.dockerignore

@@ -0,0 +1,8 @@
+# app is configured through docker-compose
+.env
+# deps are installed during build time
+node_modules
+vendor
+# Let the framework create its own cache. we don't need your cache if you rebuild the image
+/storage/*.*
+!/storage/**/

.env.example

@@ -1,8 +1,8 @@
-APP_NAME=Laravel
+APP_NAME=AthenaHR
 APP_DESCRIPTION="AthenaHR - Your one-stop-shop for your community recruitment needs"
 APP_ENV=local
 APP_KEY=
-APP_DEBUG=true
+APP_DEBUG=false
 APP_URL=http://localhost
 
 # Please note: Use relative URLs. Absolute URLs will not work.
@@ -58,8 +58,10 @@ NONPROD_FORCE_SECURE=false
 LOG_CHANNEL=daily
 
 DB_CONNECTION=mysql
-DB_HOST=localhost
 DB_PORT=3306
+
+# Using docker? You don't need to set these, they're managed in docker-compose.yml.
+DB_HOST=localhost
 DB_DATABASE=laravel
 DB_USERNAME=root
 DB_PASSWORD=

.gitignore

@@ -19,3 +19,4 @@ yarn-error.log
 _ide_helper.php
 _ide_helper_models.php
 .phpstorm.meta.php
+/auth.json

Dockerfile

@@ -0,0 +1,33 @@
+FROM php:8.1-fpm
+
+RUN apt-get update && apt-get install -y \
+    libpng-dev \
+    libjpeg-dev \
+    libfreetype6-dev \
+    libzip-dev \
+    unzip \
+    libcurl4-openssl-dev \
+    libonig-dev \
+    imagemagick  \
+    libmagickwand-dev \
+    && pecl install imagick \
+    && docker-php-ext-enable imagick
+
+RUN docker-php-ext-install gd pdo pdo_mysql zip curl mbstring xml
+RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash -
+RUN apt-get install -y nodejs
+
+WORKDIR /var/www/html
+
+COPY --chown=www-data:www-data . .
+RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
+RUN composer update && composer install
+RUN npm ci
+
+
+RUN chmod -R 755 /var/www/html/storage
+RUN php artisan storage:link
+
+
+EXPOSE 9000
+CMD ["php-fpm"]

README.md

@@ -1,5 +1,14 @@
 # RBRecruiter v1.0.2-stable - Integrated Human Resources Management System
 
+## Future Maintenance
+
+This software is still maintained as of 2025. However, updates will be slow; the next release will be a maintenance release. There's no ETA for this.
+
+### Current Git hosting
+
+AthenaHR is currently hosted at [Webvoke Studio Gitea](code.webvokestudio.pt). This project had many homes; GitHub originally, GitLab, BitBucket, and then finally this Gitea instance. Instances of this repo elsewhere are mirrors.
+
+
 **Are the big name HR apps too bloated and overkill for your online community? Check RBRecruiter out to see if its right for you!**
 
 Have you ever gotten tired of managing your community's staff member applications through Discord (or anything else) and having to scroll through hundreds of new messages just to find that one applicant's username? Struggling with missing/hard-to-find information? Then RBRecruiter is for you. Streamline your team member vetting/addition process by integrating RBRecruiter with your community, now with custom-made integrations to connect with several social platforms.
@@ -18,6 +27,7 @@ Have you ever gotten tired of managing your community's staff member application
  - Controllable permissions - Every user has permissions! Control who has access to what (You can skip the application process and add staff members directly here).
  - Account suspension system - Having trouble with pesky spammers? Suspend them! This will keep them from signing up or signing in until you lift their suspension.
  - Notifications: Notifies slack and email primarily (Slack notifications currently broken)
+ - Complete API - Integrate your app/service with AthenaHR and automate processes (WIP)
 
  And many more features!
 

SECURITY.md

@@ -4,20 +4,25 @@
 
 The following versions are currently supported:
 
-| Version | Supported          |
-|---------|--------------------|
-| 0.1.x   | :x:                |
-| 0.5.x   | :x:                |
-| 0.6.x   | :x:                |
-| 0.7.0   | :x:                |
-| 0.7.1   | :x:                |
-| 0.8.0   | :x:                |
-| 0.8.1   | :x:                |
-| 0.8.2   | :white_check_mark: |
-| 0.9.0   | :white_check_mark: |
+| Version      | Supported          |
+|--------------|--------------------|
+| 0.1.x        | :x:                |
+| 0.5.x        | :x:                |
+| 0.6.x        | :x:                |
+| 0.7.0        | :x:                |
+| 0.7.1        | :x:                |
+| 0.8.0        | :x:                |
+| 0.8.1        | :x:                |
+| 0.8.2        | :x:                |
+| 0.9.0        | :x:                |
+| 1.0.0 onward | :white_check_mark: |
 
-Please note that all current versions are pre-release versions. This means that, until version `1.0.0` is reached, anything may change or break at any time, and releases are made often.
-However, all commits releases are thoroughly tested before they are pushed out, ensuring that the `main` branch is never broken.
+
+All versions below 1.0.0 are considered pre-release versions and therefore are not supported; this means they won't receive any security updates, nor will they receive regular maintenance updates.
+
+Versions above v.1.0.0 are currently supported and will receive security and maintenance updates for at least 6 months from their release date. This table will be updated when releases are no longer supported. Additionally, some versions will be marked as LTS, which means they will continue receiving support for at least two years.
+
+Long story short, if you're using something below 1.0.0, you're own your own!
 
