension;
     }
 
     private function getBasename(string $path): string

app/Models/Note.php

@@ -111,7 +111,7 @@ class Note extends Model
     {
         if ($value !== null) {
             $normalized = normalizer_normalize($value, Normalizer::FORM_C);
-            if ($normalized === '') { //we don’t want to save empty strings to the db
+            if ($normalized === '') { // we don’t want to save empty strings to the db
                 $normalized = null;
             }
             $this->attributes['note'] = $normalized;
@@ -124,7 +124,7 @@ class Note extends Model
     public function getNoteAttribute(?string $value): ?string
     {
         if ($value === null && $this->place !== null) {
-            $value = '📍: <a href="' . $this->place->longurl . '">' . $this->place->name . '</a>';
+            $value = '📍: <a href="' . $this->place->uri . '">' . $this->place->name . '</a>';
         }
 
         // if $value is still null, just return null
@@ -172,16 +172,11 @@ class Note extends Model
         return (string) resolve(Numbers::class)->numto60($this->id);
     }
 
-    public function getLongurlAttribute(): string
+    public function getUriAttribute(): string
     {
         return config('app.url') . '/notes/' . $this->nb60id;
     }
 
-    public function getShorturlAttribute(): string
-    {
-        return config('url.shorturl') . '/notes/' . $this->nb60id;
-    }
-
     public function getIso8601Attribute(): string
     {
         return $this->updated_at->toISO8601String();
@@ -271,7 +266,7 @@ class Note extends Model
             ]);
 
             if ($oEmbed->httpstatus >= 400) {
-                throw new Exception();
+                throw new Exception;
             }
         } catch (Exception $e) {
             return null;
@@ -388,18 +383,18 @@ class Note extends Model
                 'mentions_handle' => [
                     'prefix' => '@',
                     'pattern' => '([\w@.])+(\b)',
-                    'generator' => new MentionGenerator(),
+                    'generator' => new MentionGenerator,
                 ],
             ],
         ];
 
         $environment = new Environment($config);
-        $environment->addExtension(new CommonMarkCoreExtension());
+        $environment->addExtension(new CommonMarkCoreExtension);
-        $environment->addExtension(new AutolinkExtension());
+        $environment->addExtension(new AutolinkExtension);
-        $environment->addExtension(new MentionExtension());
+        $environment->addExtension(new MentionExtension);
-        $environment->addRenderer(Mention::class, new MentionRenderer());
+        $environment->addRenderer(Mention::class, new MentionRenderer);
-        $environment->addRenderer(FencedCode::class, new FencedCodeRenderer());
+        $environment->addRenderer(FencedCode::class, new FencedCodeRenderer);
-        $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer());
+        $environment->addRenderer(IndentedCode::class, new IndentedCodeRenderer);
         $markdownConverter = new MarkdownConverter($environment);
 
         return $markdownConverter->convert($note)->getContent();

app/Models/Place.php

@@ -59,7 +59,7 @@ class Place extends Model
                      * sin(radians(places.latitude))))";
 
         return $query
-            ->select() //pick the columns you want here.
+            ->select() // pick the columns you want here.
             ->selectRaw("{$haversine} AS distance")
             ->whereRaw("{$haversine} < ?", [$distance]);
     }
@@ -74,24 +74,10 @@ class Place extends Model
         ]));
     }
 
-    protected function longurl(): Attribute
-    {
-        return Attribute::get(
-            get: fn ($value, $attributes) => config('app.url') . '/places/' . $attributes['slug'],
-        );
-    }
-
-    protected function shorturl(): Attribute
-    {
-        return Attribute::get(
-            get: fn ($value, $attributes) => config('url.shorturl') . '/places/' . $attributes['slug'],
-        );
-    }
-
     protected function uri(): Attribute
     {
         return Attribute::get(
-            get: fn () => $this->longurl,
+            get: static fn ($value, $attributes) => config('app.url') . '/places/' . $attributes['slug'],
         );
     }
 

app/Models/WebMention.php

@@ -42,7 +42,7 @@ class WebMention extends Model
                     return null;
                 }
 
-                $authorship = new Authorship();
+                $authorship = new Authorship;
                 $hCard = $authorship->findAuthor(json_decode($attributes['mf2'], true));
 
                 if ($hCard === false) {
@@ -109,13 +109,21 @@ class WebMention extends Model
     /**
      * Create the photo link.
      */
-    public function createPhotoLink(string $url): string
+    public function createPhotoLink(string|array $url): string
     {
+        if (is_array($url)) {
+            if (! array_key_exists('value', $url)) {
+                return '';
+            }
+
+            $url = $url['value'];
+        }
+
         $url = normalize_url($url);
         $host = parse_url($url, PHP_URL_HOST);
 
         if ($host === 'pbs.twimg.com') {
-            //make sure we use HTTPS, we know twitter supports it
+            // make sure we use HTTPS, we know twitter supports it
             return str_replace('http://', 'https://', $url);
         }
 
