Updated version and assets for release v23.10

Previously we'd prevent caching of authed responses for security
(prevent back cache or proxy caching) but caching could still be an
issue in non-auth scenarios due to CSRF (eg. returning to login screen after
session expiry).

For #4600

.env.example

@@ -37,8 +37,10 @@ MAIL_FROM=bookstack@example.com
 # SMTP mail options
 # These settings can be checked using the "Send a Test Email"
 # feature found in the "Settings > Maintenance" area of the system.
+# For more detailed documentation on mail options, refer to:
+# https://www.bookstackapp.com/docs/admin/email-webhooks/#email-configuration
 MAIL_HOST=localhost
-MAIL_PORT=1025
+MAIL_PORT=587
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null

.env.example.complete

@@ -69,23 +69,19 @@ DB_PASSWORD=database_user_password
 # certificate itself (Common Name or Subject Alternative Name).
 MYSQL_ATTR_SSL_CA="/path/to/ca.pem"
 
-# Mail system to use
-# Can be 'smtp' or 'sendmail'
+# Mail configuration
+# Refer to https://www.bookstackapp.com/docs/admin/email-webhooks/#email-configuration
 MAIL_DRIVER=smtp
-
-# Mail sending options
-MAIL_FROM=mail@bookstackapp.com
+MAIL_FROM=bookstack@example.com
 MAIL_FROM_NAME=BookStack
 
-# SMTP mail options
 MAIL_HOST=localhost
-MAIL_PORT=1025
+MAIL_PORT=587
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
 MAIL_VERIFY_SSL=true
 
-# Command to use when email is sent via sendmail
 MAIL_SENDMAIL_COMMAND="/usr/sbin/sendmail -bs"
 
 # Cache & Session driver to use
@@ -363,6 +359,15 @@ ALLOWED_IFRAME_HOSTS=null
 # Current host and source for the "DRAWIO" setting will be auto-appended to the sources configured.
 ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com"
 
+# A list of the sources/hostnames that can be reached by application SSR calls.
+# This is used wherever users can provide URLs/hosts in-platform, like for webhooks.
+# Host-specific functionality (usually controlled via other options) like auth
+# or user avatars for example, won't use this list.
+# Space seperated if multiple. Can use '*' as a wildcard.
+# Values will be compared prefix-matched, case-insensitive, against called SSR urls.
+# Defaults to allow all hosts.
+ALLOWED_SSR_HOSTS="*"
+
 # The default and maximum item-counts for listing API requests.
 API_DEFAULT_ITEM_COUNT=100
 API_MAX_ITEM_COUNT=500

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,7 +1,14 @@
 name: Bug Report
-description: Create a report to help us improve or fix things
+description: Create a report to help us fix bugs & issues in existing supported functionality
 labels: [":bug: Bug"]
 body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out a bug report!
+        Please note that this form is for reporting bugs in existing supported functionality.
+        
+        If you are reporting something that's not an issue in functionality we've previously supported and/or is simply something different to your expectations, then it may be more appropriate to raise via a feature or support request instead.
   - type: textarea
     id: description
     attributes:
@@ -13,7 +20,7 @@ body:
     id: reproduction
     attributes:
       label: Steps to Reproduce
-      description: Detail the steps that would replicate this issue
+      description: Detail the steps that would replicate this issue.
       placeholder: |
         1. Go to '...'
         2. Click on '....'
@@ -32,7 +39,7 @@ body:
     id: context
     attributes:
       label: Screenshots or Additional Context
-      description: Provide any additional context and screenshots here to help us solve this issue
+      description: Provide any additional context and screenshots here to help us solve this issue.
     validations:
       required: false
   - type: input
@@ -48,23 +55,7 @@ body:
     id: bsversion
     attributes:
       label: Exact BookStack Version
-      description: This can be found in the settings view of BookStack. Please provide an exact version.
-      placeholder: (eg. v21.08.5)
-    validations:
-      required: true
-  - type: input
-    id: phpversion
-    attributes:
-      label: PHP Version
-      description: Keep in mind your command-line PHP version may differ to that of your webserver. Provide that relevant to the issue.
-      placeholder: (eg. 7.4)
-    validations:
-      required: false
-  - type: textarea
-    id: hosting
-    attributes:
-      label: Hosting Environment
-      description: Describe your hosting environment as much as possible including any proxies used (If applicable).
-      placeholder: (eg. Ubuntu 20.04 VPS, installed using official installation script)
+      description: This can be found in the settings view of BookStack. Please provide an exact version(s) you've tested on.
+      placeholder: (eg. v23.06.7)
     validations:
       required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -33,9 +33,9 @@ body:
     attributes:
       label: Have you searched for an existing open/closed issue?
       description: |
-        To help us keep these issues under control, please ensure you have first [searched our issue list](https://github.com/BookStackApp/BookStack/issues?q=is%3Aissue) for any existing issues that cover the fundemental benefit/goal of your request.
+        To help us keep these issues under control, please ensure you have first [searched our issue list](https://github.com/BookStackApp/BookStack/issues?q=is%3Aissue) for any existing issues that cover the fundamental benefit/goal of your request.
       options:
-        - label: I have searched for existing issues and none cover my fundemental request
+        - label: I have searched for existing issues and none cover my fundamental request
           required: true
   - type: dropdown
     id: existing_usage
@@ -43,8 +43,8 @@ body:
       label: How long have you been using BookStack?
       options:
         - Not using yet, just scoping
-        - 0 to 6 months
-        - 6 months to 1 year
+        - Under 3 months
+        - 3 months to 1 year
         - 1 to 5 years
         - Over 5 years
     validations:

.github/ISSUE_TEMPLATE/support_request.yml

@@ -33,7 +33,7 @@ body:
     attributes:
       label: Exact BookStack Version
       description: This can be found in the settings view of BookStack. Please provide an exact version.
-      placeholder: (eg. v21.08.5)
+      placeholder: (eg. v23.06.7)
     validations:
       required: true
   - type: textarea
@@ -44,19 +44,11 @@ body:
       placeholder: Be sure to remove any confidential details in your logs
     validations:
       required: false
-  - type: input
-    id: phpversion
-    attributes:
-      label: PHP Version
-      description: Keep in mind your command-line PHP version may differ to that of your webserver. Provide that most relevant to the issue.
-      placeholder: (eg. 7.4)
-    validations:
-      required: false
   - type: textarea
     id: hosting
     attributes:
       label: Hosting Environment
       description: Describe your hosting environment as much as possible including any proxies used (If applicable).
-      placeholder: (eg. Ubuntu 20.04 VPS, installed using official installation script)
+      placeholder: (eg. PHP8.1 on Ubuntu 22.04 VPS, installed using official installation script)
     validations:
       required: true

.github/SECURITY.md

@@ -15,18 +15,13 @@ If you'd like to be notified of new potential security concerns you can [sign-up
 If you've found an issue that likely has no impact to existing users (For example, in a development-only branch)
 feel free to raise it via a standard GitHub bug report issue.
 
-If the issue could have a security impact to BookStack instances, please use one of the below 
-methods to report the vulnerability:
-
-- Directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown). 
-  - You will need to login to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).
-  - Alternatively you can send a DM via Twitter to [@ssddanbrown](https://twitter.com/ssddanbrown).
-- [Disclose via huntr.dev](https://huntr.dev/bounties/disclose)
-  - Bounties may be available to you through this platform.
-  - Be sure to use `https://github.com/BookStackApp/BookStack` as the repository URL.
+If the issue could have a security impact to BookStack instances, 
+please directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown). 
+You will need to log in to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).
+Alternatively you can send a DM via Mastodon to [@danb@fosstodon.org](https://fosstodon.org/@danb).
 
 Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability
 can often take a little time due to the amount of preparation required, to ensure the vulnerability has
 been covered, and to create the content required to adequately notify the user-base.
 
-Thank you for keeping BookStack instances safe!
+Thank you for keeping BookStack instances safe!

.github/translators.txt

@@ -57,6 +57,7 @@ Name :: Languages
 @Jokuna :: Korean
 @smartshogu :: German; German Informal
 @samadha56 :: Persian
+@mrmuminov :: Uzbek
 cipi1965 :: Italian
 Mykola Ronik (Mantikor) :: Ukrainian
 furkanoyk :: Turkish
@@ -176,7 +177,7 @@ Alexander Predl (Harveyhase68) :: German
 Rem (Rem9000) :: Dutch
 Michał Stelmach (stelmach-web) :: Polish
 arniom :: French
-REMOVED_USER :: ; French; Dutch; Turkish
+REMOVED_USER :: French; Dutch; Turkish; 
 林祖年 (contagion) :: Chinese Traditional
 Siamak Guodarzi (siamakgoudarzi88) :: Persian
 Lis Maestrelo (lismtrl) :: Portuguese, Brazilian
@@ -269,7 +270,7 @@ mcgong (GongMingCai) :: Chinese Simplified; Chinese Traditional
 Nanang Setia Budi (sefidananang) :: Indonesian
 Андрей Павлов (andrei.pavlov) :: Russian
 Alex Navarro (alex.n.navarro) :: Portuguese, Brazilian
-Ji-Hyeon Gim (PotatoGim) :: Korean
+Jihyeon Gim (PotatoGim) :: Korean
 Mihai Ochian (soulstorm19) :: Romanian
 HeartCore :: German Informal; German
 simon.pct :: French
@@ -289,7 +290,7 @@ Ismael Mesquita (mesquitoliveira) :: Portuguese, Brazilian
 LiZerui (CNLiZerui) :: Chinese Traditional
 Fabrice Boyer (FabriceBoyer) :: French
 mikael (bitcanon) :: Swedish
-Matthias Mai (schnapsidee) :: German; German Informal
+Matthias Mai (schnapsidee) :: German Informal; German
 Ufuk Ayyıldız (ufukayyildiz) :: Turkish
 Jan Mitrof (jan.kachlik) :: Czech
 edwardsmirnov :: Russian
@@ -327,3 +328,42 @@ H.-H. Peng (Hsins) :: Chinese Traditional
 Mosi  Wang (mosiwang) :: Chinese Traditional
 骆言 (LawssssCat) :: Chinese Simplified
 Stickers Gaming Shøw (StickerSGSHOW) :: French
+Le Van Chinh (Chino) (lvanchinh86) :: Vietnamese
+Rubens nagios (rubenix) :: Catalan
+Patrick Dantas (pa-tiq) :: Portuguese, Brazilian
+Michal (michalgurcik) :: Slovak
+Nepomacs :: German
+Rubens (rubenix) :: Catalan
+m4z :: German; German Informal
+TheRazvy :: Romanian
+Yossi Zilber (lortens) :: Hebrew; Uzbek
+desdinova :: French
+Ingus Rūķis (ingus.rukis) :: Latvian
+Eugene Pershin (SilentEugene) :: Russian
+周盛道 (zhoushengdao) :: Chinese Simplified
+hamidreza amini (hamidrezaamini2022) :: Persian
+Tomislav Kraljević (tomislav.kraljevic) :: Croatian
+Taygun Yıldırım (yildirimtaygun) :: Turkish
+robing29 :: German
+Bruno Eduardo de Jesus Barroso (brunoejb) :: Portuguese, Brazilian
+Igor V Belousov (biv) :: Russian
+David Bauer (davbauer) :: German
+Guttorm Hveem (guttormhveem) :: Norwegian Bokmal; Norwegian Nynorsk
+Minh Giang Truong (minhgiang1204) :: Vietnamese
+Ioannis Ioannides (i.ioannides) :: Greek
+Vadim (vadrozh) :: Russian
+Flip333 :: German Informal; German
+Paulo Henrique (paulohsantos114) :: Portuguese, Brazilian
+Dženan (Dzenan) :: Swedish
+Péter Péli (peter.peli) :: Hungarian
+TWME :: Chinese Traditional
+Sascha (Man-in-Black) :: German
+Mohammadreza Madadi (madadi.efl) :: Persian
+Konstantin Kovacheli (kkovacheli) :: Ukrainian
+link1183 :: French
+Renan (rfpe) :: Portuguese, Brazilian
+Lowkey (bbsweb) :: Chinese Simplified
+ZZnOB (zznobzz) :: Russian
+rupus :: Swedish
+developernecsys :: Norwegian Nynorsk
+xuan LI (xuanli233) :: Chinese Simplified

