v5.1.5

Author: dipaksarkar

.bladeignore

@@ -0,0 +1,2 @@
+# Ignore email templates
+resources/views/emails/**

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.{yml,yaml,js,json}]
+indent_size = 2

.gitattributes

@@ -21,5 +21,7 @@ phpunit.xml.dist export-ignore
 RELEASE.md export-ignore
 UPGRADE.md export-ignore
 encode.sh export-ignore
+encoder.php export-ignore
+loader.php export-ignore
 comments.txt export-ignore
 testbench.yaml export-ignore

.gitignore

@@ -0,0 +1,14 @@
+.DS_Store
+.thumbs.db
+*.bak
+*.zip
+/vendor
+
+composer.lock
+/phpunit.xml
+.phpunit.result.cache
+example
+/backup_*
+*.backup
+*.backup.*
+/encoder

.styleci.yml

@@ -0,0 +1,4 @@
+php:
+  preset: laravel
+js: true
+css: true

README.md

@@ -0,0 +1,24 @@
+# coderstm/laravel-core
+
+<p align="center">
+<a href="https://github.com/coders-tm/laravel-core/actions"><img src="https://github.com/coders-tm/laravel-core/workflows/tests/badge.svg" alt="Build Status"></a>
+<a href="https://packagist.org/packages/coderstm/laravel-core"><img src="https://img.shields.io/packagist/dt/coderstm/laravel-core" alt="Total Downloads"></a>
+<a href="https://packagist.org/packages/coderstm/laravel-core"><img src="https://img.shields.io/packagist/v/coderstm/laravel-core" alt="Latest Stable Version"></a>
+<a href="https://packagist.org/packages/coderstm/laravel-core"><img src="https://img.shields.io/packagist/l/coderstm/laravel-core" alt="License"></a>
+</p>
+
+## Introduction
+
+[Laravel Core](https://laravel.com) package that provides essential core functionalities and utilities for Laravel applications.
+
+## Official Documentation
+
+Documentation for Laravel Core can be found [here](https://laravel-core.netlify.com).
+
+## Security Vulnerabilities
+
+Please review [our security policy](https://github.com/coders-tm/laravel-core/security/policy) on how to report security vulnerabilities.
+
+## License
+
+Laravel Core is open-sourced software licensed under the [MIT license](LICENSE.md).