@@ -127,12 +135,12 @@ class WebMention extends Model
             $codebird = resolve(Codebird::class);
             $info = $codebird->users_show(['screen_name' => $username]);
             $profile_image = $info->profile_image_url_https;
-            Cache::put($url, $profile_image, 10080); //1 week
+            Cache::put($url, $profile_image, 10080); // 1 week
 
             return $profile_image;
         }
 
-        $filesystem = new Filesystem();
+        $filesystem = new Filesystem;
         if ($filesystem->exists(public_path() . '/assets/profile-images/' . $host . '/image')) {
             return '/assets/profile-images/' . $host . '/image';
         }

app/Observers/NoteObserver.php

@@ -9,15 +9,10 @@ use App\Models\Tag;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 
-/**
- * @todo Do we need psalm-suppress for these observer methods?
- */
 class NoteObserver
 {
     /**
-     * Listen to the Note created event.
+     * Listen to the Note created event.=
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function created(Note $note): void
     {
@@ -39,9 +34,7 @@ class NoteObserver
     }
 
     /**
-     * Listen to the Note updated event.
+     * Listen to the Note updated event.=
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function updated(Note $note): void
     {
@@ -65,9 +58,7 @@ class NoteObserver
     }
 
     /**
-     * Listen to the Note deleting event.
+     * Listen to the Note deleting event.=
-     *
-     * @psalm-suppress PossiblyUnusedMethod
      */
     public function deleting(Note $note): void
     {

app/Providers/AppServiceProvider.php

@@ -88,9 +88,9 @@ class AppServiceProvider extends ServiceProvider
         $this->app->bind('Lcobucci\JWT\Configuration', function () {
             $key = InMemory::plainText(config('app.key'));
 
-            $config = Configuration::forSymmetricSigner(new Sha256(), $key);
+            $config = Configuration::forSymmetricSigner(new Sha256, $key);
 
-            $config->setValidationConstraints(new SignedWith(new Sha256(), $key));
+            $config->setValidationConstraints(new SignedWith(new Sha256, $key));
 
             return $config;
         });
@@ -98,7 +98,7 @@ class AppServiceProvider extends ServiceProvider
         // Configure HtmlSanitizer
         $this->app->bind(HtmlSanitizer::class, function () {
             return new HtmlSanitizer(
-                (new HtmlSanitizerConfig())
+                (new HtmlSanitizerConfig)
                     ->allowSafeElements()
                     ->forceAttribute('a', 'rel', 'noopener nofollow')
             );

app/Providers/HorizonServiceProvider.php

@@ -5,9 +5,6 @@ namespace App\Providers;
 use Illuminate\Support\Facades\Gate;
 use Laravel\Horizon\HorizonApplicationServiceProvider;
 
-/**
- * @psalm-suppress UnusedClass
- */
 class HorizonServiceProvider extends HorizonApplicationServiceProvider
 {
     /**

app/Providers/MicropubServiceProvider.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Providers;
+
+use App\Services\Micropub\CardHandler;
+use App\Services\Micropub\EntryHandler;
+use App\Services\Micropub\MicropubHandlerRegistry;
+use Illuminate\Support\ServiceProvider;
+
+class MicropubServiceProvider extends ServiceProvider
+{
+    public function register(): void
+    {
+        $this->app->singleton(MicropubHandlerRegistry::class, function () {
+            $registry = new MicropubHandlerRegistry;
+
+            // Register handlers
+            $registry->register('card', new CardHandler);
+            $registry->register('entry', new EntryHandler);
+
+            return $registry;
+        });
+    }
+}

app/Services/ArticleService.php

@@ -6,13 +6,13 @@ namespace App\Services;
 
 use App\Models\Article;
 
-class ArticleService extends Service
+class ArticleService
 {
-    public function create(array $request, ?string $client = null): Article
+    public function create(array $data): Article
     {
         return Article::create([
-            'title' => $this->getDataByKey($request, 'name'),
+            'title' => $data['name'],
-            'main' => $this->getDataByKey($request, 'content'),
+            'main' => $data['content'],
             'published' => true,
         ]);
     }