.github/workflows/analyse-php.yml

@@ -1,6 +1,12 @@
 name: analyse-php
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+  pull_request:
+    paths:
+      - '**.php'
 
 jobs:
   build:

.github/workflows/lint-js.yml

@@ -1,6 +1,14 @@
 name: lint-js
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.js'
+      - '**.json'
+  pull_request:
+    paths:
+      - '**.js'
+      - '**.json'
 
 jobs:
   build:

.github/workflows/lint-php.yml

@@ -1,6 +1,12 @@
 name: lint-php
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+  pull_request:
+    paths:
+      - '**.php'
 
 jobs:
   build:

.github/workflows/test-migrations.yml

@@ -1,6 +1,14 @@
 name: test-migrations
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'composer.*'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'composer.*'
 
 jobs:
   build:

.github/workflows/test-php.yml

@@ -1,6 +1,14 @@
 name: test-php
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'composer.*'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'composer.*'
 
 jobs:
   build:

app/Access/Controllers/ConfirmEmailController.php

@@ -1,14 +1,14 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\EmailConfirmationService;
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\UserRepo;
+use BookStack\Access\EmailConfirmationService;
+use BookStack\Access\LoginService;
 use BookStack\Exceptions\ConfirmationEmailException;
 use BookStack\Exceptions\UserTokenExpiredException;
 use BookStack\Exceptions\UserTokenNotFoundException;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
+use BookStack\Users\UserRepo;
 use Exception;
 use Illuminate\Http\Request;
 

app/Access/Controllers/ForgotPasswordController.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Activity\ActivityType;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Password;
 

app/Access/Controllers/HandlesPartialLogins.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\User;
+use BookStack\Access\LoginService;
 use BookStack\Exceptions\NotFoundException;
+use BookStack\Users\Models\User;
 
 trait HandlesPartialLogins
 {

app/Access/Controllers/LoginController.php

@@ -1,13 +1,13 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\Access\SocialAuthService;
+use BookStack\Access\LoginService;
+use BookStack\Access\SocialAuthService;
 use BookStack\Exceptions\LoginAttemptEmailNeededException;
 use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Facades\Activity;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;

app/Access/Controllers/MfaBackupCodesController.php

@@ -1,14 +1,14 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\Access\Mfa\BackupCodeService;
-use BookStack\Auth\Access\Mfa\MfaSession;
-use BookStack\Auth\Access\Mfa\MfaValue;
+use BookStack\Access\LoginService;
+use BookStack\Access\Mfa\BackupCodeService;
+use BookStack\Access\Mfa\MfaSession;
+use BookStack\Access\Mfa\MfaValue;
+use BookStack\Activity\ActivityType;
 use BookStack\Exceptions\NotFoundException;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
 use Exception;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;

app/Access/Controllers/MfaController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Auth\Access\Mfa\MfaValue;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Access\Mfa\MfaValue;
+use BookStack\Activity\ActivityType;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 
 class MfaController extends Controller

app/Access/Controllers/MfaTotpController.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\Access\Mfa\MfaSession;
-use BookStack\Auth\Access\Mfa\MfaValue;
-use BookStack\Auth\Access\Mfa\TotpService;
-use BookStack\Auth\Access\Mfa\TotpValidationRule;
+use BookStack\Access\LoginService;
+use BookStack\Access\Mfa\MfaSession;
+use BookStack\Access\Mfa\MfaValue;
+use BookStack\Access\Mfa\TotpService;
+use BookStack\Access\Mfa\TotpValidationRule;
+use BookStack\Activity\ActivityType;
 use BookStack\Exceptions\NotFoundException;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
 

app/Access/Controllers/OidcController.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\Oidc\OidcException;
-use BookStack\Auth\Access\Oidc\OidcService;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Access\Oidc\OidcException;
+use BookStack\Access\Oidc\OidcService;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 
 class OidcController extends Controller

app/Access/Controllers/RegisterController.php

@@ -1,13 +1,13 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\Access\RegistrationService;
-use BookStack\Auth\Access\SocialAuthService;
+use BookStack\Access\LoginService;
+use BookStack\Access\RegistrationService;
+use BookStack\Access\SocialAuthService;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Exceptions\UserRegistrationException;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
 use Illuminate\Contracts\Validation\Validator as ValidatorContract;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Validator;

app/Access/Controllers/ResetPasswordController.php

@@ -1,11 +1,11 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\User;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Access\LoginService;
+use BookStack\Activity\ActivityType;
+use BookStack\Http\Controller;
+use BookStack\Users\Models\User;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;

app/Access/Controllers/Saml2Controller.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\Saml2Service;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Access\Saml2Service;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 use Illuminate\Support\Str;
 

app/Access/Controllers/SocialController.php

@@ -1,37 +1,27 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\Access\RegistrationService;
-use BookStack\Auth\Access\SocialAuthService;
+use BookStack\Access\LoginService;
+use BookStack\Access\RegistrationService;
+use BookStack\Access\SocialAuthService;
 use BookStack\Exceptions\SocialDriverNotConfigured;
 use BookStack\Exceptions\SocialSignInAccountNotUsed;
 use BookStack\Exceptions\SocialSignInException;
 use BookStack\Exceptions\UserRegistrationException;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 use Illuminate\Support\Str;
 use Laravel\Socialite\Contracts\User as SocialUser;
 
 class SocialController extends Controller
 {
-    protected SocialAuthService $socialAuthService;
-    protected RegistrationService $registrationService;
-    protected LoginService $loginService;
-
-    /**
-     * SocialController constructor.
-     */
     public function __construct(
-        SocialAuthService $socialAuthService,
-        RegistrationService $registrationService,
-        LoginService $loginService
+        protected SocialAuthService $socialAuthService,
+        protected RegistrationService $registrationService,
+        protected LoginService $loginService,
     ) {
         $this->middleware('guest')->only(['register']);
-        $this->socialAuthService = $socialAuthService;
-        $this->registrationService = $registrationService;
-        $this->loginService = $loginService;
     }
 
     /**
@@ -112,7 +102,7 @@ class SocialController extends Controller
         $this->socialAuthService->detachSocialAccount($socialDriver);
         session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)]));
 
-        return redirect(user()->getEditUrl());
+        return redirect('/my-account/auth#social-accounts');
     }
 
     /**

app/Access/Controllers/ThrottlesLogins.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
 use Illuminate\Cache\RateLimiter;
 use Illuminate\Http\Request;
@@ -71,7 +71,7 @@ trait ThrottlesLogins
      */
     protected function limiter(): RateLimiter
     {
-        return app(RateLimiter::class);
+        return app()->make(RateLimiter::class);
     }
 
     /**

app/Access/Controllers/UserInviteController.php

@@ -1,12 +1,12 @@
 <?php
 
-namespace BookStack\Http\Controllers\Auth;
+namespace BookStack\Access\Controllers;
 
-use BookStack\Auth\Access\UserInviteService;
-use BookStack\Auth\UserRepo;
+use BookStack\Access\UserInviteService;
 use BookStack\Exceptions\UserTokenExpiredException;
 use BookStack\Exceptions\UserTokenNotFoundException;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
+use BookStack\Users\UserRepo;
 use Exception;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;

app/Access/EmailConfirmationService.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Auth\User;
+use BookStack\Access\Notifications\ConfirmEmailNotification;
 use BookStack\Exceptions\ConfirmationEmailException;
-use BookStack\Notifications\ConfirmEmail;
+use BookStack\Users\Models\User;
 
 class EmailConfirmationService extends UserTokenService
 {
@@ -26,7 +26,7 @@ class EmailConfirmationService extends UserTokenService
         $this->deleteByUser($user);
         $token = $this->createTokenForUser($user);
 
-        $user->notify(new ConfirmEmail($token));
+        $user->notify(new ConfirmEmailNotification($token));
     }
 
     /**

app/Access/ExternalBaseUserProvider.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\UserProvider;

app/Access/GroupSyncService.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Auth\Role;
-use BookStack\Auth\User;
+use BookStack\Users\Models\Role;
+use BookStack\Users\Models\User;
 use Illuminate\Support\Collection;
 
 class GroupSyncService

app/Access/Guards/AsyncExternalBaseSessionGuard.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Guards;
+namespace BookStack\Access\Guards;
 
 /**
  * Saml2 Session Guard.

app/Access/Guards/ExternalBaseSessionGuard.php

@@ -1,8 +1,8 @@
 <?php
 
-namespace BookStack\Auth\Access\Guards;
+namespace BookStack\Access\Guards;
 
-use BookStack\Auth\Access\RegistrationService;
+use BookStack\Access\RegistrationService;
 use Illuminate\Auth\GuardHelpers;
 use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
 use Illuminate\Contracts\Auth\StatefulGuard;

app/Access/Guards/LdapSessionGuard.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace BookStack\Auth\Access\Guards;
+namespace BookStack\Access\Guards;
 
