diff --git a/.env.example b/.env.example index 4c6b963f..a633b58c 100644 --- a/.env.example +++ b/.env.example @@ -4,6 +4,17 @@ # The app key is generated later, please leave it like that APP_KEY=someRandomStringWith32Characters +# The URL under which LinkAce is accessible, e.g. https://links.example.com +# Used when generating links in emails and other notifications +APP_URL=http://localhost + +## Trusted Proxies and Hosts +# Set to the IP of your reverse proxy if running behind one (e.g. nginx, Traefik). +# Use a comma-separated list for multiple proxies: 192.168.1.1,10.0.0.1 +# Use * to trust the immediate upstream connection (any single reverse proxy). +# Leave empty if LinkAce is accessed directly without a reverse proxy. +TRUSTED_PROXIES= + ## Configuration of the database connection ## Attention: Those settings are configured during the web setup, please do not modify them now. # Set the database driver (mysql, pgsql, sqlsrv, sqlite) diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 7c842d4b..28a8633f 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -14,6 +14,7 @@ class Kernel extends HttpKernel * @var array */ protected $middleware = [ + \App\Http\Middleware\TrustHosts::class, \App\Http\Middleware\TrustProxies::class, \Illuminate\Http\Middleware\HandleCors::class, \App\Http\Middleware\PreventRequestsDuringMaintenance::class, diff --git a/composer.json b/composer.json index 15f1ecb8..b3a2a145 100644 --- a/composer.json +++ b/composer.json @@ -11,7 +11,7 @@ "composer/semver": "^3.3.1", "doctrine/dbal": "^3.7", "guzzlehttp/guzzle": "^7.0", - "kovah/laravel-html-meta": "^4.3", + "kovah/laravel-html-meta": "^5.0", "kovah/laravel-socialite-oidc": "^0.7", "laracasts/flash": "^3.1", "laravel/fortify": "^1.7", @@ -47,7 +47,7 @@ "barryvdh/laravel-ide-helper": "^3.1", "fakerphp/faker": "^1.12", "fruitcake/laravel-debugbar": "^4.0", - "laravel/tinker": "^2.2", + "laravel/tinker": "^3.0", "mockery/mockery": "^1.3", "nunomaduro/collision": "^v8.8", "phpunit/phpunit": "^11.5", diff --git a/composer.lock b/composer.lock index e88a4d09..ecdd8f8e 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a2c2c815406195084cc22c92b7c388ee", + "content-hash": "6556faca969dac5d4f7bbd54518d3bde", "packages": [ { "name": "aws/aws-crt-php", @@ -1096,16 +1096,16 @@ }, { "name": "firebase/php-jwt", - "version": "v7.0.3", + "version": "v7.0.4", "source": { "type": "git", "url": "https://github.com/firebase/php-jwt.git", - "reference": "28aa0694bcfdfa5e2959c394d5a1ee7a5083629e" + "reference": "e41f1bd7dbe3c5455c3f72d4338cfeb083b71931" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/firebase/php-jwt/zipball/28aa0694bcfdfa5e2959c394d5a1ee7a5083629e", - "reference": "28aa0694bcfdfa5e2959c394d5a1ee7a5083629e", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/e41f1bd7dbe3c5455c3f72d4338cfeb083b71931", + "reference": "e41f1bd7dbe3c5455c3f72d4338cfeb083b71931", "shasum": "" }, "require": { @@ -1113,6 +1113,7 @@ }, "require-dev": { "guzzlehttp/guzzle": "^7.4", + "phpfastcache/phpfastcache": "^9.2", "phpspec/prophecy-phpunit": "^2.0", "phpunit/phpunit": "^9.5", "psr/cache": "^2.0||^3.0", @@ -1153,9 +1154,9 @@ ], "support": { "issues": "https://github.com/firebase/php-jwt/issues", - "source": "https://github.com/firebase/php-jwt/tree/v7.0.3" + "source": "https://github.com/firebase/php-jwt/tree/v7.0.4" }, - "time": "2026-02-25T22:16:40+00:00" + "time": "2026-03-27T21:17:19+00:00" }, { "name": "fruitcake/php-cors", @@ -1764,28 +1765,28 @@ }, { "name": "kovah/laravel-html-meta", - "version": "v4.3.0", + "version": "v5.0.0", "source": { "type": "git", "url": "https://github.com/Kovah/laravel-html-meta.git", - "reference": "02e920428563345363766d20a8e0f26a90f42a71" + "reference": "f5957c226a848cb9708b71af23634e80011abd62" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Kovah/laravel-html-meta/zipball/02e920428563345363766d20a8e0f26a90f42a71", - "reference": "02e920428563345363766d20a8e0f26a90f42a71", + "url": "https://api.github.com/repos/Kovah/laravel-html-meta/zipball/f5957c226a848cb9708b71af23634e80011abd62", + "reference": "f5957c226a848cb9708b71af23634e80011abd62", "shasum": "" }, "require": { "ext-iconv": "*", "guzzlehttp/guzzle": "^7.2", - "illuminate/http": "^9.0 | ^10.0 | ^11.0 | ^12.0 | ^13.0", - "illuminate/support": "^9.0 | ^10.0 | ^11.0 | ^12.0 | ^13.0", - "php": "^8.0" + "illuminate/http": "^11.0 | ^12.0 | ^13.0", + "illuminate/support": "^11.0 | ^12.0 | ^13.0", + "php": "^8.2" }, "require-dev": { "mockery/mockery": "^1.4.2", - "orchestra/testbench": "^7.0 | ^v8.0 | ^9.0 | ^10.0 | ^11.0", + "orchestra/testbench": "^9.0 | ^10.0 | ^11.0", "phpunit/phpunit": "^9.0 | ^10.0 | ^11.0 | ^12.5.12" }, "type": "library", @@ -1826,7 +1827,7 @@ ], "support": { "issues": "https://github.com/Kovah/laravel-html-meta/issues", - "source": "https://github.com/Kovah/laravel-html-meta/tree/v4.3.0" + "source": "https://github.com/Kovah/laravel-html-meta/tree/v5.0.0" }, "funding": [ { @@ -1834,7 +1835,7 @@ "type": "github" } ], - "time": "2026-03-24T15:02:53+00:00" + "time": "2026-03-24T15:14:30+00:00" }, { "name": "kovah/laravel-socialite-oidc", @@ -1906,16 +1907,16 @@ }, { "name": "laracasts/flash", - "version": "3.2.5", + "version": "3.2.6", "source": { "type": "git", "url": "https://github.com/laracasts/flash.git", - "reference": "29a2d76da837593dc5fb21a6bbe5f2025188a108" + "reference": "4fc18fed3152d8910ed64589b0f5d049fd6a0806" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laracasts/flash/zipball/29a2d76da837593dc5fb21a6bbe5f2025188a108", - "reference": "29a2d76da837593dc5fb21a6bbe5f2025188a108", + "url": "https://api.github.com/repos/laracasts/flash/zipball/4fc18fed3152d8910ed64589b0f5d049fd6a0806", + "reference": "4fc18fed3152d8910ed64589b0f5d049fd6a0806", "shasum": "" }, "require": { @@ -1957,22 +1958,22 @@ ], "description": "Easy flash notifications", "support": { - "source": "https://github.com/laracasts/flash/tree/3.2.5" + "source": "https://github.com/laracasts/flash/tree/3.2.6" }, - "time": "2026-02-24T22:05:36+00:00" + "time": "2026-03-25T17:55:04+00:00" }, { "name": "laravel/fortify", - "version": "v1.36.1", + "version": "v1.36.2", "source": { "type": "git", "url": "https://github.com/laravel/fortify.git", - "reference": "cad8bfeb63f6818f173d40090725c565c92651d4" + "reference": "b36e0782e6f5f6cfbab34327895a63b7c4c031f9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/fortify/zipball/cad8bfeb63f6818f173d40090725c565c92651d4", - "reference": "cad8bfeb63f6818f173d40090725c565c92651d4", + "url": "https://api.github.com/repos/laravel/fortify/zipball/b36e0782e6f5f6cfbab34327895a63b7c4c031f9", + "reference": "b36e0782e6f5f6cfbab34327895a63b7c4c031f9", "shasum": "" }, "require": { @@ -2022,20 +2023,20 @@ "issues": "https://github.com/laravel/fortify/issues", "source": "https://github.com/laravel/fortify" }, - "time": "2026-03-10T19:59:49+00:00" + "time": "2026-03-20T20:13:51+00:00" }, { "name": "laravel/framework", - "version": "v11.50.0", + "version": "v11.51.0", "source": { "type": "git", "url": "https://github.com/laravel/framework.git", - "reference": "c761f591209b45f56c1317ecbff0b04c89cf7ba2" + "reference": "c8f9a04594b7044a189a3194cfb3594251eb74e5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/framework/zipball/c761f591209b45f56c1317ecbff0b04c89cf7ba2", - "reference": "c761f591209b45f56c1317ecbff0b04c89cf7ba2", + "url": "https://api.github.com/repos/laravel/framework/zipball/c8f9a04594b7044a189a3194cfb3594251eb74e5", + "reference": "c8f9a04594b7044a189a3194cfb3594251eb74e5", "shasum": "" }, "require": { @@ -2237,20 +2238,20 @@ "issues": "https://github.com/laravel/framework/issues", "source": "https://github.com/laravel/framework" }, - "time": "2026-03-17T19:35:22+00:00" + "time": "2026-03-26T14:54:53+00:00" }, { "name": "laravel/prompts", - "version": "v0.3.15", + "version": "v0.3.16", "source": { "type": "git", "url": "https://github.com/laravel/prompts.git", - "reference": "4bb8107ec97651fd3f17f897d6489dbc4d8fb999" + "reference": "11e7d5f93803a2190b00e145142cb00a33d17ad2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/prompts/zipball/4bb8107ec97651fd3f17f897d6489dbc4d8fb999", - "reference": "4bb8107ec97651fd3f17f897d6489dbc4d8fb999", + "url": "https://api.github.com/repos/laravel/prompts/zipball/11e7d5f93803a2190b00e145142cb00a33d17ad2", + "reference": "11e7d5f93803a2190b00e145142cb00a33d17ad2", "shasum": "" }, "require": { @@ -2294,9 +2295,9 @@ "description": "Add beautiful and user-friendly forms to your command-line applications.", "support": { "issues": "https://github.com/laravel/prompts/issues", - "source": "https://github.com/laravel/prompts/tree/v0.3.15" + "source": "https://github.com/laravel/prompts/tree/v0.3.16" }, - "time": "2026-03-17T13:45:17+00:00" + "time": "2026-03-23T14:35:33+00:00" }, { "name": "laravel/sanctum", @@ -2424,16 +2425,16 @@ }, { "name": "laravel/socialite", - "version": "v5.25.0", + "version": "v5.26.0", "source": { "type": "git", "url": "https://github.com/laravel/socialite.git", - "reference": "231f572e1a37c9ca1fb8085e9fb8608285beafb3" + "reference": "1d26f0c653a5f0e88859f4197830a29fe0cc59d0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/socialite/zipball/231f572e1a37c9ca1fb8085e9fb8608285beafb3", - "reference": "231f572e1a37c9ca1fb8085e9fb8608285beafb3", + "url": "https://api.github.com/repos/laravel/socialite/zipball/1d26f0c653a5f0e88859f4197830a29fe0cc59d0", + "reference": "1d26f0c653a5f0e88859f4197830a29fe0cc59d0", "shasum": "" }, "require": { @@ -2492,7 +2493,7 @@ "issues": "https://github.com/laravel/socialite/issues", "source": "https://github.com/laravel/socialite" }, - "time": "2026-02-27T13:56:35+00:00" + "time": "2026-03-24T18:37:47+00:00" }, { "name": "league/commonmark", @@ -2776,16 +2777,16 @@ }, { "name": "league/flysystem", - "version": "3.32.0", + "version": "3.33.0", "source": { "type": "git", "url": "https://github.com/thephpleague/flysystem.git", - "reference": "254b1595b16b22dbddaaef9ed6ca9fdac4956725" + "reference": "570b8871e0ce693764434b29154c54b434905350" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/flysystem/zipball/254b1595b16b22dbddaaef9ed6ca9fdac4956725", - "reference": "254b1595b16b22dbddaaef9ed6ca9fdac4956725", + "url": "https://api.github.com/repos/thephpleague/flysystem/zipball/570b8871e0ce693764434b29154c54b434905350", + "reference": "570b8871e0ce693764434b29154c54b434905350", "shasum": "" }, "require": { @@ -2853,9 +2854,9 @@ ], "support": { "issues": "https://github.com/thephpleague/flysystem/issues", - "source": "https://github.com/thephpleague/flysystem/tree/3.32.0" + "source": "https://github.com/thephpleague/flysystem/tree/3.33.0" }, - "time": "2026-02-25T17:01:41+00:00" + "time": "2026-03-25T07:59:30+00:00" }, { "name": "league/flysystem-aws-s3-v3", @@ -3013,16 +3014,16 @@ }, { "name": "league/flysystem-sftp-v3", - "version": "3.31.0", + "version": "3.33.0", "source": { "type": "git", "url": "https://github.com/thephpleague/flysystem-sftp-v3.git", - "reference": "f01dd8d66e98b20608846963cc790c2b698e8b03" + "reference": "34ff5ef0f841add92e2b902c1005f72135b03646" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/flysystem-sftp-v3/zipball/f01dd8d66e98b20608846963cc790c2b698e8b03", - "reference": "f01dd8d66e98b20608846963cc790c2b698e8b03", + "url": "https://api.github.com/repos/thephpleague/flysystem-sftp-v3/zipball/34ff5ef0f841add92e2b902c1005f72135b03646", + "reference": "34ff5ef0f841add92e2b902c1005f72135b03646", "shasum": "" }, "require": { @@ -3056,9 +3057,9 @@ "sftp" ], "support": { - "source": "https://github.com/thephpleague/flysystem-sftp-v3/tree/3.31.0" + "source": "https://github.com/thephpleague/flysystem-sftp-v3/tree/3.33.0" }, - "time": "2026-01-23T15:30:45+00:00" + "time": "2026-03-20T13:22:31+00:00" }, { "name": "league/mime-type-detection", @@ -4040,16 +4041,16 @@ }, { "name": "owen-it/laravel-auditing", - "version": "v14.0.2", + "version": "v14.0.3", "source": { "type": "git", "url": "https://github.com/owen-it/laravel-auditing.git", - "reference": "c516bdfe516f450a067f2036ec1f6088227962e5" + "reference": "34e8a21890082a7a353894a4acdeb2d301dbe0d4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/owen-it/laravel-auditing/zipball/c516bdfe516f450a067f2036ec1f6088227962e5", - "reference": "c516bdfe516f450a067f2036ec1f6088227962e5", + "url": "https://api.github.com/repos/owen-it/laravel-auditing/zipball/34e8a21890082a7a353894a4acdeb2d301dbe0d4", + "reference": "34e8a21890082a7a353894a4acdeb2d301dbe0d4", "shasum": "" }, "require": { @@ -4120,7 +4121,7 @@ "issues": "https://github.com/owen-it/laravel-auditing/issues", "source": "https://github.com/owen-it/laravel-auditing" }, - "time": "2026-03-18T15:00:52+00:00" + "time": "2026-03-27T13:27:17+00:00" }, { "name": "paragonie/constant_time_encoding", @@ -10308,16 +10309,16 @@ }, { "name": "fruitcake/laravel-debugbar", - "version": "v4.1.3", + "version": "v4.2.0", "source": { "type": "git", "url": "https://github.com/fruitcake/laravel-debugbar.git", - "reference": "b48a68c4f8ffcdfa3a10d49930da4b03588dc87b" + "reference": "fc022c562adc8e54be8e5d64af6d5ef11afff34b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/fruitcake/laravel-debugbar/zipball/b48a68c4f8ffcdfa3a10d49930da4b03588dc87b", - "reference": "b48a68c4f8ffcdfa3a10d49930da4b03588dc87b", + "url": "https://api.github.com/repos/fruitcake/laravel-debugbar/zipball/fc022c562adc8e54be8e5d64af6d5ef11afff34b", + "reference": "fc022c562adc8e54be8e5d64af6d5ef11afff34b", "shasum": "" }, "require": { @@ -10325,7 +10326,7 @@ "illuminate/session": "^11|^12|^13.0", "illuminate/support": "^11|^12|^13.0", "php": "^8.2", - "php-debugbar/php-debugbar": "^3.5", + "php-debugbar/php-debugbar": "^3.6", "php-debugbar/symfony-bridge": "^1.1" }, "replace": { @@ -10357,7 +10358,7 @@ ] }, "branch-alias": { - "dev-master": "4.1-dev" + "dev-master": "4.2-dev" } }, "autoload": { @@ -10394,7 +10395,7 @@ ], "support": { "issues": "https://github.com/fruitcake/laravel-debugbar/issues", - "source": "https://github.com/fruitcake/laravel-debugbar/tree/v4.1.3" + "source": "https://github.com/fruitcake/laravel-debugbar/tree/v4.2.0" }, "funding": [ { @@ -10406,7 +10407,7 @@ "type": "github" } ], - "time": "2026-03-09T14:55:04+00:00" + "time": "2026-03-29T19:12:51+00:00" }, { "name": "hamcrest/hamcrest-php", @@ -10461,33 +10462,33 @@ }, { "name": "laravel/tinker", - "version": "v2.11.1", + "version": "v3.0.0", "source": { "type": "git", "url": "https://github.com/laravel/tinker.git", - "reference": "c9f80cc835649b5c1842898fb043f8cc098dd741" + "reference": "cc74081282ba2e3dae1f0068ccb330370d24634e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/tinker/zipball/c9f80cc835649b5c1842898fb043f8cc098dd741", - "reference": "c9f80cc835649b5c1842898fb043f8cc098dd741", + "url": "https://api.github.com/repos/laravel/tinker/zipball/cc74081282ba2e3dae1f0068ccb330370d24634e", + "reference": "cc74081282ba2e3dae1f0068ccb330370d24634e", "shasum": "" }, "require": { - "illuminate/console": "^6.0|^7.0|^8.0|^9.0|^10.0|^11.0|^12.0", - "illuminate/contracts": "^6.0|^7.0|^8.0|^9.0|^10.0|^11.0|^12.0", - "illuminate/support": "^6.0|^7.0|^8.0|^9.0|^10.0|^11.0|^12.0", - "php": "^7.2.5|^8.0", - "psy/psysh": "^0.11.1|^0.12.0", - "symfony/var-dumper": "^4.3.4|^5.0|^6.0|^7.0|^8.0" + "illuminate/console": "^8.0|^9.0|^10.0|^11.0|^12.0|^13.0", + "illuminate/contracts": "^8.0|^9.0|^10.0|^11.0|^12.0|^13.0", + "illuminate/support": "^8.0|^9.0|^10.0|^11.0|^12.0|^13.0", + "php": "^8.1", + "psy/psysh": "^0.12.0", + "symfony/var-dumper": "^5.4|^6.0|^7.0|^8.0" }, "require-dev": { "mockery/mockery": "~1.3.3|^1.4.2", "phpstan/phpstan": "^1.10", - "phpunit/phpunit": "^8.5.8|^9.3.3|^10.0" + "phpunit/phpunit": "^10.5|^11.5" }, "suggest": { - "illuminate/database": "The Illuminate Database package (^6.0|^7.0|^8.0|^9.0|^10.0|^11.0|^12.0)." + "illuminate/database": "The