app/Services/BookmarkService.php

@@ -10,28 +10,29 @@ use App\Models\Bookmark;
 use App\Models\Tag;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\ClientException;
+use GuzzleHttp\Exception\GuzzleException;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 
-class BookmarkService extends Service
+class BookmarkService
 {
     /**
      * Create a new Bookmark.
      */
-    public function create(array $request, ?string $client = null): Bookmark
+    public function create(array $data): Bookmark
     {
-        if (Arr::get($request, 'properties.bookmark-of.0')) {
+        if (Arr::get($data, 'properties.bookmark-of.0')) {
-            //micropub request
+            // micropub request
-            $url = normalize_url(Arr::get($request, 'properties.bookmark-of.0'));
+            $url = normalize_url(Arr::get($data, 'properties.bookmark-of.0'));
-            $name = Arr::get($request, 'properties.name.0');
+            $name = Arr::get($data, 'properties.name.0');
-            $content = Arr::get($request, 'properties.content.0');
+            $content = Arr::get($data, 'properties.content.0');
-            $categories = Arr::get($request, 'properties.category');
+            $categories = Arr::get($data, 'properties.category');
         }
-        if (Arr::get($request, 'bookmark-of')) {
+        if (Arr::get($data, 'bookmark-of')) {
-            $url = normalize_url(Arr::get($request, 'bookmark-of'));
+            $url = normalize_url(Arr::get($data, 'bookmark-of'));
-            $name = Arr::get($request, 'name');
+            $name = Arr::get($data, 'name');
-            $content = Arr::get($request, 'content');
+            $content = Arr::get($data, 'content');
-            $categories = Arr::get($request, 'category');
+            $categories = Arr::get($data, 'category');
         }
 
         $bookmark = Bookmark::create([
@@ -54,6 +55,7 @@ class BookmarkService extends Service
      * Given a URL, attempt to save it to the Internet Archive.
      *
      * @throws InternetArchiveException
+     * @throws GuzzleException
      */
     public function getArchiveLink(string $url): string
     {
@@ -61,8 +63,8 @@ class BookmarkService extends Service
         try {
             $response = $client->request('GET', 'https://web.archive.org/save/' . $url);
         } catch (ClientException $e) {
-            //throw an exception to be caught
+            // throw an exception to be caught
-            throw new InternetArchiveException();
+            throw new InternetArchiveException;
         }
         if ($response->hasHeader('Content-Location')) {
             if (Str::startsWith(Arr::get($response->getHeader('Content-Location'), 0), '/web')) {
@@ -70,7 +72,7 @@ class BookmarkService extends Service
             }
         }
 
-        //throw an exception to be caught
+        // throw an exception to be caught
-        throw new InternetArchiveException();
+        throw new InternetArchiveException;
     }
 }

app/Services/LikeService.php

@@ -8,19 +8,19 @@ use App\Jobs\ProcessLike;
 use App\Models\Like;
 use Illuminate\Support\Arr;
 
-class LikeService extends Service
+class LikeService
 {
     /**
      * Create a new Like.
      */
-    public function create(array $request, ?string $client = null): Like
+    public function create(array $data): Like
     {
-        if (Arr::get($request, 'properties.like-of.0')) {
+        if (Arr::get($data, 'properties.like-of.0')) {
-            //micropub request
+            // micropub request
-            $url = normalize_url(Arr::get($request, 'properties.like-of.0'));
+            $url = normalize_url(Arr::get($data, 'properties.like-of.0'));
         }
-        if (Arr::get($request, 'like-of')) {
+        if (Arr::get($data, 'like-of')) {
-            $url = normalize_url(Arr::get($request, 'like-of'));
+            $url = normalize_url(Arr::get($data, 'like-of'));
         }
 
         $like = Like::create(['url' => $url]);

app/Services/Micropub/CardHandler.php

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services\Micropub;
+
+use App\Exceptions\InvalidTokenScopeException;
+use App\Services\PlaceService;
+
+class CardHandler implements MicropubHandlerInterface
+{
+    /**
+     * @throws InvalidTokenScopeException
+     */
+    public function handle(array $data): array
+    {
+        // Handle h-card requests
+        $scopes = $data['token_data']['scope'];
+        if (is_string($scopes)) {
+            $scopes = explode(' ', $scopes);
+        }
+
+        if (! in_array('create', $scopes, true)) {
+            throw new InvalidTokenScopeException;
+        }
+
+        $location = resolve(PlaceService::class)->createPlace($data)->uri;
+
+        return [
+            'response' => 'created',
+            'url' => $location,
+        ];
+    }
+}

app/Services/Micropub/EntryHandler.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services\Micropub;
+
+use App\Exceptions\InvalidTokenScopeException;
+use App\Services\ArticleService;
+use App\Services\BookmarkService;
+use App\Services\LikeService;
+use App\Services\NoteService;
+
+class EntryHandler implements MicropubHandlerInterface
+{
+    /**
+     * @throws InvalidTokenScopeException
+     */
+    public function handle(array $data)
+    {
+        $scopes = $data['token_data']['scope'];
+        if (is_string($scopes)) {
+            $scopes = explode(' ', $scopes);
+        }
+
+        if (! in_array('create', $scopes, true)) {
+            throw new InvalidTokenScopeException;
+        }
+
+        $location = match (true) {
+            isset($data['like-of']) => resolve(LikeService::class)->create($data)->url,
+            isset($data['bookmark-of']) => resolve(BookmarkService::class)->create($data)->uri,
+            isset($data['name']) => resolve(ArticleService::class)->create($data)->link,
+            default => resolve(NoteService::class)->create($data)->uri,
+        };
+
+        return [
+            'response' => 'created',
+            'url' => $location,
+        ];
+    }
+}