-use BookStack\Auth\Access\LdapService;
-use BookStack\Auth\Access\RegistrationService;
-use BookStack\Auth\User;
+use BookStack\Access\LdapService;
+use BookStack\Access\RegistrationService;
 use BookStack\Exceptions\JsonDebugException;
 use BookStack\Exceptions\LdapException;
 use BookStack\Exceptions\LoginAttemptEmailNeededException;
 use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Exceptions\UserRegistrationException;
+use BookStack\Users\Models\User;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Contracts\Session\Session;
 use Illuminate\Support\Str;

app/Access/Ldap.php

@@ -0,0 +1,110 @@
+<?php
+
+namespace BookStack\Access;
+
+/**
+ * Class Ldap
+ * An object-orientated thin abstraction wrapper for common PHP LDAP functions.
+ * Allows the standard LDAP functions to be mocked for testing.
+ */
+class Ldap
+{
+    /**
+     * Connect to an LDAP server.
+     *
+     * @return resource|\LDAP\Connection|false
+     */
+    public function connect(string $hostName)
+    {
+        return ldap_connect($hostName);
+    }
+
+    /**
+     * Set the value of an LDAP option for the given connection.
+     *
+     * @param resource|\LDAP\Connection|null $ldapConnection
+     */
+    public function setOption($ldapConnection, int $option, mixed $value): bool
+    {
+        return ldap_set_option($ldapConnection, $option, $value);
+    }
+
+    /**
+     * Start TLS on the given LDAP connection.
+     */
+    public function startTls($ldapConnection): bool
+    {
+        return ldap_start_tls($ldapConnection);
+    }
+
+    /**
+     * Set the version number for the given LDAP connection.
+     *
+     * @param resource|\LDAP\Connection $ldapConnection
+     */
+    public function setVersion($ldapConnection, int $version): bool
+    {
+        return $this->setOption($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, $version);
+    }
+
+    /**
+     * Search LDAP tree using the provided filter.
+     *
+     * @param resource|\LDAP\Connection   $ldapConnection
+     *
+     * @return resource|\LDAP\Result
+     */
+    public function search($ldapConnection, string $baseDn, string $filter, array $attributes = null)
+    {
+        return ldap_search($ldapConnection, $baseDn, $filter, $attributes);
+    }
+
+    /**
+     * Get entries from an LDAP search result.
+     *
+     * @param resource|\LDAP\Connection $ldapConnection
+     * @param resource|\LDAP\Result $ldapSearchResult
+     */
+    public function getEntries($ldapConnection, $ldapSearchResult): array|false
+    {
+        return ldap_get_entries($ldapConnection, $ldapSearchResult);
+    }
+
+    /**
+     * Search and get entries immediately.
+     *
+     * @param resource|\LDAP\Connection   $ldapConnection
+     */
+    public function searchAndGetEntries($ldapConnection, string $baseDn, string $filter, array $attributes = null): array|false
+    {
+        $search = $this->search($ldapConnection, $baseDn, $filter, $attributes);
+
+        return $this->getEntries($ldapConnection, $search);
+    }
+
+    /**
+     * Bind to LDAP directory.
+     *
+     * @param resource|\LDAP\Connection $ldapConnection
+     */
+    public function bind($ldapConnection, string $bindRdn = null, string $bindPassword = null): bool
+    {
+        return ldap_bind($ldapConnection, $bindRdn, $bindPassword);
+    }
+
+    /**
+     * Explode an LDAP dn string into an array of components.
+     */
+    public function explodeDn(string $dn, int $withAttrib): array|false
+    {
+        return ldap_explode_dn($dn, $withAttrib);
+    }
+
+    /**
+     * Escape a string for use in an LDAP filter.
+     */
+    public function escape(string $value, string $ignore = '', int $flags = 0): string
+    {
+        return ldap_escape($value, $ignore, $flags);
+    }
+}

app/Access/LdapService.php

@@ -1,11 +1,11 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Auth\User;
 use BookStack\Exceptions\JsonDebugException;
 use BookStack\Exceptions\LdapException;
 use BookStack\Uploads\UserAvatars;
+use BookStack\Users\Models\User;
 use ErrorException;
 use Illuminate\Support\Facades\Log;
 
@@ -15,26 +15,19 @@ use Illuminate\Support\Facades\Log;
  */
 class LdapService
 {
-    protected Ldap $ldap;
-    protected GroupSyncService $groupSyncService;
-    protected UserAvatars $userAvatars;
-
     /**
-     * @var resource
+     * @var resource|\LDAP\Connection
      */
     protected $ldapConnection;
 
     protected array $config;
     protected bool $enabled;
 
-    /**
-     * LdapService constructor.
-     */
-    public function __construct(Ldap $ldap, UserAvatars $userAvatars, GroupSyncService $groupSyncService)
-    {
-        $this->ldap = $ldap;
-        $this->userAvatars = $userAvatars;
-        $this->groupSyncService = $groupSyncService;
+    public function __construct(
+        protected Ldap $ldap,
+        protected UserAvatars $userAvatars,
+        protected GroupSyncService $groupSyncService
+    ) {
         $this->config = config('services.ldap');
         $this->enabled = config('auth.method') === 'ldap';
     }
@@ -59,7 +52,7 @@ class LdapService
 
         // Clean attributes
         foreach ($attributes as $index => $attribute) {
-            if (strpos($attribute, 'BIN;') === 0) {
+            if (str_starts_with($attribute, 'BIN;')) {
                 $attributes[$index] = substr($attribute, strlen('BIN;'));
             }
         }
@@ -82,7 +75,7 @@ class LdapService
      * Get the details of a user from LDAP using the given username.
      * User found via configurable user filter.
      *
-     * @throws LdapException
+     * @throws LdapException|JsonDebugException
      */
     public function getUserDetails(string $userName): ?array
     {
@@ -126,7 +119,7 @@ class LdapService
      */
     protected function getUserResponseProperty(array $userDetails, string $propertyKey, $defaultValue)
     {
-        $isBinary = strpos($propertyKey, 'BIN;') === 0;
+        $isBinary = str_starts_with($propertyKey, 'BIN;');
         $propertyKey = strtolower($propertyKey);
         $value = $defaultValue;
 
@@ -170,11 +163,11 @@ class LdapService
      * Bind the system user to the LDAP connection using the given credentials
      * otherwise anonymous access is attempted.
      *
-     * @param resource $connection
+     * @param resource|\LDAP\Connection $connection
      *
      * @throws LdapException
      */
-    protected function bindSystemUser($connection)
+    protected function bindSystemUser($connection): void
     {
         $ldapDn = $this->config['dn'];
         $ldapPass = $this->config['pass'];
@@ -197,7 +190,7 @@ class LdapService
      *
      * @throws LdapException
      *
-     * @return resource
+     * @return resource|\LDAP\Connection
      */
     protected function getConnection()
     {
@@ -216,8 +209,8 @@ class LdapService
             $this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
         }
 
-        $serverDetails = $this->parseServerString($this->config['server']);
-        $ldapConnection = $this->ldap->connect($serverDetails['host'], $serverDetails['port']);
+        $ldapHost = $this->parseServerString($this->config['server']);
+        $ldapConnection = $this->ldap->connect($ldapHost);
 
         if ($ldapConnection === false) {
             throw new LdapException(trans('errors.ldap_cannot_connect'));
@@ -242,23 +235,16 @@ class LdapService
     }
 
     /**
-     * Parse a LDAP server string and return the host and port for a connection.
+     * Parse an LDAP server string and return the host suitable for a connection.
      * Is flexible to formats such as 'ldap.example.com:8069' or 'ldaps://ldap.example.com'.
      */
-    protected function parseServerString(string $serverString): array
+    protected function parseServerString(string $serverString): string
     {
-        $serverNameParts = explode(':', $serverString);
-
-        // If we have a protocol just return the full string since PHP will ignore a separate port.
-        if ($serverNameParts[0] === 'ldaps' || $serverNameParts[0] === 'ldap') {
-            return ['host' => $serverString, 'port' => 389];
+        if (str_starts_with($serverString, 'ldaps://') || str_starts_with($serverString, 'ldap://')) {
+            return $serverString;
         }
 
-        // Otherwise, extract the port out
-        $hostName = $serverNameParts[0];
-        $ldapPort = (count($serverNameParts) > 1) ? intval($serverNameParts[1]) : 389;
-
-        return ['host' => $hostName, 'port' => $ldapPort];
+        return "ldap://{$serverString}";
     }
 
     /**
@@ -386,7 +372,7 @@ class LdapService
      * @throws LdapException
      * @throws JsonDebugException
      */
-    public function syncGroups(User $user, string $username)
+    public function syncGroups(User $user, string $username): void
     {
         $userLdapGroups = $this->getUserGroups($username);
         $this->groupSyncService->syncUserWithFoundGroups($user, $userLdapGroups, $this->config['remove_from_groups']);

app/Access/LoginService.php

@@ -1,15 +1,15 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Auth\Access\Mfa\MfaSession;
-use BookStack\Auth\User;
+use BookStack\Access\Mfa\MfaSession;
+use BookStack\Activity\ActivityType;
 use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Facades\Activity;
 use BookStack\Facades\Theme;
 use BookStack\Theming\ThemeEvents;
+use BookStack\Users\Models\User;
 use Exception;
 
 class LoginService

app/Access/Mfa/BackupCodeService.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Mfa;
+namespace BookStack\Access\Mfa;
 
 use Illuminate\Support\Str;
 

app/Access/Mfa/MfaSession.php

@@ -1,8 +1,8 @@
 <?php
 
-namespace BookStack\Auth\Access\Mfa;
+namespace BookStack\Access\Mfa;
 
-use BookStack\Auth\User;
+use BookStack\Users\Models\User;
 
 class MfaSession
 {

app/Access/Mfa/MfaValue.php

@@ -1,8 +1,8 @@
 <?php
 
-namespace BookStack\Auth\Access\Mfa;
+namespace BookStack\Access\Mfa;
 
-use BookStack\Auth\User;
+use BookStack\Users\Models\User;
 use Carbon\Carbon;
 use Illuminate\Database\Eloquent\Model;
 

app/Access/Mfa/TotpService.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Mfa;
+namespace BookStack\Access\Mfa;
 
 use BaconQrCode\Renderer\Color\Rgb;
 use BaconQrCode\Renderer\Image\SvgImageBackEnd;
@@ -8,7 +8,7 @@ use BaconQrCode\Renderer\ImageRenderer;
 use BaconQrCode\Renderer\RendererStyle\Fill;
 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
 use BaconQrCode\Writer;
-use BookStack\Auth\User;
+use BookStack\Users\Models\User;
 use PragmaRX\Google2FA\Google2FA;
 use PragmaRX\Google2FA\Support\Constants;
 

app/Access/Mfa/TotpValidationRule.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Mfa;
+namespace BookStack\Access\Mfa;
 
 use Illuminate\Contracts\Validation\Rule;
 

app/Access/Notifications/ConfirmEmailNotification.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace BookStack\Access\Notifications;
+
+use BookStack\App\MailNotification;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class ConfirmEmailNotification extends MailNotification
+{
+    public function __construct(
+        public string $token
+    ) {
+    }
+
+    public function toMail(User $notifiable): MailMessage
+    {
+        $appName = ['appName' => setting('app-name')];
+
+        return $this->newMailMessage()
+                ->subject(trans('auth.email_confirm_subject', $appName))
+                ->greeting(trans('auth.email_confirm_greeting', $appName))
+                ->line(trans('auth.email_confirm_text'))
+                ->action(trans('auth.email_confirm_action'), url('/register/confirm/' . $this->token));
+    }
+}

app/Access/Notifications/ResetPasswordNotification.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace BookStack\Access\Notifications;
+
+use BookStack\App\MailNotification;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class ResetPasswordNotification extends MailNotification
+{
+    public function __construct(
+        public string $token
+    ) {
+    }
+
+    public function toMail(User $notifiable): MailMessage
+    {
+        return $this->newMailMessage()
+            ->subject(trans('auth.email_reset_subject', ['appName' => setting('app-name')]))
+            ->line(trans('auth.email_reset_text'))
+            ->action(trans('auth.reset_password'), url('password/reset/' . $this->token))
+            ->line(trans('auth.email_reset_not_requested'));
+    }
+}