 ## Supported PHP Versions
 
@@ -25,15 +30,17 @@ However, all commits releases are thoroughly tested before they are pushed out,
 |---------|--------------------|
 | 5.x     | :x:                |
 | 7.x     | :x:                |
-| 8.0     | :white_check_mark: |
+| 8.0     | :x:                |
 | 8.1     | :white_check_mark: |
 
+At the moment, only PHP versions 8.1 and above are officially supported.
+
 ## Supported Operating Systems
 
 | Name    | Supported          |
-| ------- | ------------------ |
-| Windows NT | :x:             |
-| MacOS | Docker only |
+| ------- |--------------------|
+| Windows NT | Docker Only        |
+| MacOS | Docker Only        |
 | Ubuntu 22.10 | :white_check_mark: |
 | Other Linux distros | :white_check_mark: |
 
@@ -48,17 +55,129 @@ Use this public PGP key to encrypt your message:
 
     -----BEGIN PGP PUBLIC KEY BLOCK-----
 
-    mDMEYigDUBYJKwYBBAHaRw8BAQdAPSmEMgZc23ouaPwdW7IF5Ej5H7VUGR6Um8N4
-    SAW92i60I01pZ3VlbCBOb2d1ZWlyYSA8bWVAbm9ndWVpcmEuY29kZXM+iJYEExYI
-    AD4WIQTmfmRZELec2wocoaqNKugPeLO16wUCYigDUAIbAwUJAMo64AULCQgHAgYV
-    CgkICwIEFgIDAQIeAQIXgAAKCRCNKugPeLO169kWAQCwd4E0WBB98/1IdMrFAFPZ
-    7zGrIeVGdUD4zg9E8ssLwgEAwYIhnZI9bDaMUit2Fat7PEiqYIiNd1vKev3vO2wm
-    Iw+4OARiKANQEgorBgEEAZdVAQUBAQdAMqfyInidoScxFQAXOdrmpEJW0auO7D+4
-    UnCZr87CugUDAQgHiH4EGBYIACYWIQTmfmRZELec2wocoaqNKugPeLO16wUCYigD
-    UAIbDAUJAMo64AAKCRCNKugPeLO165kGAP4if46/uChEaEwtlQO5fPbMwLmnAKyw
-    K2ImmP3ksxhh1wEA8R0fD0etl5VfcG2lp7h1e/VckbVaQzYwpyETHku39gM=
-    =9azb
+    mQINBGTa3HUBEADPF0ebCIBogj32QxgHCU8NJjuGa+lVgR367+bDP7uf+LeMMsVY
+    v/a478w+tOr1UbO8zIcskiJQeNZenwgzYfpOlxyHyhXW5Gr7XG4rPSzbHQ/YmWMQ
+    39v8/o1hekS7HuAKzOvtcEA2RVUHiREbQdEdOzfRSmVOfSJHWa2+WU1YL8eGOz6Q
+    6h21aUbBhcSbbv5h0XBbTjRFAg3neYpsrI/YXFf+CtYT/014BLdfv5nZ9ED2/WiM
+    CDA7rPPed6jiabNvpQ2RRp3I9xHqqVDRzTqQC3kTucbYxiLwQsl1A0/QUV+PEaJY
+    fw1SVcMtvecCK2y+7dUzfOSUbpVY7q9NB/XvZX7UpsfI7itmfWbW5S7kthGGLVvg
+    jrNggsYx3G1y6ZfIK/jS4rtCFMdl61tAIKrrBHhWcG2kPbi+8k52OpzUzQXxgdYv
+    PdHX696/e1sTMhryvpot3DpPBnZU15qxt7cigxQC78db8mWcv9OBdRkSN97Mml1A
+    e1FKHZwhqQaPnQFat57eUAzx0lqwVDAuK2qYMK073jMsooLdQakJdKhJNpz3O9Yp
+    1NCtdc5ZYZgMA+MSjnPiEHGY81N8TZwQwfkPAs9XkckR9kPX0YbT3CaiZdjkdGhy