app/Services/Micropub/HCardService.php

@@ -1,32 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Services\Micropub;
-
-use App\Services\PlaceService;
-use Illuminate\Support\Arr;
-
-class HCardService
-{
-    /**
-     * Create a Place from h-card data, return the URL.
-     */
-    public function process(array $request): string
-    {
-        $data = [];
-        if (Arr::get($request, 'properties.name')) {
-            $data['name'] = Arr::get($request, 'properties.name');
-            $data['description'] = Arr::get($request, 'properties.description');
-            $data['geo'] = Arr::get($request, 'properties.geo');
-        } else {
-            $data['name'] = Arr::get($request, 'name');
-            $data['description'] = Arr::get($request, 'description');
-            $data['geo'] = Arr::get($request, 'geo');
-            $data['latitude'] = Arr::get($request, 'latitude');
-            $data['longitude'] = Arr::get($request, 'longitude');
-        }
-
-        return resolve(PlaceService::class)->createPlace($data)->longurl;
-    }
-}

app/Services/Micropub/HEntryService.php

@@ -1,34 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Services\Micropub;
-
-use App\Services\ArticleService;
-use App\Services\BookmarkService;
-use App\Services\LikeService;
-use App\Services\NoteService;
-use Illuminate\Support\Arr;
-
-class HEntryService
-{
-    /**
-     * Create the relevant model from some h-entry data.
-     */
-    public function process(array $request, ?string $client = null): ?string
-    {
-        if (Arr::get($request, 'properties.like-of') || Arr::get($request, 'like-of')) {
-            return resolve(LikeService::class)->create($request)->longurl;
-        }
-
-        if (Arr::get($request, 'properties.bookmark-of') || Arr::get($request, 'bookmark-of')) {
-            return resolve(BookmarkService::class)->create($request)->longurl;
-        }
-
-        if (Arr::get($request, 'properties.name') || Arr::get($request, 'name')) {
-            return resolve(ArticleService::class)->create($request)->longurl;
-        }
-
-        return resolve(NoteService::class)->create($request, $client)->longurl;
-    }
-}

app/Services/Micropub/MicropubHandlerInterface.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services\Micropub;
+
+interface MicropubHandlerInterface
+{
+    public function handle(array $data);
+}

app/Services/Micropub/MicropubHandlerRegistry.php

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services\Micropub;
+
+use App\Exceptions\MicropubHandlerException;
+
+class MicropubHandlerRegistry
+{
+    /**
+     * @var MicropubHandlerInterface[]
+     */
+    protected array $handlers = [];
+
+    public function register(string $type, MicropubHandlerInterface $handler): self
+    {
+        $this->handlers[$type] = $handler;
+
+        return $this;
+    }
+
+    /**
+     * @throws MicropubHandlerException
+     */
+    public function getHandler(string $type): MicropubHandlerInterface
+    {
+        if (! isset($this->handlers[$type])) {
+            throw new MicropubHandlerException("No handler registered for '{$type}'");
+        }
+
+        return $this->handlers[$type];
+    }
+}

app/Services/Micropub/UpdateHandler.php

@@ -4,23 +4,35 @@ declare(strict_types=1);
 
 namespace App\Services\Micropub;
 
+use App\Exceptions\InvalidTokenScopeException;
 use App\Models\Media;
 use App\Models\Note;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
-use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 
-class UpdateService
+/*
+ * @todo Implement this properly
+ */
+class UpdateHandler implements MicropubHandlerInterface
 {
     /**
-     * Process a micropub request to update an entry.
+     * @throws InvalidTokenScopeException
      */
-    public function process(array $request): JsonResponse
+    public function handle(array $data)
     {
-        $urlPath = parse_url(Arr::get($request, 'url'), PHP_URL_PATH);
+        $scopes = $data['token_data']['scope'];
+        if (is_string($scopes)) {
+            $scopes = explode(' ', $scopes);
+        }
 
-        //is it a note we are updating?
+        if (! in_array('update', $scopes, true)) {
+            throw new InvalidTokenScopeException;
+        }
+
+        $urlPath = parse_url(Arr::get($data, 'url'), PHP_URL_PATH);
+
+        // is it a note we are updating?
         if (mb_substr($urlPath, 1, 5) !== 'notes') {
             return response()->json([
                 'error' => 'invalid',
@@ -30,16 +42,16 @@ class UpdateService
 
         try {
             $note = Note::nb60(basename($urlPath))->firstOrFail();
-        } catch (ModelNotFoundException $exception) {
+        } catch (ModelNotFoundException) {
             return response()->json([
                 'error' => 'invalid_request',
                 'error_description' => 'No known note with given ID',
             ], 404);
         }
 