app/Access/Notifications/UserInviteNotification.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace BookStack\Access\Notifications;
+
+use BookStack\App\MailNotification;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class UserInviteNotification extends MailNotification
+{
+    public function __construct(
+        public string $token
+    ) {
+    }
+
+    public function toMail(User $notifiable): MailMessage
+    {
+        $appName = ['appName' => setting('app-name')];
+        $locale = $notifiable->getLocale();
+
+        return $this->newMailMessage($locale)
+                ->subject($locale->trans('auth.user_invite_email_subject', $appName))
+                ->greeting($locale->trans('auth.user_invite_email_greeting', $appName))
+                ->line($locale->trans('auth.user_invite_email_text'))
+                ->action($locale->trans('auth.user_invite_email_action'), url('/register/invite/' . $this->token));
+    }
+}

app/Access/Oidc/OidcAccessToken.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 use InvalidArgumentException;
 use League\OAuth2\Client\Token\AccessToken;

app/Access/Oidc/OidcException.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 use Exception;
 

app/Access/Oidc/OidcIdToken.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 class OidcIdToken
 {

app/Access/Oidc/OidcInvalidKeyException.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 class OidcInvalidKeyException extends \Exception
 {

app/Access/Oidc/OidcInvalidTokenException.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 use Exception;
 

app/Access/Oidc/OidcIssuerDiscoveryException.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 use Exception;
 

app/Access/Oidc/OidcJwtSigningKey.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 use phpseclib3\Crypt\Common\PublicKey;
 use phpseclib3\Crypt\PublicKeyLoader;

app/Access/Oidc/OidcOAuthProvider.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 use League\OAuth2\Client\Grant\AbstractGrant;
 use League\OAuth2\Client\Provider\AbstractProvider;
@@ -20,15 +20,8 @@ class OidcOAuthProvider extends AbstractProvider
 {
     use BearerAuthorizationTrait;
 
-    /**
-     * @var string
-     */
-    protected $authorizationEndpoint;
-
-    /**
-     * @var string
-     */
-    protected $tokenEndpoint;
+    protected string $authorizationEndpoint;
+    protected string $tokenEndpoint;
 
     /**
      * Scopes to use for the OIDC authorization call.
@@ -60,7 +53,7 @@ class OidcOAuthProvider extends AbstractProvider
     }
 
     /**
-     * Add an additional scope to this provider upon the default.
+     * Add another scope to this provider upon the default.
      */
     public function addScope(string $scope): void
     {

app/Access/Oidc/OidcProviderSettings.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
 use GuzzleHttp\Psr7\Request;
 use Illuminate\Contracts\Cache\Repository;
@@ -59,7 +59,7 @@ class OidcProviderSettings
             }
         }
 
-        if (strpos($this->issuer, 'https://') !== 0) {
+        if (!str_starts_with($this->issuer, 'https://')) {
             throw new InvalidArgumentException('Issuer value must start with https://');
         }
     }

app/Access/Oidc/OidcService.php

@@ -1,21 +1,21 @@
 <?php
 
-namespace BookStack\Auth\Access\Oidc;
+namespace BookStack\Access\Oidc;
 
-use BookStack\Auth\Access\GroupSyncService;
-use BookStack\Auth\Access\LoginService;
-use BookStack\Auth\Access\RegistrationService;
-use BookStack\Auth\User;
+use BookStack\Access\GroupSyncService;
+use BookStack\Access\LoginService;
+use BookStack\Access\RegistrationService;
 use BookStack\Exceptions\JsonDebugException;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Facades\Theme;
+use BookStack\Http\HttpRequestService;
 use BookStack\Theming\ThemeEvents;
+use BookStack\Users\Models\User;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Facades\Cache;
 use League\OAuth2\Client\OptionProvider\HttpBasicAuthOptionProvider;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
-use Psr\Http\Client\ClientInterface as HttpClient;
 
 /**
  * Class OpenIdConnectService
@@ -26,7 +26,7 @@ class OidcService
     public function __construct(
         protected RegistrationService $registrationService,
         protected LoginService $loginService,
-        protected HttpClient $httpClient,
+        protected HttpRequestService $http,
         protected GroupSyncService $groupService
     ) {
     }
@@ -94,7 +94,7 @@ class OidcService
         // Run discovery
         if ($config['discover'] ?? false) {
             try {
-                $settings->discoverFromIssuer($this->httpClient, Cache::store(null), 15);
+                $settings->discoverFromIssuer($this->http->buildClient(5), Cache::store(null), 15);
             } catch (OidcIssuerDiscoveryException $exception) {
                 throw new OidcException('OIDC Discovery Error: ' . $exception->getMessage());
             }
@@ -111,7 +111,7 @@ class OidcService
     protected function getProvider(OidcProviderSettings $settings): OidcOAuthProvider
     {
         $provider = new OidcOAuthProvider($settings->arrayForProvider(), [
-            'httpClient'     => $this->httpClient,
+            'httpClient'     => $this->http->buildClient(5),
             'optionProvider' => new HttpBasicAuthOptionProvider(),
         ]);
 
@@ -142,10 +142,11 @@ class OidcService
      */
     protected function getUserDisplayName(OidcIdToken $token, string $defaultValue): string
     {
-        $displayNameAttr = $this->config()['display_name_claims'];
+        $displayNameAttrString = $this->config()['display_name_claims'] ?? '';
+        $displayNameAttrs = explode('|', $displayNameAttrString);
 
         $displayName = [];
-        foreach ($displayNameAttr as $dnAttr) {
+        foreach ($displayNameAttrs as $dnAttr) {
             $dnComponent = $token->getClaim($dnAttr) ?? '';
             if ($dnComponent !== '') {
                 $displayName[] = $dnComponent;

app/Access/RegistrationService.php

@@ -1,15 +1,14 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Auth\SocialAccount;
-use BookStack\Auth\User;
-use BookStack\Auth\UserRepo;
+use BookStack\Activity\ActivityType;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Facades\Activity;
 use BookStack\Facades\Theme;
 use BookStack\Theming\ThemeEvents;
+use BookStack\Users\Models\User;
+use BookStack\Users\UserRepo;
 use Exception;
 use Illuminate\Support\Str;
 

app/Access/Saml2Service.php

@@ -1,12 +1,12 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Auth\User;
 use BookStack\Exceptions\JsonDebugException;
 use BookStack\Exceptions\SamlException;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Exceptions\UserRegistrationException;
+use BookStack\Users\Models\User;
 use Exception;
 use OneLogin\Saml2\Auth;
 use OneLogin\Saml2\Constants;

app/Access/SocialAccount.php

@@ -1,9 +1,10 @@
 <?php
 
-namespace BookStack\Auth;
+namespace BookStack\Access;
 
-use BookStack\Interfaces\Loggable;
-use BookStack\Model;
+use BookStack\Activity\Models\Loggable;
+use BookStack\App\Model;
+use BookStack\Users\Models\User;
 
 /**
  * Class SocialAccount.

app/Access/SocialAuthService.php

@@ -1,12 +1,12 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Auth\SocialAccount;
-use BookStack\Auth\User;
+use BookStack\Auth\Access\handler;
 use BookStack\Exceptions\SocialDriverNotConfigured;
 use BookStack\Exceptions\SocialSignInAccountNotUsed;
 use BookStack\Exceptions\UserRegistrationException;
+use BookStack\Users\Models\User;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Str;
 use Laravel\Socialite\Contracts\Factory as Socialite;
@@ -154,21 +154,21 @@ class SocialAuthService
             $currentUser->socialAccounts()->save($account);
             session()->flash('success', trans('settings.users_social_connected', ['socialAccount' => $titleCaseDriver]));
 
-            return redirect($currentUser->getEditUrl());
+            return redirect('/my-account/auth#social_accounts');
         }
 
         // When a user is logged in and the social account exists and is already linked to the current user.
         if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id === $currentUser->id) {
             session()->flash('error', trans('errors.social_account_existing', ['socialAccount' => $titleCaseDriver]));
 
-            return redirect($currentUser->getEditUrl());
+            return redirect('/my-account/auth#social_accounts');
         }
 
         // When a user is logged in, A social account exists but the users do not match.
         if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id != $currentUser->id) {
             session()->flash('error', trans('errors.social_account_already_used_existing', ['socialAccount' => $titleCaseDriver]));
 
-            return redirect($currentUser->getEditUrl());
+            return redirect('/my-account/auth#social_accounts');
         }
 
         // Otherwise let the user know this social account is not used by anyone.
@@ -214,6 +214,7 @@ class SocialAuthService
 
     /**
      * Gets the names of the active social drivers.
+     * @returns array<string, string>
      */
     public function getActiveDrivers(): array
     {

app/Access/UserInviteService.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Auth\User;
-use BookStack\Notifications\UserInvite;
+use BookStack\Access\Notifications\UserInviteNotification;
+use BookStack\Users\Models\User;
 
 class UserInviteService extends UserTokenService
 {
@@ -18,6 +18,6 @@ class UserInviteService extends UserTokenService
     {
         $this->deleteByUser($user);
         $token = $this->createTokenForUser($user);
-        $user->notify(new UserInvite($token));
+        $user->notify(new UserInviteNotification($token));
     }
 }

app/Access/UserTokenService.php

@@ -1,10 +1,10 @@
 <?php
 
-namespace BookStack\Auth\Access;
+namespace BookStack\Access;
 
-use BookStack\Auth\User;
 use BookStack\Exceptions\UserTokenExpiredException;
 use BookStack\Exceptions\UserTokenNotFoundException;
+use BookStack\Users\Models\User;
 use Carbon\Carbon;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Str;

app/Actions/Comment.php

@@ -1,60 +0,0 @@
-<?php
-
-namespace BookStack\Actions;
-
-use BookStack\Model;
-use BookStack\Traits\HasCreatorAndUpdater;
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Relations\MorphTo;
-
-/**
- * @property int      $id
- * @property string   $text
- * @property string   $html
- * @property int|null $parent_id
- * @property int      $local_id
- */
-class Comment extends Model
-{
-    use HasFactory;
-    use HasCreatorAndUpdater;
-
-    protected $fillable = ['text', 'parent_id'];
-    protected $appends = ['created', 'updated'];
-
-    /**
-     * Get the entity that this comment belongs to.
-     */
-    public function entity(): MorphTo
-    {
-        return $this->morphTo('entity');
-    }
-
-    /**
-     * Check if a comment has been updated since creation.
-     */
-    public function isUpdated(): bool
-    {
-        return $this->updated_at->timestamp > $this->created_at->timestamp;
-    }
-
-    /**
-     * Get created date as a relative diff.
-     *
-     * @return mixed
-     */
-    public function getCreatedAttribute()
-    {
-        return $this->created_at->diffForHumans();
-    }
-
-    /**
-     * Get updated date as a relative diff.
-     *
-     * @return mixed
-     */
-    public function getUpdatedAttribute()
-    {
-        return $this->updated_at->diffForHumans();
-    }
-}