+    2lZlm+/DNblLi9owPsvUG/PRu5YUem9j5MPJcwWpvbTI805bp32a3m7+4wARAQAB
+    tEtNaWd1ZWwgTm9ndWVpcmEgKFJlcGxhY2VzIGV4cGlyZWQgc2lnIDNjNmE3ZTI5
+    YWYyNmQzNzApIDxtZUBub2d1ZWlyYS5jb2Rlcz6JAkwEEwEKADYWIQTn7G6fRGOS
+    0grHtt9m+ZusrLjcVAUCZNrcdQIbAQQLCQgHBBUKCQgFFgIDAQACHgECF4AACgkQ
+    ZvmbrKy43FTr8xAAte9CNZwDA8pfQvm9vtcrVP1lYrmXIPhhNABH/+1le9HRJeF0
+    Si7r/uG+H2MZyKXo2ugGx4MeUvBWkQ4aZl60Ra2vz3t7hd+ShV6bwZxN29r+9fws
+    kHLY9fmwnngIr1S88npS8K99CfwRnsOJuCYD4BFJu7v5Z2+xQy6AS9wMxtfVK1RA
+    tRaEHnhuBDnFW9048HAWZMqpLWyMSrhBe1b0ITtQyM7zauykHbnDpO6F6ybV91kH
+    jYxoprR+yDyamY766p39CSzxfiIkYUGEk9/MWtK6qmSBtnarKD4EOxqRi5b/DyHw
+    n+Oyj7oClrfiLABhFNQlWqZskVz3WqIvlO7UJNbSZM4X4ax0dfLZdPtUi9avhmV8
+    Rha11L9ZP8F2+cp+9eM9LstdS2KEiPHfAmHOtgqQvVCNNA4QAQM4uY4fNNSfwrAT
+    JtApdwGAY3DSol6aysKZfjHhz7Vf3Q7QyyUeAPJ6VZuP/Woemijo5Ap9RNMQS7qW
+    QIhaCSOWVdqRZoFGQC0q+bPTEqFq4/QGe4LlH8UZoRRxyMK+6WL5nKYLItHKtQZz
+    4hsM2hEk/wqlsbM3hzUlCfDRz8fG9e2MgDGjoK/DyNlUEUpX0YlQ/WIn9lz+pq1h
+    7U6ncc/4IkCAYa3Kxu9LScGu6Zeb1T9CRqmO4zKUCs09FfDTlSR36A4Vtai5Ag0E
+    ZNreGgEQALlCqEP+U78mdtJa8gD3UMWFn8K2cRPDDFnfVNiquNSmuLkyZmBzArgR
+    rU6nqMQCdLzuQxs236lDdFs4KJr6Pab1cUx1+aaU9Sqrn1M/Lsl287NQnJR1596Q
+    9t4jNcULXrmNvyUmj1G1pnDyYUv+oDQ21jwj9UBxPkSgNVxSfzLGBlB4xrfu4UMX
+    EbzSRPuFsGe5HAjnGzQidIMYJZzjKe5lozH8Ro/xp4s/ybXoiPdwe4ir8ACixI9/
+    igr17Fd0i9IBeJPiRbLrga6iC0jpfZaAAIYZ13wRyOZV8fC2hN3WhaaTJmwO/zW0
+    MTZxnFq8DZdTrVYQC3Lg6lTNcY64HFkRWLXgvG7vVIgQMN+YC8M48r71Onxd0Tpd
+    rDos9zyzXOqENRM0bJG5g2Y/H7urbW2wzZiFLKqvhgWDyBTuTd1KSlI1qgq0Hl+Y
+    do22uOFaHnxhRdrYMTJslJrx2w2h6INvTjHfhtP+GDUFgTa3pfqgLFmnTp4GOUyv
+    7oPJy2Ce1zV0wu6br+TA3sNgO/T2CBXWbD1APNGYlnRU2xDiiSZucI8H05HBqJRQ
+    bTSWBv5nHOvVklCoNdmC1D3JUEIbUyCF3pXFZ1GtvHGiHbx0PF7E1KBFzBbf9BHO
+    iLv5wRtGLO6ROWXVqg2v71pI6dAXyzeAN2dJ6u7//4XPjCXztaGjABEBAAGJAjwE
+    GAEKACYWIQTn7G6fRGOS0grHtt9m+ZusrLjcVAUCZNreGgIbIAUJAeEzgAAKCRBm
+    +ZusrLjcVJAfD/4/iAFsVT32GqRV7kCG3lTAJtLmc4HvhH1Lg+74S03VJRPWQAQv
+    hQ++5AQRk49GYr5tqm2TBL0URCD+uiOeGfCrTZ7G5+nI3oqfgyBYSm/EdXatGNnA
+    tmhY9zo3fx81X5mQ0hJmpKLH5aTupOXqqd6y+eq5IurRJ2XvFvllj8WeELR831HV
+    V7F+cUT3wh1fntAVyo31H7CHpXNhyN6Y6Ku1gzN6LrhGmOTYpeLoLX/BikicO9Yy
+    2diBy35h4CQEYWei/5AMiECrW/muTuFl6INNUXmfz2cikyfP/HWDXguDMG6bOEP7