SECURITY.md

@@ -0,0 +1,160 @@
+# License Security Implementation
+
+## Overview
+
+This implementation provides multiple layers of security to prevent license bypass and ensure system integrity. The security system is designed to be tamper-resistant and difficult to circumvent.
+
+## Security Layers
+
+### 1. Early Boot Validation
+- License verification happens during service provider boot, before any other application logic
+- The application terminates immediately if license validation fails
+- Cannot be bypassed by modifying middleware stack after boot
+
+### 2. Multiple Middleware Registration
+- Primary middleware is registered in multiple positions (push and prepend)
+- Periodic verification middleware runs additional checks every 5 minutes
+- Provides redundancy if one middleware is removed
+- Middleware integrity is verified during termination
+
+### 3. Runtime Verification Caching
+- Verification results are cached with environment-specific hashes
+- Prevents repeated API calls while maintaining security
+- Cache is automatically invalidated on environment changes
+
+### 4. Request-Level Security Checks
+- Suspicious headers and parameters are detected
+- Multiple verification layers per request
+- Graceful handling of license violations
+
+### 5. Tamper Detection
+- Environment-specific verification hashes
+- Basic file existence monitoring
+- Runtime security checks
+
+## Implementation Details
+
+### Service Provider Security (`CoderstmServiceProvider`)
+
+1. **Early Boot Enforcement**: `enforceSystemIntegrity()`
+   - Runs before any other boot operations
+   - Terminates application on license failure
+   - Sets verification flags for later checks
+
+2. **Secure Middleware Registration**: `registerSecureMiddleware()`
+   - Registers middleware in multiple positions
+   - Adds termination callback for integrity verification
+   - Cannot be easily bypassed
+
+3. **Middleware Integrity Verification**: `verifyMiddlewareIntegrity()`
+   - Checks middleware presence during termination
+   - Detects middleware removal attempts
+   - Terminates application if middleware is missing
+
+### License Middleware Security (`SystemIntegrityVerifier`)
+
+1. **Enhanced License Verification**: `verifyEnvironment()`
+   - Caches verification with environment hashes
+   - Environment-specific verification factors
+   - Invalidates cache on environment changes
+
+2. **Comprehensive Request Verification**: `performComprehensiveVerification()`
+   - Multiple verification layers
+   - Boot verification checks
+   - Request-level security validation
+
+## Security Features
+
+### Bypass Prevention
+- Multiple verification points prevent single-point failures
+- Early termination prevents application execution
+- Encrypted storage prevents data tampering
+- Environment-specific hashing prevents cache transfer
+
+### Tamper Detection
+- Basic file existence checks
+- Suspicious request detection
+- Environment-specific verification hashes
+
+### Graceful Degradation
+- Appropriate error responses for different contexts
+- License management interface access
+- User-friendly error pages
+- API-compatible error responses
+
+## Configuration
+
+### License Management Routes
+- `/license/manage` - License management interface
+- `/license/update` - License update endpoint
+
+### Console Commands
+```bash
+# Clear application cache
+php artisan cache:clear
+
+# Clear configuration cache
+php artisan config:clear
+```
+
+### Environment Variables
+```bash
+# Required
+APP_LICENSE_KEY=your_license_key_here
+CODERSTM_DOMAIN=your_domain_here
+INSTALLER_APP_ID=your_app_id_here
+
+# Optional Security Settings
+CODERSTM_CHECK_INTERVAL=300
+CODERSTM_TAMPER_DETECT=true
+```
+
+## Security Best Practices
+
+### For Developers
+1. Never comment out license verification code
+2. Don't modify the SystemIntegrityVerifier class
+3. Keep environment variables secure
+4. Monitor system integrity regularly
+
+### For System Administrators
+1. Regularly run integrity verification
+2. Monitor application logs for tampering attempts
+3. Keep license keys secure
+4. Update license before expiration
+
+### For End Users
+1. Use legitimate license keys only
+2. Don't attempt to bypass license checks
+3. Contact support for license issues
+4. Keep application updated
+
+## Troubleshooting
+
+### Common Issues
+1. **License verification failed**: Check license key and domain configuration
+2. **File integrity errors**: Verify critical files haven't been modified
+3. **Middleware missing**: Check service provider registration
+4. **Cache issues**: Clear license cache and re-verify
+
+### Debug Commands
+```bash
+# Clear license cache
+php artisan cache:clear
+
+# Check logs
+tail -f storage/logs/laravel.log
+```
+
+## Security Limitations
+
+While this implementation provides robust protection, it's important to understand its limitations:
+
+1. **Not cryptographically unbreakable**: Determined attackers with server access can still bypass
+2. **Requires server-side verification**: Cannot prevent client-side modifications
+3. **Performance overhead**: Multiple verification layers add computational cost
+4. **Maintenance required**: System needs updates for new bypass methods
+
+## Conclusion
+
+This multi-layered security approach significantly increases the difficulty of bypassing license validation while maintaining system usability. Regular monitoring and updates are essential for continued effectiveness.