app/Actions/DispatchWebhookJob.php

@@ -1,82 +0,0 @@
-<?php
-
-namespace BookStack\Actions;
-
-use BookStack\Auth\User;
-use BookStack\Facades\Theme;
-use BookStack\Interfaces\Loggable;
-use BookStack\Theming\ThemeEvents;
-use Illuminate\Bus\Queueable;
-use Illuminate\Contracts\Queue\ShouldQueue;
-use Illuminate\Foundation\Bus\Dispatchable;
-use Illuminate\Queue\InteractsWithQueue;
-use Illuminate\Queue\SerializesModels;
-use Illuminate\Support\Facades\Http;
-use Illuminate\Support\Facades\Log;
-
-class DispatchWebhookJob implements ShouldQueue
-{
-    use Dispatchable;
-    use InteractsWithQueue;
-    use Queueable;
-    use SerializesModels;
-
-    protected Webhook $webhook;
-    protected string $event;
-    protected User $initiator;
-    protected int $initiatedTime;
-
-    /**
-     * @var string|Loggable
-     */
-    protected $detail;
-
-    /**
-     * Create a new job instance.
-     *
-     * @return void
-     */
-    public function __construct(Webhook $webhook, string $event, $detail)
-    {
-        $this->webhook = $webhook;
-        $this->event = $event;
-        $this->detail = $detail;
-        $this->initiator = user();
-        $this->initiatedTime = time();
-    }
-
-    /**
-     * Execute the job.
-     *
-     * @return void
-     */
-    public function handle()
-    {
-        $themeResponse = Theme::dispatch(ThemeEvents::WEBHOOK_CALL_BEFORE, $this->event, $this->webhook, $this->detail, $this->initiator, $this->initiatedTime);
-        $webhookData = $themeResponse ?? WebhookFormatter::getDefault($this->event, $this->webhook, $this->detail, $this->initiator, $this->initiatedTime)->format();
-        $lastError = null;
-
-        try {
-            $response = Http::asJson()
-                ->withOptions(['allow_redirects' => ['strict' => true]])
-                ->timeout($this->webhook->timeout)
-                ->post($this->webhook->endpoint, $webhookData);
-        } catch (\Exception $exception) {
-            $lastError = $exception->getMessage();
-            Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with error \"{$lastError}\"");
-        }
-
-        if (isset($response) && $response->failed()) {
-            $lastError = "Response status from endpoint was {$response->status()}";
-            Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with status {$response->status()}");
-        }
-
-        $this->webhook->last_called_at = now();
-        if ($lastError) {
-            $this->webhook->last_errored_at = now();
-            $this->webhook->last_error = $lastError;
-        }
-
-        $this->webhook->save();
-    }
-}

app/Activity/ActivityQueries.php

@@ -1,13 +1,14 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity;
 
-use BookStack\Auth\Permissions\PermissionApplicator;
-use BookStack\Auth\User;
+use BookStack\Activity\Models\Activity;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\Page;
+use BookStack\Permissions\PermissionApplicator;
+use BookStack\Users\Models\User;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Relations\Relation;
 

app/Activity/ActivityType.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity;
 
 class ActivityType
 {
@@ -27,6 +27,10 @@ class ActivityType
     const BOOKSHELF_DELETE = 'bookshelf_delete';
 
     const COMMENTED_ON = 'commented_on';
+    const COMMENT_CREATE = 'comment_create';
+    const COMMENT_UPDATE = 'comment_update';
+    const COMMENT_DELETE = 'comment_delete';
+
     const PERMISSIONS_UPDATE = 'permissions_update';
 
     const REVISION_RESTORE = 'revision_restore';

app/Activity/CommentRepo.php

@@ -1,32 +1,20 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity;
 
+use BookStack\Activity\Models\Comment;
 use BookStack\Entities\Models\Entity;
 use BookStack\Facades\Activity as ActivityService;
 use League\CommonMark\CommonMarkConverter;
 
-/**
- * Class CommentRepo.
- */
 class CommentRepo
 {
-    /**
-     * @var Comment
-     */
-    protected $comment;
-
-    public function __construct(Comment $comment)
-    {
-        $this->comment = $comment;
-    }
-
     /**
      * Get a comment by ID.
      */
     public function getById(int $id): Comment
     {
-        return $this->comment->newQuery()->findOrFail($id);
+        return Comment::query()->findOrFail($id);
     }
 
     /**
@@ -35,7 +23,7 @@ class CommentRepo
     public function create(Entity $entity, string $text, ?int $parent_id): Comment
     {
         $userId = user()->id;
-        $comment = $this->comment->newInstance();
+        $comment = new Comment();
 
         $comment->text = $text;
         $comment->html = $this->commentToHtml($text);
@@ -45,6 +33,7 @@ class CommentRepo
         $comment->parent_id = $parent_id;
 
         $entity->comments()->save($comment);
+        ActivityService::add(ActivityType::COMMENT_CREATE, $comment);
         ActivityService::add(ActivityType::COMMENTED_ON, $entity);
 
         return $comment;
@@ -60,6 +49,8 @@ class CommentRepo
         $comment->html = $this->commentToHtml($text);
         $comment->save();
 
+        ActivityService::add(ActivityType::COMMENT_UPDATE, $comment);
+
         return $comment;
     }
 
@@ -69,6 +60,8 @@ class CommentRepo
     public function delete(Comment $comment): void
     {
         $comment->delete();
+
+        ActivityService::add(ActivityType::COMMENT_DELETE, $comment);
     }
 
     /**
@@ -82,7 +75,7 @@ class CommentRepo
             'allow_unsafe_links' => false,
         ]);
 
-        return $converter->convertToHtml($commentText);
+        return $converter->convert($commentText);
     }
 
     /**
@@ -90,9 +83,8 @@ class CommentRepo
      */
     protected function getNextLocalId(Entity $entity): int
     {
-        /** @var Comment $comment */
-        $comment = $entity->comments(false)->orderBy('local_id', 'desc')->first();
+        $currentMaxId = $entity->comments()->max('local_id');
 
-        return ($comment->local_id ?? 0) + 1;
+        return $currentMaxId + 1;
     }
 }

app/Activity/Controllers/AuditLogController.php

@@ -1,12 +1,12 @@
 <?php
 
-namespace BookStack\Http\Controllers;
+namespace BookStack\Activity\Controllers;
 
-use BookStack\Actions\Activity;
-use BookStack\Actions\ActivityType;
+use BookStack\Activity\ActivityType;
+use BookStack\Activity\Models\Activity;
+use BookStack\Http\Controller;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\DB;
 
 class AuditLogController extends Controller
 {

app/Activity/Controllers/CommentController.php

@@ -1,19 +1,18 @@
 <?php
 
-namespace BookStack\Http\Controllers;
+namespace BookStack\Activity\Controllers;
 
-use BookStack\Actions\CommentRepo;
+use BookStack\Activity\CommentRepo;
 use BookStack\Entities\Models\Page;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
 
 class CommentController extends Controller
 {
-    protected $commentRepo;
-
-    public function __construct(CommentRepo $commentRepo)
-    {
-        $this->commentRepo = $commentRepo;
+    public function __construct(
+        protected CommentRepo $commentRepo
+    ) {
     }
 
     /**
@@ -42,7 +41,13 @@ class CommentController extends Controller
         $this->checkPermission('comment-create-all');
         $comment = $this->commentRepo->create($page, $request->get('text'), $request->get('parent_id'));
 
-        return view('comments.comment', ['comment' => $comment]);
+        return view('comments.comment-branch', [
+            'readOnly' => false,
+            'branch' => [
+                'comment' => $comment,
+                'children' => [],
+            ]
+        ]);
     }
 
     /**
@@ -62,7 +67,7 @@ class CommentController extends Controller
 
         $comment = $this->commentRepo->update($comment, $request->get('text'));
 
-        return view('comments.comment', ['comment' => $comment]);
+        return view('comments.comment', ['comment' => $comment, 'readOnly' => false]);
     }
 
     /**

app/Activity/Controllers/FavouriteController.php

@@ -1,15 +1,22 @@
 <?php
 
-namespace BookStack\Http\Controllers;
+namespace BookStack\Activity\Controllers;
 
+use BookStack\Activity\Models\Favouritable;
+use BookStack\App\Model;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Queries\TopFavourites;
-use BookStack\Interfaces\Favouritable;
-use BookStack\Model;
+use BookStack\Entities\Tools\MixedEntityRequestHelper;
+use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 
 class FavouriteController extends Controller
 {
+    public function __construct(
+        protected MixedEntityRequestHelper $entityHelper,
+    ) {
+    }
+
     /**
      * Show a listing of all favourite items for the current user.
      */
@@ -35,13 +42,14 @@ class FavouriteController extends Controller
      */
     public function add(Request $request)
     {
-        $favouritable = $this->getValidatedModelFromRequest($request);
-        $favouritable->favourites()->firstOrCreate([
+        $modelInfo = $this->validate($request, $this->entityHelper->validationRules());
+        $entity = $this->entityHelper->getVisibleEntityFromRequestData($modelInfo);
+        $entity->favourites()->firstOrCreate([
             'user_id' => user()->id,
         ]);
 
         $this->showSuccessNotification(trans('activities.favourite_add_notification', [
-            'name' => $favouritable->name,
+            'name' => $entity->name,
         ]));
 
         return redirect()->back();
@@ -52,48 +60,16 @@ class FavouriteController extends Controller
      */
     public function remove(Request $request)
     {
-        $favouritable = $this->getValidatedModelFromRequest($request);
-        $favouritable->favourites()->where([
+        $modelInfo = $this->validate($request, $this->entityHelper->validationRules());
+        $entity = $this->entityHelper->getVisibleEntityFromRequestData($modelInfo);
+        $entity->favourites()->where([
             'user_id' => user()->id,
         ])->delete();
 
         $this->showSuccessNotification(trans('activities.favourite_remove_notification', [
-            'name' => $favouritable->name,
+            'name' => $entity->name,
         ]));
 
         return redirect()->back();
     }
-
-    /**
-     * @throws \Illuminate\Validation\ValidationException
-     * @throws \Exception
-     */
-    protected function getValidatedModelFromRequest(Request $request): Entity
-    {
-        $modelInfo = $this->validate($request, [
-            'type' => ['required', 'string'],
-            'id'   => ['required', 'integer'],
-        ]);
-
-        if (!class_exists($modelInfo['type'])) {
-            throw new \Exception('Model not found');
-        }
-
-        /** @var Model $model */
-        $model = new $modelInfo['type']();
-        if (!$model instanceof Favouritable) {
-            throw new \Exception('Model not favouritable');
-        }
-
-        $modelInstance = $model->newQuery()
-            ->where('id', '=', $modelInfo['id'])
-            ->first(['id', 'name', 'owned_by']);
-
-        $inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
-        if (is_null($modelInstance) || $inaccessibleEntity) {
-            throw new \Exception('Model instance not found');
-        }
-
-        return $modelInstance;
-    }
 }

app/Activity/Controllers/TagController.php

@@ -1,8 +1,9 @@
 <?php
 
-namespace BookStack\Http\Controllers;
+namespace BookStack\Activity\Controllers;
 