+    ytrRkM1Nh3cvqHDqTJ2OtpXQSb3kzZa5yzAZybL61KNpMxXD0lO4XGK/Z3/rvm9l
+    UgFtNrexV1l5pnYEDy0DsamSASiQ+U7WZtAQ7noHzpth7FndYxjPpLeN7WISaTHC
+    YxVaG4OoS8zclmwPFFIxHeyd5pHP8jheHsIYabA09gLwZIhCthapA0pfsi3wpdVz
+    7RLO32TaOiLPW6LWPiuYDbvEQfAFFP+jTP80ljv+j8xAvpmAXtHsx38U+opkHn5e
+    oKDQHDV0GokAbES4XOHKhqt6yNDOzNFuqkliKS8Mrw7X6lr+LGXxZb/zlNWhSIEm
+    m9Wu+1S+yaj4bew+5sM2YSv3NIeQc8Lk+JVp0B9Kr4xO0q089dHLv88mw7kCDQRk
+    2t3XARAAx2BjZyrNqibPKymlMfLj5W/irOQGV7TkqajyzFzaLsa0ROZhzsRW7MF1
+    V7Uzzkz/zFYKbprRgBwYCx212X6RnsnaaGhBYzD+f146TOud0iccXryEYzeXA66N
+    Bcw1f7AP92b0+yTOLT1+XrbCae2UZPVp14mJTo/Aus6ZOrbj4nj2H2irrFWeXeMX
+    aHCpbeM3Iifg7x44TevOHh/aisooIWuyEtnRxzVT5yvIvCfV/yTWh9FDFCy0m5HF
+    YRyow7qIr1xiGuLwk4+40SKOMUSqlq4Hv0b52NxFubU2UtFOm0rDXXoDAm9ilq/T
+    dJkgGzmSPtWA2ZMFehinsFd2/SJu0hEJQg6O0zAwq97mJ/UK0LtHiuiqDNGdit0A
+    1qaqQYMqP+RR/ZWZbYVotEpYKTBbtpcsuiO3NKxvYXSjQEcaN2jQ74r8ATPPzyy/
+    EmnsC3bVjjUHHXTqGM7C/sQmglfpOPo1i0qNgrC/D8GhBQ9XMIsgAl6yzPF/H2SU
+    tSy5z9tEH4dt8hZXesSD/33oJa/F0jy01CueNpw0nCX1frQ+B2GZCp+gaUEX8lse
+    S8nuFHhSwT5YzHEHX0dQgcwWNOtFkdiSQVmYHb4Wmo6D433J++TwSEa3dulZr8vl
+    q7ETYWcIOocNRWqRK2gaSGr1qmMpZOkcYT9gT+75n2FbiB2VDGMAEQEAAYkCPAQY
+    AQoAJhYhBOfsbp9EY5LSCse232b5m6ysuNxUBQJk2t3XAhsMBQkB4TOAAAoJEGb5
+    m6ysuNxUov4P/RvHg67/VSYjDuFxKVnGksYXLO53InEg7iz7niqNeWYvHw0lAtfe
+    0gH7YyHtVje0VxnlI1Q1WTpRx+Zk+wItSgHbrxU4Z8XEvSD1RrtWNAKQVfy+Mj8J
+    lYCON6BRDC8y8HYCi2PU8gC493jCgMiURWnezLGI4rBvIrgtVCwtpNj4DbLKCE0w
+    AFsMtOobeSNp/P+281uHx6uImnWujdJwr410b+PsGsjcL948nlVWwUhRwvkpb+Ap
+    vBU1j01QWOX0Ecg/VAQO0xOxNxj2VEdbccrKr6kqZWjlu7Kba+j01t8mLwTcSM+j
+    w2o+yIdCiNB9TqVzbkwthqdR3cB5PJKYCdgryfINfKaBYl3KuADaTMAXwvTi+RLI
+    sToQ8L6Peg4+phIK8T03n8J7hMvbx296JkLKC0tW6BgEkeVGBI8xq8M+xxTXSj22
+    Y+CzfViBNHdybuf0splwwM5fKyZqIJlRID+Dkc4DXoIUA8VPkOD0MnfCCw+NiWSV
+    w09c1KKYOc/ye8kCH3G5ahbdBveR0CwEkOf/x4kbCq2YIEgU4dONWhxdUwaNL8Zw
+    SraxYgTDFs7vAvDbgs4XJ2040CuuojfCCgE/UEXUY5Gx7AUerKmsp0ceh3i+And7
+    +9Iyduoj5WJxoG6oFaq6LiQxPNi1WVDHNWkihpUaU6h1RMn3I9C1o6UQuQINBGTa
+    3ZEBEADw2TU6dql4YKnsW5I3R/9qD79EkR2TOVDlt7q3prFN2tBdO0bcc76+9VNP
+    1QkBdHAPpEH4+l1h/GdpvS7VOLbkhriV8Ur1apeq5w6yAd+OTxh5XkETPJlNHxXN
+    EnLVuQxLIpRzeF38fTqolj3hDViFmhEGKM6clBC8QP/GZt/KDTs6cL+zGMshMCBE