Illuminate Database package (^8.0|^9.0|^10.0|^11.0|^12.0|^13.0)." }, "type": "library", "extra": { @@ -10495,6 +10496,9 @@ "providers": [ "Laravel\\Tinker\\TinkerServiceProvider" ] + }, + "branch-alias": { + "dev-master": "3.x-dev" } }, "autoload": { @@ -10521,9 +10525,9 @@ ], "support": { "issues": "https://github.com/laravel/tinker/issues", - "source": "https://github.com/laravel/tinker/tree/v2.11.1" + "source": "https://github.com/laravel/tinker/tree/v3.0.0" }, - "time": "2026-02-06T14:12:35+00:00" + "time": "2026-03-17T14:53:17+00:00" }, { "name": "mockery/mockery", @@ -10942,16 +10946,16 @@ }, { "name": "php-debugbar/php-debugbar", - "version": "v3.5.1", + "version": "v3.6.0", "source": { "type": "git", "url": "https://github.com/php-debugbar/php-debugbar.git", - "reference": "486b32fd98efe9a3c10f0b24c0caabc187f78f04" + "reference": "31f7d2e7943a82e72a670335d408d967b05efa5a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-debugbar/php-debugbar/zipball/486b32fd98efe9a3c10f0b24c0caabc187f78f04", - "reference": "486b32fd98efe9a3c10f0b24c0caabc187f78f04", + "url": "https://api.github.com/repos/php-debugbar/php-debugbar/zipball/31f7d2e7943a82e72a670335d408d967b05efa5a", + "reference": "31f7d2e7943a82e72a670335d408d967b05efa5a", "shasum": "" }, "require": { @@ -11028,7 +11032,7 @@ ], "support": { "issues": "https://github.com/php-debugbar/php-debugbar/issues", - "source": "https://github.com/php-debugbar/php-debugbar/tree/v3.5.1" + "source": "https://github.com/php-debugbar/php-debugbar/tree/v3.6.0" }, "funding": [ { @@ -11040,7 +11044,7 @@ "type": "github" } ], - "time": "2026-03-05T20:37:33+00:00" + "time": "2026-03-29T17:26:18+00:00" }, { "name": "php-debugbar/symfony-bridge", diff --git a/config/app.php b/config/app.php index a397c0eb..b1b7172e 100644 --- a/config/app.php +++ b/config/app.php @@ -151,9 +151,10 @@ | Trusted Proxies |-------------------------------------------------------------------------- | - | Specify which proxies should be trusted by default. As it's unknown which - | proxy ist used in front of LinkAce, all are allowed by default. - | Also see App\Http\Middleware\TrustProxies + | Specify which reverse proxies should be trusted. Leave null (the default) + | if LinkAce is accessed directly without a reverse proxy. Set to the proxy + | IP, a comma-separated list of IPs, or '*' to trust the immediate upstream + | connection. Also see App\Http\Middleware\TrustProxies | */ diff --git a/package-lock.json b/package-lock.json index f54e8993..cbd16e0d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "linkace", - "version": "2.5.3", + "version": "2.5.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "linkace", - "version": "2.5.3", + "version": "2.5.4", "license": "GPL-3.0-or-later", "dependencies": { "bootstrap": "^5.3.3", diff --git a/package.json b/package.json index d575e812..be86aacf 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "linkace", - "version": "2.5.3", + "version": "2.5.4", "description": "A small, selfhosted bookmark manager with advanced features, built with Laravel and Docker", "homepage": "https://github.com/Kovah/LinkAce", "repository": {