-use BookStack\Actions\TagRepo;
+use BookStack\Activity\TagRepo;
+use BookStack\Http\Controller;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Http\Request;
 

app/Activity/Controllers/WatchController.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace BookStack\Activity\Controllers;
+
+use BookStack\Activity\Tools\UserEntityWatchOptions;
+use BookStack\Entities\Tools\MixedEntityRequestHelper;
+use BookStack\Http\Controller;
+use Illuminate\Http\Request;
+
+class WatchController extends Controller
+{
+    public function update(Request $request, MixedEntityRequestHelper $entityHelper)
+    {
+        $this->checkPermission('receive-notifications');
+        $this->preventGuestAccess();
+
+        $requestData = $this->validate($request, array_merge([
+            'level' => ['required', 'string'],
+        ], $entityHelper->validationRules()));
+
+        $watchable = $entityHelper->getVisibleEntityFromRequestData($requestData);
+        $watchOptions = new UserEntityWatchOptions(user(), $watchable);
+        $watchOptions->updateLevelByName($requestData['level']);
+
+        $this->showSuccessNotification(trans('activities.watch_update_level_notification'));
+
+        return redirect()->back();
+    }
+}

app/Activity/Controllers/WebhookController.php

@@ -1,10 +1,11 @@
 <?php
 
-namespace BookStack\Http\Controllers;
+namespace BookStack\Activity\Controllers;
 
-use BookStack\Actions\ActivityType;
-use BookStack\Actions\Queries\WebhooksAllPaginatedAndSorted;
-use BookStack\Actions\Webhook;
+use BookStack\Activity\ActivityType;
+use BookStack\Activity\Models\Webhook;
+use BookStack\Activity\Queries\WebhooksAllPaginatedAndSorted;
+use BookStack\Http\Controller;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Http\Request;
 

app/Activity/DispatchWebhookJob.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace BookStack\Activity;
+
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Models\Webhook;
+use BookStack\Activity\Tools\WebhookFormatter;
+use BookStack\Facades\Theme;
+use BookStack\Http\HttpRequestService;
+use BookStack\Theming\ThemeEvents;
+use BookStack\Users\Models\User;
+use BookStack\Util\SsrUrlValidator;
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Facades\Log;
+
+class DispatchWebhookJob implements ShouldQueue
+{
+    use Dispatchable;
+    use InteractsWithQueue;
+    use Queueable;
+    use SerializesModels;
+
+    protected Webhook $webhook;
+    protected User $initiator;
+    protected int $initiatedTime;
+    protected array $webhookData;
+
+    /**
+     * Create a new job instance.
+     *
+     * @return void
+     */
+    public function __construct(Webhook $webhook, string $event, Loggable|string $detail)
+    {
+        $this->webhook = $webhook;
+        $this->initiator = user();
+        $this->initiatedTime = time();
+
+        $themeResponse = Theme::dispatch(ThemeEvents::WEBHOOK_CALL_BEFORE, $event, $this->webhook, $detail, $this->initiator, $this->initiatedTime);
+        $this->webhookData =  $themeResponse ?? WebhookFormatter::getDefault($event, $this->webhook, $detail, $this->initiator, $this->initiatedTime)->format();
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle(HttpRequestService $http)
+    {
+        $lastError = null;
+
+        try {
+            (new SsrUrlValidator())->ensureAllowed($this->webhook->endpoint);
+
+            $client = $http->buildClient($this->webhook->timeout, [
+                'connect_timeout' => 10,
+                'allow_redirects' => ['strict' => true],
+            ]);
+
+            $response = $client->sendRequest($http->jsonRequest('POST', $this->webhook->endpoint, $this->webhookData));
+            $statusCode = $response->getStatusCode();
+
+            if ($statusCode >= 400) {
+                $lastError = "Response status from endpoint was {$statusCode}";
+                Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with status {$statusCode}");
+            }
+        } catch (\Exception $error) {
+            $lastError = $error->getMessage();
+            Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with error \"{$lastError}\"");
+        }
+
+        $this->webhook->last_called_at = now();
+        if ($lastError) {
+            $this->webhook->last_errored_at = now();
+            $this->webhook->last_error = $lastError;
+        }
+
+        $this->webhook->save();
+    }
+}

app/Activity/Models/Activity.php

@@ -1,11 +1,11 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Models;
 
-use BookStack\Auth\Permissions\JointPermission;
-use BookStack\Auth\User;
+use BookStack\App\Model;
 use BookStack\Entities\Models\Entity;
-use BookStack\Model;
+use BookStack\Permissions\Models\JointPermission;
+use BookStack\Users\Models\User;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\MorphTo;
@@ -19,6 +19,8 @@ use Illuminate\Support\Str;
  * @property string $entity_type
  * @property int    $entity_id
  * @property int    $user_id
+ * @property Carbon $created_at
+ * @property Carbon $updated_at
  */
 class Activity extends Model
 {

app/Activity/Models/Comment.php

@@ -0,0 +1,76 @@
+<?php
+
+namespace BookStack\Activity\Models;
+
+use BookStack\App\Model;
+use BookStack\Users\Models\HasCreatorAndUpdater;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\Eloquent\Relations\MorphTo;
+
+/**
+ * @property int      $id
+ * @property string   $text
+ * @property string   $html
+ * @property int|null $parent_id  - Relates to local_id, not id
+ * @property int      $local_id
+ * @property string   $entity_type
+ * @property int      $entity_id
+ * @property int      $created_by
+ * @property int      $updated_by
+ */
+class Comment extends Model implements Loggable
+{
+    use HasFactory;
+    use HasCreatorAndUpdater;
+
+    protected $fillable = ['text', 'parent_id'];
+    protected $appends = ['created', 'updated'];
+
+    /**
+     * Get the entity that this comment belongs to.
+     */
+    public function entity(): MorphTo
+    {
+        return $this->morphTo('entity');
+    }
+
+    /**
+     * Get the parent comment this is in reply to (if existing).
+     */
+    public function parent(): BelongsTo
+    {
+        return $this->belongsTo(Comment::class, 'parent_id', 'local_id', 'parent')
+            ->where('entity_type', '=', $this->entity_type)
+            ->where('entity_id', '=', $this->entity_id);
+    }
+
+    /**
+     * Check if a comment has been updated since creation.
+     */
+    public function isUpdated(): bool
+    {
+        return $this->updated_at->timestamp > $this->created_at->timestamp;
+    }
+
+    /**
+     * Get created date as a relative diff.
+     */
+    public function getCreatedAttribute(): string
+    {
+        return $this->created_at->diffForHumans();
+    }
+
+    /**
+     * Get updated date as a relative diff.
+     */
+    public function getUpdatedAttribute(): string
+    {
+        return $this->updated_at->diffForHumans();
+    }
+
+    public function logDescriptor(): string
+    {
+        return "Comment #{$this->local_id} (ID: {$this->id}) for {$this->entity_type} (ID: {$this->entity_id})";
+    }
+}

app/Activity/Models/Favouritable.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Interfaces;
+namespace BookStack\Activity\Models;
 
 use Illuminate\Database\Eloquent\Relations\MorphMany;
 

app/Activity/Models/Favourite.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Models;
 
-use BookStack\Auth\Permissions\JointPermission;
-use BookStack\Model;
+use BookStack\App\Model;
+use BookStack\Permissions\Models\JointPermission;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\MorphTo;
 

app/Activity/Models/Loggable.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Interfaces;
+namespace BookStack\Activity\Models;
 
 interface Loggable
 {

app/Activity/Models/Tag.php

@@ -1,9 +1,9 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Models;
 
-use BookStack\Auth\Permissions\JointPermission;
-use BookStack\Model;
+use BookStack\App\Model;
+use BookStack\Permissions\Models\JointPermission;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\MorphTo;

app/Activity/Models/View.php

@@ -1,10 +1,9 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Models;
 
-use BookStack\Auth\Permissions\JointPermission;
-use BookStack\Interfaces\Viewable;
-use BookStack\Model;
+use BookStack\App\Model;
+use BookStack\Permissions\Models\JointPermission;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\MorphTo;
 
@@ -42,7 +41,7 @@ class View extends Model
     public static function incrementFor(Viewable $viewable): int
     {
         $user = user();
-        if (is_null($user) || $user->isDefault()) {
+        if ($user->isGuest()) {
             return 0;
         }
 
@@ -55,12 +54,4 @@ class View extends Model
 
         return $view->views;
     }
-
-    /**
-     * Clear all views from the system.
-     */
-    public static function clearAll()
-    {
-        static::query()->truncate();
-    }
 }

app/Activity/Models/Viewable.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Interfaces;
+namespace BookStack\Activity\Models;
 
 use Illuminate\Database\Eloquent\Relations\MorphMany;
 

app/Activity/Models/Watch.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace BookStack\Activity\Models;
+
+use BookStack\Activity\WatchLevels;
+use BookStack\Permissions\Models\JointPermission;
+use Carbon\Carbon;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\Relations\MorphTo;
+
+/**
+ * @property int $id
+ * @property int $user_id
+ * @property int $watchable_id
+ * @property string $watchable_type
+ * @property int $level
+ * @property Carbon $created_at
+ * @property Carbon $updated_at
+ */
+class Watch extends Model
+{
+    protected $guarded = [];
+
+    public function watchable(): MorphTo
+    {
+        return $this->morphTo();
+    }
+
+    public function jointPermissions(): HasMany
+    {
+        return $this->hasMany(JointPermission::class, 'entity_id', 'watchable_id')
+            ->whereColumn('watches.watchable_type', '=', 'joint_permissions.entity_type');
+    }
+
+    public function getLevelName(): string
+    {
+        return WatchLevels::levelValueToName($this->level);
+    }
+
+    public function ignoring(): bool
+    {
+        return $this->level === WatchLevels::IGNORE;
+    }
+}

app/Activity/Models/Webhook.php

@@ -1,8 +1,8 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Models;
 
-use BookStack\Interfaces\Loggable;
+use BookStack\Activity\ActivityType;
 use Carbon\Carbon;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Database\Eloquent\Factories\HasFactory;

app/Activity/Models/WebhookTrackedEvent.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Models;
 