+    igY8xQesVGmo3sEjs2B3VpgUd5yhTIXj1r8QSE3JCH76vkhuQ44MOftqMTRXvbvT
+    6Ei84evKRf4Kqj+1PmAXUqdVx521je8TGf04I81TziwsLUVKlVFfpRiMUj+uk/tK
+    YFfmsel+JONJlw/PJJjcI/txSK0nkAsIK0687C/wZLGXY6bp51VyxNCaQLBmPfcn
+    kKPglp4vsbqLLKuMbOT4+e9Mkc0yj7MFeuJXdf0wvN+Gg88vXgbALVqqnPPNmkb9
+    SXOT/slQ8K/f/yUQSQvEYIpAAWCAvN25iE4XNeTNR+6CWZ+Hg9YtxJOESW44mF6H
+    yfUeJTY0ZewQv1fHAnUVFxCpH7XCjufMMWqGBaeZPIvLUc8EIbeB9eIpPQQrWcvz
+    BYUI6YcNDiN8o+FEuNH4iGPIl9ViNXxBzepCsHI423MtlJlleqGXXPRJE47aKlH5
+    BR/s9Plypv2oJ23RTSg4qaRdBcF2YLUFA5gjaMU9lGFvkyL8awARAQABiQRxBBgB
+    CgAmFiEE5+xun0RjktIKx7bfZvmbrKy43FQFAmTa3ZECGwIFCQHhM4ACPwkQZvmb
+    rKy43FTBcyAEGQEKAB0WIQSLsVt11eY0JqWQURhD7xXbDMht3QUCZNrdkQAKCRBD
+    7xXbDMht3TVvD/Y4J2XpDGhHDdZupOl+u14oVLm7vhrKs6pwIunBIVj8s5dMRGKx
+    D0RmMPNGvGkRYyy96GgPtDpi1YO+CoSLBorFvByHThsIVA3Xd+G+1NYMhOvT2li2
+    pKUBQ67nDxVRoOqKaicnBlyAzi4ne58ddtTDjFQCNcKuc6YaNJBxLMvs7zd4o6YL
+    z+Yh+Gv5F+rCQvj+RGTtiICeiQxSF9JAxyVoyugnBx/eE9Mn9KO+WGEOU9q3k4v8
+    Ec8iY3bZKQmc03NLNXOqNo1qEaxTYCgQdyPK4NCID5XSDr56lSa1R/qqf8L7t1Xf
+    hBzvLCm2YBq1CvGkLaApNKm7WWMIbJMriOCLyXOATnyDoO1jYG86UdDa0CMRuSQu
+    MfB6jSKgr5HrMuwJHunKLp6cLa7mHCi+wTvqYOYhS/Y8hBxtEsiCwqpCMBfLCCTd
+    cQkrOgS6e8U36coXVBEsfsNdGLdpJDVhmqramkPV0ZqCUpGAM/5hreY+oWwVhQq7
+    DXyeL0Xjxc3MDC6NxKCoCV9Hh89QWqyokmC5ocvSlacVl4Mik7UtRgNufJpthfM1
+    QqJi6IYiW/VoIqjVSatvK772JhSpNEwMy5DX5gfSAyi4+KEj1zCDSA3t//lKdjyM
+    r2cbSn51Ou6tr163t0Q3bqLlv+R4WxjGR3JQJGUYE2x0J9z1YOb0WW6gfVQQAKIk
+    tc4qXSCCMfryn4zm4JPXBIY8LX+ypz0OmFndOjbDZ27pHTFh/4eVNORAr94FM+2t
+    McikmjPFi1zc+0Is2tGK0x2854/8IOVTl7zRXakVqbWFOLHnE3QHqW/b3NTwQkJe
+    ZcTHE7wvxid5R2qzETx3Hl3reajaaLTlYqTLkS1PsJY6hOm9tRUW03Dp/lMGxhuA
+    c4XN7NTsLve0+VoOqyARFutO9XHRzhAg+0iO/ATaUmkPoNEzYxSwcHmPffb49kVO
+    nfoz71l6LDLl9sABrU9GkrKpQKt1HbomJ0uHGqYlXIRqrH8qqv2Sj2XfkoVgeXxC
+    jQoK3Vg/rCkiM7YUMADks66rTD/GezWOv2pyBvoD31vITKMd8A89g2SVdPo/JpG6
+    O4biekGbnoPZsF+39AT1mbKFDhK5vOHoiSNmdDQRHwq3mBTpzywm4tC+kSN9owNl
+    cPqY7wsYVU7eS7WEIl5jnQOkGYQIEDtqoJUrUf0/n0frKs7o084TuP8ednzbpDIC
+    K4WgPkxodgUOYJDiXio94TRgBN8H0uW6ew3allO9R5iB/5WKfUbx6BfqLKNtSdar
+    NyOygnYabChA7CP4t77KPsOWDL+OcmHOK//QeID/hbqxOfBnkARq1zuLex6bS6kO
+    /k925kCtzpT9dRpwmvccf9Hag36LItLzInt526MG
+    =eyRs
     -----END PGP PUBLIC KEY BLOCK-----
 