-        //got the note, are we dealing with a “replace” request?
+        // got the note, are we dealing with a “replace” request?
-        if (Arr::get($request, 'replace')) {
+        if (Arr::get($data, 'replace')) {
-            foreach (Arr::get($request, 'replace') as $property => $value) {
+            foreach (Arr::get($data, 'replace') as $property => $value) {
                 if ($property === 'content') {
                     $note->note = $value[0];
                 }
@@ -59,14 +71,14 @@ class UpdateService
             }
             $note->save();
 
-            return response()->json([
+            return [
                 'response' => 'updated',
-            ]);
+            ];
         }
 
-        //how about “add”
+        // how about “add”
-        if (Arr::get($request, 'add')) {
+        if (Arr::get($data, 'add')) {
-            foreach (Arr::get($request, 'add') as $property => $value) {
+            foreach (Arr::get($data, 'add') as $property => $value) {
                 if ($property === 'syndication') {
                     foreach ($value as $syndicationURL) {
                         if (Str::startsWith($syndicationURL, 'https://www.facebook.com')) {
@@ -83,7 +95,7 @@ class UpdateService
                 if ($property === 'photo') {
                     foreach ($value as $photoURL) {
                         if (Str::startsWith($photoURL, 'https://')) {
-                            $media = new Media();
+                            $media = new Media;
                             $media->path = $photoURL;
                             $media->type = 'image';
                             $media->save();

app/Services/NoteService.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Services;
 
 use App\Jobs\SendWebMentions;
+use App\Jobs\SyndicateNoteToBluesky;
 use App\Jobs\SyndicateNoteToMastodon;
 use App\Models\Media;
 use App\Models\Note;
@@ -13,45 +14,52 @@ use App\Models\SyndicationTarget;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 
-class NoteService extends Service
+class NoteService
 {
     /**
      * Create a new note.
      */
-    public function create(array $request, ?string $client = null): Note
+    public function create(array $data): Note
     {
+        // Get the content we want to save
+        if (is_string($data['content'])) {
+            $content = $data['content'];
+        } elseif (isset($data['content']['html'])) {
+            $content = $data['content']['html'];
+        } else {
+            $content = null;
+        }
+
         $note = Note::create(
             [
-                'note' => $this->getDataByKey($request, 'content'),
+                'note' => $content,
-                'in_reply_to' => $this->getDataByKey($request, 'in-reply-to'),
+                'in_reply_to' => $data['in-reply-to'],
-                'client_id' => $client,
+                'client_id' => $data['token_data']['client_id'],
             ]
         );
 
-        if ($this->getPublished($request)) {
+        if ($published = $this->getPublished($data)) {
-            $note->created_at = $note->updated_at = $this->getPublished($request);
+            $note->created_at = $note->updated_at = $published;
         }
 
-        $note->location = $this->getLocation($request);
+        $note->location = $this->getLocation($data);
 
-        if ($this->getCheckin($request)) {
+        if ($this->getCheckin($data)) {
-            $note->place()->associate($this->getCheckin($request));
+            $note->place()->associate($this->getCheckin($data));
-            $note->swarm_url = $this->getSwarmUrl($request);
+            $note->swarm_url = $this->getSwarmUrl($data);
-        }
-
-        $note->instagram_url = $this->getInstagramUrl($request);
-
-        foreach ($this->getMedia($request) as $media) {
-            $note->media()->save($media);
         }
+        //
+        //        $note->instagram_url = $this->getInstagramUrl($request);
+        //
+        //        foreach ($this->getMedia($request) as $media) {
+        //            $note->media()->save($media);
+        //        }
 
         $note->save();
 
         dispatch(new SendWebMentions($note));
 
-        if (in_array('mastodon', $this->getSyndicationTargets($request), true)) {
+        $this->dispatchSyndicationJobs($note, $data);
-            dispatch(new SyndicateNoteToMastodon($note));
-        }
 
         return $note;
     }
@@ -59,14 +67,10 @@ class NoteService extends Service
     /**
      * Get the published time from the request to create a new note.
      */
-    private function getPublished(array $request): ?string
+    private function getPublished(array $data): ?string
     {
-        if (Arr::get($request, 'properties.published.0')) {
+        if ($data['published']) {
-            return carbon(Arr::get($request, 'properties.published.0'))
+            return carbon($data['published'])->toDateTimeString();
-                ->toDateTimeString();
-        }
-        if (Arr::get($request, 'published')) {
-            return carbon(Arr::get($request, 'published'))->toDateTimeString();
         }
 