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;

app/Activity/Notifications/Handlers/BaseNotificationHandler.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Handlers;
+
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Notifications\Messages\BaseActivityNotification;
+use BookStack\Entities\Models\Entity;
+use BookStack\Permissions\PermissionApplicator;
+use BookStack\Users\Models\User;
+
+abstract class BaseNotificationHandler implements NotificationHandler
+{
+    /**
+     * @param class-string<BaseActivityNotification> $notification
+     * @param int[] $userIds
+     */
+    protected function sendNotificationToUserIds(string $notification, array $userIds, User $initiator, string|Loggable $detail, Entity $relatedModel): void
+    {
+        $users = User::query()->whereIn('id', array_unique($userIds))->get();
+
+        foreach ($users as $user) {
+            // Prevent sending to the user that initiated the activity
+            if ($user->id === $initiator->id) {
+                continue;
+            }
+
+            // Prevent sending of the user does not have notification permissions
+            if (!$user->can('receive-notifications')) {
+                continue;
+            }
+
+            // Prevent sending if the user does not have access to the related content
+            $permissions = new PermissionApplicator($user);
+            if (!$permissions->checkOwnableUserAccess($relatedModel, 'view')) {
+                continue;
+            }
+
+            // Send the notification
+            $user->notify(new $notification($detail, $initiator));
+        }
+    }
+}

app/Activity/Notifications/Handlers/CommentCreationNotificationHandler.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Handlers;
+
+use BookStack\Activity\Models\Activity;
+use BookStack\Activity\Models\Comment;
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Notifications\Messages\CommentCreationNotification;
+use BookStack\Activity\Tools\EntityWatchers;
+use BookStack\Activity\WatchLevels;
+use BookStack\Entities\Models\Page;
+use BookStack\Settings\UserNotificationPreferences;
+use BookStack\Users\Models\User;
+
+class CommentCreationNotificationHandler extends BaseNotificationHandler
+{
+    public function handle(Activity $activity, Loggable|string $detail, User $user): void
+    {
+        if (!($detail instanceof Comment)) {
+            throw new \InvalidArgumentException("Detail for comment creation notifications must be a comment");
+        }
+
+        // Main watchers
+        /** @var Page $page */
+        $page = $detail->entity;
+        $watchers = new EntityWatchers($page, WatchLevels::COMMENTS);
+        $watcherIds = $watchers->getWatcherUserIds();
+
+        // Page owner if user preferences allow
+        if (!$watchers->isUserIgnoring($page->owned_by) && $page->ownedBy) {
+            $userNotificationPrefs = new UserNotificationPreferences($page->ownedBy);
+            if ($userNotificationPrefs->notifyOnOwnPageComments()) {
+                $watcherIds[] = $page->owned_by;
+            }
+        }
+
+        // Parent comment creator if preferences allow
+        $parentComment = $detail->parent()->first();
+        if ($parentComment && !$watchers->isUserIgnoring($parentComment->created_by) && $parentComment->createdBy) {
+            $parentCommenterNotificationsPrefs = new UserNotificationPreferences($parentComment->createdBy);
+            if ($parentCommenterNotificationsPrefs->notifyOnCommentReplies()) {
+                $watcherIds[] = $parentComment->created_by;
+            }
+        }
+
+        $this->sendNotificationToUserIds(CommentCreationNotification::class, $watcherIds, $user, $detail, $page);
+    }
+}

app/Activity/Notifications/Handlers/NotificationHandler.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Handlers;
+
+use BookStack\Activity\Models\Activity;
+use BookStack\Activity\Models\Loggable;
+use BookStack\Users\Models\User;
+
+interface NotificationHandler
+{
+    /**
+     * Run this handler.
+     * Provides the activity, related activity detail/model
+     * along with the user that triggered the activity.
+     */
+    public function handle(Activity $activity, string|Loggable $detail, User $user): void;
+}

app/Activity/Notifications/Handlers/PageCreationNotificationHandler.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Handlers;
+
+use BookStack\Activity\Models\Activity;
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Notifications\Messages\PageCreationNotification;
+use BookStack\Activity\Tools\EntityWatchers;
+use BookStack\Activity\WatchLevels;
+use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
+
+class PageCreationNotificationHandler extends BaseNotificationHandler
+{
+    public function handle(Activity $activity, Loggable|string $detail, User $user): void
+    {
+        if (!($detail instanceof Page)) {
+            throw new \InvalidArgumentException("Detail for page create notifications must be a page");
+        }
+
+        $watchers = new EntityWatchers($detail, WatchLevels::NEW);
+        $this->sendNotificationToUserIds(PageCreationNotification::class, $watchers->getWatcherUserIds(), $user, $detail, $detail);
+    }
+}

app/Activity/Notifications/Handlers/PageUpdateNotificationHandler.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Handlers;
+
+use BookStack\Activity\ActivityType;
+use BookStack\Activity\Models\Activity;
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Notifications\Messages\PageUpdateNotification;
+use BookStack\Activity\Tools\EntityWatchers;
+use BookStack\Activity\WatchLevels;
+use BookStack\Entities\Models\Page;
+use BookStack\Settings\UserNotificationPreferences;
+use BookStack\Users\Models\User;
+
+class PageUpdateNotificationHandler extends BaseNotificationHandler
+{
+    public function handle(Activity $activity, Loggable|string $detail, User $user): void
+    {
+        if (!($detail instanceof Page)) {
+            throw new \InvalidArgumentException("Detail for page update notifications must be a page");
+        }
+
+        // Get last update from activity
+        $lastUpdate = $detail->activity()
+            ->where('type', '=', ActivityType::PAGE_UPDATE)
+            ->where('id', '!=', $activity->id)
+            ->latest('created_at')
+            ->first();
+
+        // Return if the same user has already updated the page in the last 15 mins
+        if ($lastUpdate && $lastUpdate->user_id === $user->id) {
+            if ($lastUpdate->created_at->gt(now()->subMinutes(15))) {
+                return;
+            }
+        }
+
+        // Get active watchers
+        $watchers = new EntityWatchers($detail, WatchLevels::UPDATES);
+        $watcherIds = $watchers->getWatcherUserIds();
+
+        // Add page owner if preferences allow
+        if (!$watchers->isUserIgnoring($detail->owned_by) && $detail->ownedBy) {
+            $userNotificationPrefs = new UserNotificationPreferences($detail->ownedBy);
+            if ($userNotificationPrefs->notifyOnOwnPageChanges()) {
+                $watcherIds[] = $detail->owned_by;
+            }
+        }
+
+        $this->sendNotificationToUserIds(PageUpdateNotification::class, $watcherIds, $user, $detail, $detail);
+    }
+}

app/Activity/Notifications/MessageParts/LinkedMailMessageLine.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace BookStack\Activity\Notifications\MessageParts;
+
+use Illuminate\Contracts\Support\Htmlable;
+use Stringable;
+
+/**
+ * A line of text with linked text included, intended for use
+ * in MailMessages. The line should have a ':link' placeholder for
+ * where the link should be inserted within the line.
+ */
+class LinkedMailMessageLine implements Htmlable, Stringable
+{
+    public function __construct(
+        protected string $url,
+        protected string $line,
+        protected string $linkText,
+    ) {
+    }
+
+    public function toHtml(): string
+    {
+        $link = '<a href="' . e($this->url) . '">' . e($this->linkText) . '</a>';
+        return str_replace(':link', $link, e($this->line));
+    }
+
+    public function __toString(): string
+    {
+        $link = "{$this->linkText} ({$this->url})";
+        return str_replace(':link', $link, $this->line);
+    }
+}

app/Activity/Notifications/MessageParts/ListMessageLine.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace BookStack\Activity\Notifications\MessageParts;
+
+use Illuminate\Contracts\Support\Htmlable;
+use Stringable;
+
+/**
+ * A bullet point list of content, where the keys of the given list array
+ * are bolded header elements, and the values follow.
+ */
+class ListMessageLine implements Htmlable, Stringable
+{
+    public function __construct(
+        protected array $list
+    ) {
+    }
+
+    public function toHtml(): string
+    {
+        $list = [];
+        foreach ($this->list as $header => $content) {
+            $list[] = '<strong>' . e($header) . '</strong> ' . e($content);
+        }
+        return implode("<br>\n", $list);
+    }
+
+    public function __toString(): string
+    {
+        $list = [];
+        foreach ($this->list as $header => $content) {
+            $list[] = $header . ' ' . $content;
+        }
+        return implode("\n", $list);
+    }
+}

app/Activity/Notifications/Messages/BaseActivityNotification.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Messages;
+
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Notifications\MessageParts\LinkedMailMessageLine;
+use BookStack\App\MailNotification;
+use BookStack\Translation\LocaleDefinition;
+use BookStack\Users\Models\User;
+use Illuminate\Bus\Queueable;
+
+abstract class BaseActivityNotification extends MailNotification
+{
+    use Queueable;
+
+    public function __construct(
+        protected Loggable|string $detail,
+        protected User $user,
+    ) {
+    }
+
+    /**
+     * Get the array representation of the notification.
+     *
+     * @param  mixed  $notifiable
+     * @return array
+     */
+    public function toArray($notifiable)
+    {
+        return [
+            'activity_detail' => $this->detail,
+            'activity_creator' => $this->user,
+        ];
+    }
+
+    /**
+     * Build the common reason footer line used in mail messages.
+     */
+    protected function buildReasonFooterLine(LocaleDefinition $locale): LinkedMailMessageLine
+    {
+        return new LinkedMailMessageLine(
+            url('/preferences/notifications'),
+            $locale->trans('notifications.footer_reason'),
+            $locale->trans('notifications.footer_reason_link'),
+        );
+    }
+}

app/Activity/Notifications/Messages/CommentCreationNotification.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Messages;
+
+use BookStack\Activity\Models\Comment;
+use BookStack\Activity\Notifications\MessageParts\ListMessageLine;
+use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class CommentCreationNotification extends BaseActivityNotification
+{
+    public function toMail(User $notifiable): MailMessage
+    {
+        /** @var Comment $comment */
+        $comment = $this->detail;
+        /** @var Page $page */
+        $page = $comment->entity;
+
+        $locale = $notifiable->getLocale();
+
+        return $this->newMailMessage($locale)
+            ->subject($locale->trans('notifications.new_comment_subject', ['pageName' => $page->getShortName()]))
+            ->line($locale->trans('notifications.new_comment_intro', ['appName' => setting('app-name')]))
+            ->line(new ListMessageLine([
+                $locale->trans('notifications.detail_page_name') => $page->name,
+                $locale->trans('notifications.detail_commenter') => $this->user->name,
+                $locale->trans('notifications.detail_comment') => strip_tags($comment->html),
+            ]))
+            ->action($locale->trans('notifications.action_view_comment'), $page->getUrl('#comment' . $comment->local_id))
+            ->line($this->buildReasonFooterLine($locale));
+    }
+}

app/Activity/Notifications/Messages/PageCreationNotification.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Messages;
+
+use BookStack\Activity\Notifications\MessageParts\ListMessageLine;
+use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class PageCreationNotification extends BaseActivityNotification
+{
+    public function toMail(User $notifiable): MailMessage
+    {
+        /** @var Page $page */
+        $page = $this->detail;
+
+        $locale = $notifiable->getLocale();
+
+        return $this->newMailMessage($locale)
+            ->subject($locale->trans('notifications.new_page_subject', ['pageName' => $page->getShortName()]))
+            ->line($locale->trans('notifications.new_page_intro', ['appName' => setting('app-name')], $locale))
+            ->line(new ListMessageLine([
+                $locale->trans('notifications.detail_page_name') => $page->name,
+                $locale->trans('notifications.detail_created_by') => $this->user->name,
+            ]))
+            ->action($locale->trans('notifications.action_view_page'), $page->getUrl())
+            ->line($this->buildReasonFooterLine($locale));
+    }
+}