 
 You may use [this tool](https://pgptool.org/) to encrypt and sign your message.
+
+
+## Using the Issue Tracker
+
+This GitLab system is intended for internal use only, therefore, only authorized users may sign up and sign in via the currently configured idP integration. However, if you want to contribute to the project or submit a bug report, please feel free to request an account!
+
+Account requests are granted regularly, though requests will be expedited/prioritised for users with their own email domain and users with an established GitLab/GitHub account.
+
+To request an account, please follow the format below and send it to ``security@webvokestudio.pt``:
+
+    Subject: Future Gamers GitLab Account Request - [Your Name]
+    Body:
+    
+    Reason: I want an account because A and B
+    GitLab/GitHub: https://gitlab.com/YourAccount OR https://github.com/YourAccount

app/Console/Kernel.php

@@ -1,74 +0,0 @@
-<?php
-
-/*
- * Copyright © 2020 Miguel Nogueira
- *
- *   This file is part of Raspberry Staff Manager.
- *
- *     Raspberry Staff Manager is free software: you can redistribute it and/or modify
- *     it under the terms of the GNU General Public License as published by
- *     the Free Software Foundation, either version 3 of the License, or
- *     (at your option) any later version.
- *
- *     Raspberry Staff Manager is distributed in the hope that it will be useful,
- *     but WITHOUT ANY WARRANTY; without even the implied warranty of
- *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *     GNU General Public License for more details.
- *
- *     You should have received a copy of the GNU General Public License
- *     along with Raspberry Staff Manager.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-namespace App\Console;
-
-use App\Jobs\ProcessDueSuspensions;
-use App\Jobs\ProcessExpiredAbsences;
-use Illuminate\Console\Scheduling\Schedule;
-use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
-
-class Kernel extends ConsoleKernel
-{
-    /**
-     * The Artisan commands provided by your application.
-     *
-     * @var array
-     */
-    protected $commands = [
-        //
-    ];
-
-    /**
-     * Define the application's command schedule.
-     *
-     * @param  \Illuminate\Console\Scheduling\Schedule  $schedule
-     * @return void
-     */
-    protected function schedule(Schedule $schedule)
-    {
-        $schedule->command('vote:evaluate')
-            ->daily();
-        // Production value: Every day
-
-        $schedule->job(new ProcessDueSuspensions)
-            ->daily();
-        // Production value: Every day
-        // Development value: Every minute
-
-        $schedule->job(new ProcessExpiredAbsences)
-            ->daily();
-        // Production value: Every day
-        // Development value: Every minute
-    }
-
-    /**
-     * Register the commands for the application.
-     *
-     * @return void
-     */
-    protected function commands()
-    {
-        $this->load(__DIR__.'/Commands');
-
-        require base_path('routes/console.php');
-    }
-}

app/Http/Controllers/Auth/DiscordController.php

@@ -21,8 +21,11 @@
 
 namespace App\Http\Controllers\Auth;
 
+use App\Facades\Options;
 use App\Http\Controllers\Controller;
 use App\User;
+use GuzzleHttp\Exception\ClientException;
+use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 use Laravel\Socialite\Facades\Socialite;
@@ -37,8 +40,13 @@ class DiscordController extends Controller
             ->redirect();
     }
 
-    public function discordCallback()
+    public function discordCallback(Request $request)
     {
+        if($request->has('error'))
+        {
+            abort(401, __("Access Denied: To sign in with your Discord account or apply for positions requiring it, please ensure you authorize our application (:applicationName). We request permissions to manage your account, maintain it, and handle your permissions within our community servers. Feel free to read our Privacy Policy if you have any concerns.", ['applicationName' => config('app.name')]));
+        }
+
         try {
             $discordUser = Socialite::driver('discord')->user();
         } catch (InvalidStateException $stateException) {
@@ -49,6 +57,7 @@ class DiscordController extends Controller
             ]);
 
             return redirect(route('discordRedirect'));
+
         }
 
         $appUser = User::where('email', $discordUser->getEmail())->first();
@@ -62,6 +71,14 @@ class DiscordController extends Controller
 
             Auth::login($appUser, true);
         } else {
+
+            if (!Options::getOption('enable_registrations'))
+            {
+                return redirect()
+                    ->route('home')
+                    ->with('error', __('Hey there, ' . $discordUser->getName() . '! Sign ups are currently closed so we were not able to create your account. Head over to the sign up page to request an invitation if you\'d like. Alternatively, if you already have an account here, make sure to log in with Discord with the correct account you linked beforehand.'));
+            }
+
             $oAuthUser = User::create([
                 'uuid' => null,
                 'name' => $discordUser->getName(),

app/Http/Controllers/Auth/RegisterController.php

@@ -28,6 +28,7 @@ use App\User;
 use Illuminate\Foundation\Auth\RegistersUsers;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
+use Session;
 
 class RegisterController extends Controller
 {
@@ -71,6 +72,10 @@ class RegisterController extends Controller
     {
         $password = ['required', 'string', 'confirmed'];
 