composer.json

@@ -0,0 +1,127 @@
+{
+  "name": "coderstm/laravel-core",
+  "description": "Laravel Core package that provides essential core functionalities and utilities for Laravel applications.",
+  "keywords": [
+    "laravel",
+    "sanctum",
+    "auth",
+    "enquiry",
+    "multi auth guard",
+    "tasks management",
+    "log",
+    "subscription"
+  ],
+  "license": "MIT",
+  "support": {
+    "issues": "https://github.com/coders-tm/laravel-core/issues",
+    "source": "https://github.com/coders-tm/laravel-core"
+  },
+  "authors": [
+    {
+      "name": "Dipak Sarkar",
+      "email": "[email protected]"
+    }
+  ],
+  "require": {
+    "php": "^8.2",
+    "ext-json": "*",
+    "barryvdh/laravel-dompdf": "^3.1",
+    "creativeorange/gravatar": "^1.0",
+    "doctrine/dbal": "^3.4",
+    "gocardless/gocardless-pro": "^6.6",
+    "illuminate/console": "^12.0",
+    "illuminate/contracts": "^12.0",
+    "illuminate/database": "^12.0",
+    "illuminate/http": "^12.0",
+    "illuminate/log": "^12.0",
+    "illuminate/notifications": "^12.0",
+    "illuminate/pagination": "^12.0",
+    "illuminate/routing": "^12.0",
+    "illuminate/support": "^12.0",
+    "illuminate/view": "^12.0",
+    "jenssegers/agent": "^2.6",
+    "kreait/laravel-firebase": "^6.0",
+    "laravel-notification-channels/fcm": "^5.0",
+    "laravel/cashier": "^15.0",
+    "laravel/sanctum": "^4.0",
+    "league/csv": "^9.15",
+    "league/iso3166": "^4.3",
+    "nesbot/carbon": "^3.0",
+    "qirolab/laravel-themer": "^2.4",
+    "razorpay/razorpay": "^2.9",
+    "simplesoftwareio/simple-qrcode": "^4.2",
+    "spatie/laravel-sluggable": "^3.7",
+    "srmklive/paypal": "^3.0",
+    "stevebauman/location": "^7.2.0",
+    "symfony/console": "^7.0",
+    "symfony/http-kernel": "^7.0",
+    "symfony/polyfill-intl-icu": "^1.22.1",
+    "twilio/sdk": "^7.16",
+    "vedmant/laravel-shortcodes": "^1.1"
+  },
+  "require-dev": {
+    "mockery/mockery": "^1.6",
+    "nunomaduro/collision": "^8.1",
+    "orchestra/testbench": "^10.0",
+    "phpstan/phpstan": "^1.10",
+    "phpunit/phpunit": "^11.5"
+  },
+  "suggest": {
+    "ext-intl": "Allows for more locales besides the default \"en\" when formatting money values.",
+    "dompdf/dompdf": "Required when generating and downloading invoice PDF's using Dompdf (^2.0)."
+  },
+  "autoload": {
+    "psr-4": {
+      "Coderstm\\": "src/",
+      "Coderstm\\Database\\Factories\\": "database/factories/",
+      "Coderstm\\Database\\Seeders\\": "database/seeders/"
+    },
+    "files": [
+      "lib/helpers.php"
+    ]
+  },
+  "autoload-dev": {
+    "psr-4": {
+      "Coderstm\\Tests\\": "tests/",
+      "App\\": "workbench/app/",
+      "Database\\Factories\\": "workbench/database/factories/",
+      "Database\\Seeders\\": "workbench/database/seeders/"
+    }
+  },
+  "extra": {
+    "laravel": {
+      "providers": [
+        "Coderstm\\Providers\\ThemeServiceProvider",
+        "Coderstm\\Providers\\CoderstmServiceProvider",
+        "Coderstm\\Providers\\CoderstmPermissionsServiceProvider",
+        "Coderstm\\Providers\\CoderstmEventServiceProvider",
+        "Coderstm\\Providers\\ShortcodeServiceProvider"
+      ]
+    }
+  },
+  "config": {
+    "sort-packages": true
+  },
+  "minimum-stability": "dev",
+  "prefer-stable": true,
+  "scripts": {
+    "post-autoload-dump": [
+      "@clear",
+      "@prepare"
+    ],
+    "clear": "@php vendor/bin/testbench package:purge-skeleton --ansi",
+    "prepare": "@php vendor/bin/testbench package:discover --ansi",
+    "build": "@php vendor/bin/testbench workbench:build --ansi",
+    "serve": [
+      "Composer\\Config::disableProcessTimeout",
+      "@build",
+      "@php vendor/bin/testbench serve --ansi"
+    ],
+    "lint": [
+      "@php vendor/bin/phpstan analyse --verbose --ansi"
+    ],
+    "test": [
+      "@php vendor/bin/phpunit"
+    ]
+  }
+}