         return null;
@@ -75,12 +79,13 @@ class NoteService extends Service
     /**
      * Get the location data from the request to create a new note.
      */
-    private function getLocation(array $request): ?string
+    private function getLocation(array $data): ?string
     {
-        $location = Arr::get($request, 'properties.location.0') ?? Arr::get($request, 'location');
+        $location = Arr::get($data, 'location');
+
         if (is_string($location) && str_starts_with($location, 'geo:')) {
             preg_match_all(
-                '/([0-9\.\-]+)/',
+                '/([0-9.\-]+)/',
                 $location,
                 $matches
             );
@@ -94,9 +99,9 @@ class NoteService extends Service
     /**
      * Get the checkin data from the request to create a new note. This will be a Place.
      */
-    private function getCheckin(array $request): ?Place
+    private function getCheckin(array $data): ?Place
     {
-        $location = Arr::get($request, 'location');
+        $location = Arr::get($data, 'location');
         if (is_string($location) && Str::startsWith($location, config('app.url'))) {
             return Place::where(
                 'slug',
@@ -108,12 +113,12 @@ class NoteService extends Service
                 )
             )->first();
         }
-        if (Arr::get($request, 'checkin')) {
+        if (Arr::get($data, 'checkin')) {
             try {
                 $place = resolve(PlaceService::class)->createPlaceFromCheckin(
-                    Arr::get($request, 'checkin')
+                    Arr::get($data, 'checkin')
                 );
-            } catch (\InvalidArgumentException $e) {
+            } catch (\InvalidArgumentException) {
                 return null;
             }
 
@@ -137,34 +142,47 @@ class NoteService extends Service
     /**
      * Get the Swarm URL from the syndication data in the request to create a new note.
      */
-    private function getSwarmUrl(array $request): ?string
+    private function getSwarmUrl(array $data): ?string
     {
-        if (str_contains(Arr::get($request, 'properties.syndication.0', ''), 'swarmapp')) {
+        $syndication = Arr::get($data, 'syndication');
-            return Arr::get($request, 'properties.syndication.0');
+        if ($syndication === null) {
+            return null;
+        }
+
+        if (str_contains($syndication, 'swarmapp')) {
+            return $syndication;
         }
 
         return null;
     }
 
     /**
-     * Get the syndication targets from the request to create a new note.
+     * Dispatch syndication jobs based on the request data.
      */
-    private function getSyndicationTargets(array $request): array
+    private function dispatchSyndicationJobs(Note $note, array $request): void
     {
-        $syndication = [];
+        // If no syndication targets are specified, return early
-        $mpSyndicateTo = Arr::get($request, 'mp-syndicate-to') ?? Arr::get($request, 'properties.mp-syndicate-to');
+        if (empty($request['mp-syndicate-to'])) {
-        $mpSyndicateTo = Arr::wrap($mpSyndicateTo);
+            return;
-        foreach ($mpSyndicateTo as $uid) {
-            $target = SyndicationTarget::where('uid', $uid)->first();
-            if ($target && $target->service_name === 'Twitter') {
-                $syndication[] = 'twitter';
-            }
-            if ($target && $target->service_name === 'Mastodon') {
-                $syndication[] = 'mastodon';
-            }
         }
 
-        return $syndication;
+        // Get the configured syndication targets
+        $syndicationTargets = SyndicationTarget::all();
+
+        foreach ($syndicationTargets as $target) {
+            // Check if the target is in the request data
+            if (in_array($target->uid, $request['mp-syndicate-to'], true)) {
+                // Dispatch the appropriate job based on the target service name
+                switch ($target->service_name) {
+                    case 'Mastodon':
+                        dispatch(new SyndicateNoteToMastodon($note));
+                        break;
+                    case 'Bluesky':
+                        dispatch(new SyndicateNoteToBluesky($note));
+                        break;
+                }
+            }
+        }
     }
 
     /**

app/Services/PlaceService.php

@@ -14,8 +14,8 @@ class PlaceService
      */
     public function createPlace(array $data): Place
     {
-        //obviously a place needs a lat/lng, but this could be sent in a geo-url
+        // obviously a place needs a lat/lng, but this could be sent in a geo-url
-        //if no geo array key, we assume the array already has lat/lng values
+        // if no geo array key, we assume the array already has lat/lng values
         if (array_key_exists('geo', $data) && $data['geo'] !== null) {
             preg_match_all(
                 '/([0-9\.\-]+)/',
@@ -25,7 +25,7 @@ class PlaceService
             $data['latitude'] = $matches[0][0];
             $data['longitude'] = $matches[0][1];
         }
-        $place = new Place();
+        $place = new Place;
         $place->name = $data['name'];
         $place->description = $data['description'];
         $place->latitude = $data['latitude'];
@@ -40,7 +40,7 @@ class PlaceService
      */
     public function createPlaceFromCheckin(array $checkin): Place
     {
-        //check if the place exists if from swarm
+        // check if the place exists if from swarm
         if (Arr::has($checkin, 'properties.url')) {
             $place = Place::whereExternalURL(Arr::get($checkin, 'properties.url.0'))->get();
             if (count($place) === 1) {
@@ -53,7 +53,7 @@ class PlaceService
         if (Arr::has($checkin, 'properties.latitude') === false) {
             throw new \InvalidArgumentException('Missing required longitude/latitude');
         }
-        $place = new Place();
+        $place = new Place;
         $place->name = Arr::get($checkin, 'properties.name.0');
         $place->external_urls = Arr::get($checkin, 'properties.url.0');
         $place->latitude = Arr::get($checkin, 'properties.latitude.0');