+        $signupEnabled = Options::getOption('enable_registrations');
+        $signupOverride = Session::has('ALLOW_REGISTRATION_OVERRIDE') && Session::get('ALLOW_REGISTRATION_OVERRIDE') === true;
+        $signupOverrideEmail = Session::has('REGISTRATION_OVERRIDE_EMAIL') ? Session::get('REGISTRATION_OVERRIDE_EMAIL') : null;
+
         switch (Options::getOption('pw_security_policy')) { // this could be better structured, switch doesn't feel right
             case 'off':
                 $password = ['required', 'string', 'confirmed'];
@@ -99,7 +104,15 @@ class RegisterController extends Controller
             'dob.required' => __('Please enter your date of birth.'),
             'uuid.required' => __('Please enter a valid (and Premium) Minecraft username! We do not support cracked users.'),
             'acceptTerms.required' => __('Please accept the Community Guidelines, Terms of Service and Privacy Policy to continue.'),
-        ]);
+
+        ])->after(function (\Illuminate\Validation\Validator $validator) use ($signupEnabled, $signupOverride, $signupOverrideEmail) {
+
+            $email = $validator->getData()['email'];
+
+            $validator->errors()->addIf(!$signupEnabled && !$signupOverride, 'signup', __('We\'re sorry, but new sign ups are currently closed and invite-only.'));
+            $validator->errors()->addIf($signupOverride && $email !== $signupOverrideEmail, 'email', 'You must sign up with the email address you were invited with.');
+
+        });
     }
 
     /**
@@ -124,6 +137,13 @@ class RegisterController extends Controller
 
         $user->assignRole('user');
 
+        if (Session::get('ALLOW_REGISTRATION_OVERRIDE')) {
+            Session::forget([
+                'ALLOW_REGISTRATION_OVERRIDE',
+                'REGISTRATION_OVERRIDE_EMAIL'
+            ]);
+        }
+
         return $user;
     }
 }

app/Http/Controllers/InvitationController.php

@@ -0,0 +1,158 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Http\Requests\ApproveInviteRequest;
+use App\Http\Requests\DenyInviteRequest;
+use App\Http\Requests\InvitationRequest;
+use App\Http\Requests\ValidateInviteRequest;
+use App\Invitation;
+use App\Mail\InviteApprovedMail;
+use App\Mail\InvitedToApp;
+use App\Mail\InviteRequestReceived;
+use App\Response;
+use Auth;
+use Illuminate\Http\Request;
+use Mail;
+use Session;
+
+class InvitationController extends Controller
+{
+    public function index()
+    {
+        $this->authorize('viewAny', Invitation::class);
+
+        return view('dashboard.administration.invites', [
+            'invites' => Invitation::all()
+        ]);
+    }
+
+    public function requestInvite(InvitationRequest $request)
+    {
+
+        $this->authorize('create', Invitation::class);
+
+        $guest = Auth::guest();
+        $invitation = new Invitation();
+
+        $invitation->requestor_email = $request->input('email');
+        $invitation->requestor_ip_address = $request->ip();
+        $invitation->status = $guest ? 'pending' : 'approved';
+        $invitation->invitation_code = bin2hex(random_bytes(64));
+        $invitation->expiration = now()->addDays(2);
+
+        try {
+            $invitation->saveOrFail();
+            $addlMessage = ($guest) ? __('Check your email address for a confirmation email.') : '';
+
+            $request->session()->flash('success', __('Invitation request sent. :additionalUnauthenticatedMessage', ['additionalUnauthenticatedMessage' => $addlMessage]));
+
+            if ($guest) {
+                Mail::to($invitation->requestor_email)->send(new InviteRequestReceived());
+            }
+            else {
+                // this is an approved invite
+                Mail::to($invitation->requestor_email)->send(new InvitedToApp($invitation));
+            }
+
+
+        } catch (\Exception $exception) {
+
+            \Log::debug('[INVITES]: Error saving invite request', ['message' => $exception->getMessage(), 'requestor_ip' => $request->ip()]);
+            $request->session()->flash('error', __('Sorry, but we were unable to request an invitation for you. If you already requested one, trying to request another will not be possible, nor will it speed up the process.'));
+
+        }
+
+        return redirect()->back();
+    }
+
+    public function approveInvite(ApproveInviteRequest $request, Invitation $invitation)
+    {
+        $this->authorize('update', $invitation);
+
+        $approvableStates = [
+            'pending'
+        ];
+
+        if ($invitation->expiration && now()->lessThanOrEqualTo($invitation->expiration) && in_array($invitation->status, $approvableStates))
+        {
+            $invitation->status = 'approved';
+            $invitation->save();
+
+            Mail::to($invitation->requestor_email)->send(new InviteApprovedMail($invitation));
+
+            return redirect()
+                ->back()
+                ->with('success', __('Invite request approved! This user can now sign up.'));
+
+        }
+        else
+        {
+            return redirect()
+                ->back()
+                ->with('error', __('This invitation couldn\'t be approved because either it\'s already approved or it is expired.'));
+
+        }
+    }
+
+    public function denyInvite(DenyInviteRequest $request, Invitation $invitation)
+    {
+        $this->authorize('update', $invitation);
+
+        $declinableStates = [
+          'pending'
+        ];
+
+        if ($invitation->expiration && now()->lessThanOrEqualTo($invitation->expiration) && in_array($invitation->status, $declinableStates))
+        {
+            $invitation->status = 'denied';
+            $invitation->save();
+
+            return redirect()
+                ->back()
+                ->with('success', __('Invitation denied. No notifications were sent. This user cannot be invited again.'));
+
+        }
+
+        return redirect()
+            ->back()
+            ->with('error', __('This invitation could not be denied because it is either already approved, expired, or in an otherwise invalid state.'));
+    }
+
+    public function redeemInvite(Request $request)
+    {
+        return view('auth.redeem-invite', ['validationToken' => $request->route('token')]);
+    }
+
+    public function validateInvite(ValidateInviteRequest $request)
+    {
+        $token = $request->input('validation_token');
+        $email = $request->input('email');
+
+        $invite = Invitation::where('requestor_email', $email)->first();
+
+
+
+        if (!empty($invite) && $token === $invite->invitation_code && 'approved' === $invite->status && $invite->expiration && now()->lessThanOrEqualTo($invite->expiration))
+        {
+            $invite->status = 'completed';
+            $invite->save();
+
+            Session::put('ALLOW_REGISTRATION_OVERRIDE', true);
+            Session::put('REGISTRATION_OVERRIDE_EMAIL', $email);
+
+            return redirect()
+                ->route('register')
+                ->with('success', __('Invitation code validated! You can now sign up with the email address you were invited with.'));
+        }
+        else
+        {
+            return redirect()
+                ->back()
+                ->with('error', __('Something went wrong while validating your invite. Either it does not exist, is expired, has not been approved yet, or the token is wrong (do not edit it).'));
+        }
+
+    }
+
+}
+