app/Activity/Notifications/Messages/PageUpdateNotification.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace BookStack\Activity\Notifications\Messages;
+
+use BookStack\Activity\Notifications\MessageParts\ListMessageLine;
+use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class PageUpdateNotification extends BaseActivityNotification
+{
+    public function toMail(User $notifiable): MailMessage
+    {
+        /** @var Page $page */
+        $page = $this->detail;
+
+        $locale = $notifiable->getLocale();
+
+        return $this->newMailMessage($locale)
+            ->subject($locale->trans('notifications.updated_page_subject', ['pageName' => $page->getShortName()]))
+            ->line($locale->trans('notifications.updated_page_intro', ['appName' => setting('app-name')]))
+            ->line(new ListMessageLine([
+                $locale->trans('notifications.detail_page_name') => $page->name,
+                $locale->trans('notifications.detail_updated_by') => $this->user->name,
+            ]))
+            ->line($locale->trans('notifications.updated_page_debounce'))
+            ->action($locale->trans('notifications.action_view_page'), $page->getUrl())
+            ->line($this->buildReasonFooterLine($locale));
+    }
+}

app/Activity/Notifications/NotificationManager.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace BookStack\Activity\Notifications;
+
+use BookStack\Activity\ActivityType;
+use BookStack\Activity\Models\Activity;
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Notifications\Handlers\CommentCreationNotificationHandler;
+use BookStack\Activity\Notifications\Handlers\NotificationHandler;
+use BookStack\Activity\Notifications\Handlers\PageCreationNotificationHandler;
+use BookStack\Activity\Notifications\Handlers\PageUpdateNotificationHandler;
+use BookStack\Users\Models\User;
+
+class NotificationManager
+{
+    /**
+     * @var class-string<NotificationHandler>[]
+     */
+    protected array $handlers = [];
+
+    public function handle(Activity $activity, string|Loggable $detail, User $user): void
+    {
+        $activityType = $activity->type;
+        $handlersToRun = $this->handlers[$activityType] ?? [];
+        foreach ($handlersToRun as $handlerClass) {
+            /** @var NotificationHandler $handler */
+            $handler = new $handlerClass();
+            $handler->handle($activity, $detail, $user);
+        }
+    }
+
+    /**
+     * @param class-string<NotificationHandler> $handlerClass
+     */
+    public function registerHandler(string $activityType, string $handlerClass): void
+    {
+        if (!isset($this->handlers[$activityType])) {
+            $this->handlers[$activityType] = [];
+        }
+
+        if (!in_array($handlerClass, $this->handlers[$activityType])) {
+            $this->handlers[$activityType][] = $handlerClass;
+        }
+    }
+
+    public function loadDefaultHandlers(): void
+    {
+        $this->registerHandler(ActivityType::PAGE_CREATE, PageCreationNotificationHandler::class);
+        $this->registerHandler(ActivityType::PAGE_UPDATE, PageUpdateNotificationHandler::class);
+        $this->registerHandler(ActivityType::COMMENT_CREATE, CommentCreationNotificationHandler::class);
+    }
+}

app/Activity/Queries/WebhooksAllPaginatedAndSorted.php

@@ -1,8 +1,8 @@
 <?php
 
-namespace BookStack\Actions\Queries;
+namespace BookStack\Activity\Queries;
 
-use BookStack\Actions\Webhook;
+use BookStack\Activity\Models\Webhook;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Pagination\LengthAwarePaginator;
 

app/Activity/TagRepo.php

@@ -1,9 +1,10 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity;
 
-use BookStack\Auth\Permissions\PermissionApplicator;
+use BookStack\Activity\Models\Tag;
 use BookStack\Entities\Models\Entity;
+use BookStack\Permissions\PermissionApplicator;
 use BookStack\Util\SimpleListOptions;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Collection;

app/Activity/Tools/ActivityLogger.php

@@ -1,22 +1,30 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Tools;
 
+use BookStack\Activity\DispatchWebhookJob;
+use BookStack\Activity\Models\Activity;
+use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Models\Webhook;
+use BookStack\Activity\Notifications\NotificationManager;
 use BookStack\Entities\Models\Entity;
 use BookStack\Facades\Theme;
-use BookStack\Interfaces\Loggable;
 use BookStack\Theming\ThemeEvents;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\Log;
 
 class ActivityLogger
 {
+    public function __construct(
+        protected NotificationManager $notifications
+    ) {
+        $this->notifications->loadDefaultHandlers();
+    }
+
     /**
      * Add a generic activity event to the database.
-     *
-     * @param string|Loggable $detail
      */
-    public function add(string $type, $detail = '')
+    public function add(string $type, string|Loggable $detail = ''): void
     {
         $detailToStore = ($detail instanceof Loggable) ? $detail->logDescriptor() : $detail;
 
@@ -32,6 +40,7 @@ class ActivityLogger
 
         $this->setNotification($type);
         $this->dispatchWebhooks($type, $detail);
+        $this->notifications->handle($activity, $detail, user());
         Theme::dispatch(ThemeEvents::ACTIVITY_LOGGED, $type, $detail);
     }
 
@@ -52,7 +61,7 @@ class ActivityLogger
      * and instead uses the 'extra' field with the entities name.
      * Used when an entity is deleted.
      */
-    public function removeEntity(Entity $entity)
+    public function removeEntity(Entity $entity): void
     {
         $entity->activity()->update([
             'detail'       => $entity->name,
@@ -73,10 +82,7 @@ class ActivityLogger
         }
     }
 
-    /**
-     * @param string|Loggable $detail
-     */
-    protected function dispatchWebhooks(string $type, $detail): void
+    protected function dispatchWebhooks(string $type, string|Loggable $detail): void
     {
         $webhooks = Webhook::query()
             ->whereHas('trackedEvents', function (Builder $query) use ($type) {
@@ -95,7 +101,7 @@ class ActivityLogger
      * Log out a failed login attempt, Providing the given username
      * as part of the message if the '%u' string is used.
      */
-    public function logFailedLogin(string $username)
+    public function logFailedLogin(string $username): void
     {
         $message = config('logging.failed_login.message');
         if (!$message) {

app/Activity/Tools/CommentTree.php

@@ -0,0 +1,102 @@
+<?php
+
+namespace BookStack\Activity\Tools;
+
+use BookStack\Activity\Models\Comment;
+use BookStack\Entities\Models\Page;
+
+class CommentTree
+{
+    /**
+     * The built nested tree structure array.
+     * @var array{comment: Comment, depth: int, children: array}[]
+     */
+    protected array $tree;
+    protected array $comments;
+
+    public function __construct(
+        protected Page $page
+    ) {
+        $this->comments = $this->loadComments();
+        $this->tree = $this->createTree($this->comments);
+    }
+
+    public function enabled(): bool
+    {
+        return !setting('app-disable-comments');
+    }
+
+    public function empty(): bool
+    {
+        return count($this->tree) === 0;
+    }
+
+    public function count(): int
+    {
+        return count($this->comments);
+    }
+
+    public function get(): array
+    {
+        return $this->tree;
+    }
+
+    /**
+     * @param Comment[] $comments
+     */
+    protected function createTree(array $comments): array
+    {
+        $byId = [];
+        foreach ($comments as $comment) {
+            $byId[$comment->local_id] = $comment;
+        }
+
+        $childMap = [];
+        foreach ($comments as $comment) {
+            $parent = $comment->parent_id;
+            if (is_null($parent) || !isset($byId[$parent])) {
+                $parent = 0;
+            }
+
+            if (!isset($childMap[$parent])) {
+                $childMap[$parent] = [];
+            }
+            $childMap[$parent][] = $comment->local_id;
+        }
+
+        $tree = [];
+        foreach ($childMap[0] ?? [] as $childId) {
+            $tree[] = $this->createTreeForId($childId, 0, $byId, $childMap);
+        }
+
+        return $tree;
+    }
+
+    protected function createTreeForId(int $id, int $depth, array &$byId, array &$childMap): array
+    {
+        $childIds = $childMap[$id] ?? [];
+        $children = [];
+
+        foreach ($childIds as $childId) {
+            $children[] = $this->createTreeForId($childId, $depth + 1, $byId, $childMap);
+        }
+
+        return [
+            'comment' => $byId[$id],
+            'depth' => $depth,
+            'children' => $children,
+        ];
+    }
+
+    protected function loadComments(): array
+    {
+        if (!$this->enabled()) {
+            return [];
+        }
+
+        return $this->page->comments()
+            ->with('createdBy')
+            ->get()
+            ->all();
+    }
+}

app/Activity/Tools/EntityWatchers.php

@@ -0,0 +1,86 @@
+<?php
+
+namespace BookStack\Activity\Tools;
+
+use BookStack\Activity\Models\Watch;
+use BookStack\Entities\Models\BookChild;
+use BookStack\Entities\Models\Entity;
+use BookStack\Entities\Models\Page;
+use Illuminate\Database\Eloquent\Builder;
+
+class EntityWatchers
+{
+    /**
+     * @var int[]
+     */
+    protected array $watchers = [];
+
+    /**
+     * @var int[]
+     */
+    protected array $ignorers = [];
+
+    public function __construct(
+        protected Entity $entity,
+        protected int $watchLevel,
+    ) {
+        $this->build();
+    }
+
+    public function getWatcherUserIds(): array
+    {
+        return $this->watchers;
+    }
+
+    public function isUserIgnoring(int $userId): bool
+    {
+        return in_array($userId, $this->ignorers);
+    }
+
+    protected function build(): void
+    {
+        $watches = $this->getRelevantWatches();
+
+        // Sort before de-duping, so that the order looped below follows book -> chapter -> page ordering
+        usort($watches, function (Watch $watchA, Watch $watchB) {
+            $entityTypeDiff = $watchA->watchable_type <=> $watchB->watchable_type;
+            return $entityTypeDiff === 0 ? ($watchA->user_id <=> $watchB->user_id) : $entityTypeDiff;
+        });
+
+        // De-dupe by user id to get their most relevant level
+        $levelByUserId = [];
+        foreach ($watches as $watch) {
+            $levelByUserId[$watch->user_id] = $watch->level;
+        }
+
+        // Populate the class arrays
+        $this->watchers = array_keys(array_filter($levelByUserId, fn(int $level) => $level >= $this->watchLevel));
+        $this->ignorers = array_keys(array_filter($levelByUserId, fn(int $level) => $level === 0));
+    }
+
+    /**
+     * @return Watch[]
+     */
+    protected function getRelevantWatches(): array
+    {
+        /** @var Entity[] $entitiesInvolved */
+        $entitiesInvolved = array_filter([
+            $this->entity,
+            $this->entity instanceof BookChild ? $this->entity->book : null,
+            $this->entity instanceof Page ? $this->entity->chapter : null,
+        ]);
+
+        $query = Watch::query()->where(function (Builder $query) use ($entitiesInvolved) {
+            foreach ($entitiesInvolved as $entity) {
+                $query->orWhere(function (Builder $query) use ($entity) {
+                    $query->where('watchable_type', '=', $entity->getMorphClass())
+                        ->where('watchable_id', '=', $entity->id);
+                });
+            }
+        });
+
+        return $query->get([
+            'level', 'watchable_id', 'watchable_type', 'user_id'
+        ])->all();
+    }
+}

app/Activity/Tools/IpFormatter.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace BookStack\Actions;
+namespace BookStack\Activity\Tools;
 
 class IpFormatter
 {