app/Services/Service.php

@@ -1,30 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Services;
-
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Support\Arr;
-
-abstract class Service
-{
-    abstract public function create(array $request, ?string $client = null): Model;
-
-    protected function getDataByKey(array $request, string $key): ?string
-    {
-        if (Arr::get($request, "properties.{$key}.0.html")) {
-            return Arr::get($request, "properties.{$key}.0.html");
-        }
-
-        if (is_string(Arr::get($request, "properties.{$key}.0"))) {
-            return Arr::get($request, "properties.{$key}.0");
-        }
-
-        if (is_string(Arr::get($request, "properties.{$key}"))) {
-            return Arr::get($request, "properties.{$key}");
-        }
-
-        return Arr::get($request, $key);
-    }
-}

app/Services/TokenService.php

@@ -7,7 +7,6 @@ namespace App\Services;
 use App\Jobs\AddClientToDatabase;
 use DateTimeImmutable;
 use Lcobucci\JWT\Configuration;
-use Lcobucci\JWT\Token;
 
 class TokenService
 {
@@ -19,7 +18,7 @@ class TokenService
         $config = resolve(Configuration::class);
 
         $token = $config->builder()
-            ->issuedAt(new DateTimeImmutable())
+            ->issuedAt(new DateTimeImmutable)
             ->withClaim('client_id', $data['client_id'])
             ->withClaim('me', $data['me'])
             ->withClaim('scope', $data['scope'])
@@ -30,20 +29,4 @@ class TokenService
 
         return $token->toString();
     }
-
-    /**
-     * Check the token signature is valid.
-     */
-    public function validateToken(string $bearerToken): Token
-    {
-        $config = resolve('Lcobucci\JWT\Configuration');
-
-        $token = $config->parser()->parse($bearerToken);
-
-        $constraints = $config->validationConstraints();
-
-        $config->validator()->assert($token, ...$constraints);
-
-        return $token;
-    }
 }

bootstrap/app.php

@@ -1,6 +1,6 @@
 <?php
 
-use App\Http\Middleware\CSPHeader;
+use App\Http\Middleware\LinkHeadersMiddleware;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
@@ -12,7 +12,16 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
-        $middleware->append(CSPHeader::class);
+        $middleware
+            ->append(LinkHeadersMiddleware::class)
+            ->validateCsrfTokens(except: [
+                'auth',  // This is the IndieAuth auth endpoint
+                'token', // This is the IndieAuth token endpoint
+                'api/post',
+                'api/media',
+                'micropub/places',
+                'webmention',
+            ]);
     })
     ->withExceptions(function (Exceptions $exceptions) {
         //

bootstrap/providers.php

@@ -3,4 +3,5 @@
 return [
     App\Providers\AppServiceProvider::class,
     App\Providers\HorizonServiceProvider::class,
+    App\Providers\MicropubServiceProvider::class,
 ];