app/Http/Controllers/OptionsController.php

@@ -55,6 +55,9 @@ class OptionsController extends Controller
                     'requiresPMC' => Options::getOption('requireGameLicense'),
                     'enforce2fa' => Options::getOption('force2fa'),
                 ],
+                'features' => [
+                  'enableRegistrations' => Options::getOption('enable_registrations')
+                ],
                 'currentGame' => Options::getOption('currentGame'),
             ]);
     }

app/Http/Controllers/SecuritySettingsController.php

@@ -21,6 +21,7 @@ class SecuritySettingsController extends Controller
             'pwExpiry' => $request->pwExpiry,
             'enforce2fa' => $request->enforce2fa,
             'requirePMC' => $request->requirePMC,
+            'enable_registrations' => $request->input('enable_registrations')
         ]);
 
         return redirect()

app/Http/Kernel.php

@@ -1,96 +0,0 @@
-<?php
-
-/*
- * Copyright © 2020 Miguel Nogueira
- *
- *   This file is part of Raspberry Staff Manager.
- *
- *     Raspberry Staff Manager is free software: you can redistribute it and/or modify
- *     it under the terms of the GNU General Public License as published by
- *     the Free Software Foundation, either version 3 of the License, or
- *     (at your option) any later version.
- *
- *     Raspberry Staff Manager is distributed in the hope that it will be useful,
- *     but WITHOUT ANY WARRANTY; without even the implied warranty of
- *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *     GNU General Public License for more details.
- *
- *     You should have received a copy of the GNU General Public License
- *     along with Raspberry Staff Manager.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-namespace App\Http;
-
-use Illuminate\Foundation\Http\Kernel as HttpKernel;
-
-class Kernel extends HttpKernel
-{
-    /**
-     * The application's global HTTP middleware stack.
-     *
-     * These middleware are run during every request to your application.
-     *
-     * @var array
-     */
-    protected $middleware = [
-        \App\Http\Middleware\TrustProxies::class,
-        \Illuminate\Http\Middleware\HandleCors::class,
-        \App\Http\Middleware\CheckForMaintenanceMode::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
-    ];
-
-    /**
-     * The application's route middleware groups.
-     *
-     * @var array
-     */
-    protected $middlewareGroups = [
-        'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            // \Illuminate\Session\Middleware\AuthenticateSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        ],
-
-        'api' => [
-            'throttle:60,1',
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        ],
-    ];
-
-    /**
-     * The application's route middleware.
-     *
-     * These middleware may be assigned to groups or used individually.
-     *
-     * @var array
-     */
-    protected $routeMiddleware = [
-        'auth' => \App\Http\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
-        'can' => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
-        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
-        'eligibility' => \App\Http\Middleware\ApplicationEligibility::class,
-        'usernameUUID' => \App\Http\Middleware\UsernameUUID::class,
-        'forcelogout' => \App\Http\Middleware\ForceLogoutMiddleware::class,
-        '2fa' => \PragmaRX\Google2FALaravel\Middleware::class,
-        'passwordexpiration' => \App\Http\Middleware\PasswordExpirationMiddleware::class,
-        'passwordredirect' => \App\Http\Middleware\PasswordExpirationRedirectMiddleware::class,
-        'localize' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRoutes::class,
-        'localizationRedirect' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationRedirectFilter::class,
-        'localeSessionRedirect' => \Mcamara\LaravelLocalization\Middleware\LocaleSessionRedirect::class,
-        'localeCookieRedirect' => \Mcamara\LaravelLocalization\Middleware\LocaleCookieRedirect::class,
-        'localeViewPath' => \Mcamara\LaravelLocalization\Middleware\LaravelLocalizationViewPath::class,
-    ];
-}