composer.json

@@ -1,7 +1,8 @@
 {
+    "$schema": "https://getcomposer.org/schema.json",
     "name": "jonnybarnes/jonnybarnes.uk",
     "type": "project",
-    "description": "The code for jonnybarnes.uk, based on Laravel 10",
+    "description": "The code for jonnybarnes.uk, based on Laravel 11",
     "keywords": ["laravel", "framework", "indieweb"],
     "license": "CC0-1.0",
     "require": {
@@ -10,14 +11,15 @@
         "ext-intl": "*",
         "ext-json": "*",
         "ext-pgsql": "*",
-        "cviebrock/eloquent-sluggable": "^11.0",
+        "ext-sodium": "*",
+        "cviebrock/eloquent-sluggable": "^12.0",
         "guzzlehttp/guzzle": "^7.2",
         "indieauth/client": "^1.1",
         "intervention/image": "^3",
         "jonnybarnes/indieweb": "~0.2",
         "jonnybarnes/webmentions-parser": "~0.5",
         "jublonet/codebird-php": "4.0.0-beta.1",
-        "laravel/framework": "^11.0",
+        "laravel/framework": "^12.0",
         "laravel/horizon": "^5.0",
         "laravel/sanctum": "^4.0",
         "laravel/scout": "^10.1",
@@ -26,26 +28,29 @@
         "league/commonmark": "^2.0",
         "league/flysystem-aws-s3-v3": "^3.0",
         "mf2/mf2": "~0.3",
+        "phpdocumentor/reflection-docblock": "^5.3",
         "spatie/commonmark-highlighter": "^3.0",
         "spatie/laravel-ignition": "^2.1",
         "symfony/html-sanitizer": "^7.0",
-        "web-auth/webauthn-lib": "^4.7"
+        "symfony/property-access": "^7.0",
+        "symfony/serializer": "^7.0",
+        "web-auth/webauthn-lib": "^5.0"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "^3.0",
         "barryvdh/laravel-ide-helper": "^3.0",
         "fakerphp/faker": "^1.9.2",
         "laravel/dusk": "^8.0",
+        "laravel/pail": "^1.2",
         "laravel/pint": "^1.0",
         "laravel/sail": "^1.18",
         "mockery/mockery": "^1.4.4",
         "nunomaduro/collision": "^8.1",
-        "openai-php/client": "^0.8.0",
+        "openai-php/client": "^0.10.1",
-        "phpunit/php-code-coverage": "^10.0",
+        "phpunit/php-code-coverage": "^11.0",
-        "phpunit/phpunit": "^10.1",
+        "phpunit/phpunit": "^11.0",
-        "psalm/plugin-laravel": "^2.8",
         "spatie/laravel-ray": "^1.12",
-        "vimeo/psalm": "^5.0"
+        "spatie/x-ray": "^1.2"
     },
     "autoload": {
         "psr-4": {
@@ -74,7 +79,13 @@
             "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
         ],
         "post-create-project-cmd": [
-            "@php artisan key:generate --ansi"
+            "@php artisan key:generate --ansi",
+            "@php -r \"file_exists('database/database.sqlite') || touch('database/database.sqlite');\"",
+            "@php artisan migrate --graceful --ansi"
+        ],
+        "dev": [
+            "Composer\\Config::disableProcessTimeout",
+            "npx concurrently -c \"#93c5fd,#c4b5fd,#fb7185,#fdba74\" \"php artisan serve\" \"php artisan queue:listen --tries=1\" \"php artisan pail --timeout=0\" \"npm run dev\" --names=server,queue,logs,vite"
         ]
     },
     "extra": {

config/app.php

@@ -65,7 +65,7 @@ return [
     |
     */
 
-    'timezone' => env('APP_TIMEZONE', 'UTC'),
+    'timezone' => 'UTC',
 
     /*
     |--------------------------------------------------------------------------

config/bridgy.php

@@ -15,4 +15,17 @@ return [
 
     'mastodon_token' => env('BRIDGY_MASTODON_TOKEN'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Bluesky Token
+    |--------------------------------------------------------------------------
+    |
+    | When syndicating posts to Bluesky using Brid.gy’s Micropub endpoint, we
+    | need to provide an access token. This token can be generated by going to
+    | https://brid.gy/bluesky and clicking the “Get token” button.
+    |
+    */
+
+    'bluesky_token' => env('BRIDGY_BLUESKY_TOKEN'),
+
 ];

config/database.php

@@ -37,6 +37,9 @@ return [
             'database' => env('DB_DATABASE', database_path('database.sqlite')),
             'prefix' => '',
             'foreign_key_constraints' => env('DB_FOREIGN_KEYS', true),
+            'busy_timeout' => null,
+            'journal_mode' => null,
+            'synchronous' => null,
         ],
 
         'mysql' => [
@@ -145,6 +148,7 @@ return [
         'options' => [
             'cluster' => env('REDIS_CLUSTER', 'redis'),
             'prefix' => env('REDIS_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_database_'),
+            'persistent' => env('REDIS_PERSISTENT', false),
         ],
 
         'default' => [

config/debugbar.php

@@ -119,7 +119,7 @@ return [
             'full_log' => false,
         ],
         'views' => [
-            'data' => false,    //Note: Can slow down the application, because the data can be quite large..
+            'data' => false,    // Note: Can slow down the application, because the data can be quite large..
         ],
         'route' => [
             'label' => true,  // show complete route on bar

config/filesystems.php

@@ -32,8 +32,10 @@ return [
 
         'local' => [
             'driver' => 'local',
-            'root' => storage_path('app'),
+            'root' => storage_path('app/private'),
+            'serve' => true,
             'throw' => false,
+            'report' => false,
         ],
 
         'public' => [
@@ -42,6 +44,7 @@ return [
             'url' => env('APP_URL').'/storage',
             'visibility' => 'public',
             'throw' => false,
+            'report' => false,
         ],
 
         's3' => [
@@ -54,6 +57,7 @@ return [
             'endpoint' => env('AWS_ENDPOINT'),
             'use_path_style_endpoint' => env('AWS_USE_PATH_STYLE_ENDPOINT', false),
             'throw' => false,
+            'report' => false,
         ],
 
     ],

config/logging.php

@@ -127,6 +127,10 @@ return [
             'path' => storage_path('logs/laravel.log'),
         ],
 
+        'flare' => [
+            'driver' => 'flare',
+        ],
+
     ],
 
 ];