Fix "undefined key" error for TagsFilter (#2312)

Co-authored-by: Boy132 <mail@boy132.de>

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -64,10 +64,9 @@ body:
     label: Error Logs
     description: |
       Run the following command to collect logs on your system.
-
+      Wings: `sudo wings diagnostics --hastebin-url=https://logs.pelican.dev`
-      Wings: `sudo wings diagnostics`
+      Panel: `tail -n 300 /var/www/pelican/storage/logs/laravel-$(date +%F).log | curl --data-binary @- https://logs.pelican.dev`
-      Panel: `tail -n 150 /var/www/pelican/storage/logs/laravel-$(date +%F).log | curl -X POST -F 'c=@-' paste.pelistuff.com`
+    placeholder: "https://logs.pelican.dev/c17f750e"
-    placeholder: "https://pelipaste.com/a1h6z"
     render: bash
   validations:
     required: false

.github/workflows/build.yaml

@@ -11,9 +11,9 @@ jobs:
     name: UI
     runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
+      fail-fast: true
       matrix:
-        node-version: [18, 20]
+        node-version: [20, 22]
     steps:
       - name: Code Checkout
         uses: actions/checkout@v4

.github/workflows/ci.yaml

@@ -6,174 +6,30 @@ on:
       - main
   pull_request:
 
+env:
+  APP_ENV: testing
+  APP_DEBUG: "false"
+  APP_KEY: ThisIsARandomStringForTests12345
+  APP_TIMEZONE: UTC
+  APP_URL: http://localhost/
+  CACHE_DRIVER: array
+  MAIL_MAILER: array
+  SESSION_DRIVER: array
+  QUEUE_CONNECTION: sync
+  GUZZLE_TIMEOUT: 60
+  GUZZLE_CONNECT_TIMEOUT: 60
+
 jobs:
-  mysql:
-    name: MySQL
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        php: [8.2, 8.3, 8.4]
-        database: ["mysql:8"]
-    services:
-      database:
-        image: ${{ matrix.database }}
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: yes
-          MYSQL_DATABASE: testing
-        ports:
-          - 3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    env:
-      APP_ENV: testing
-      APP_DEBUG: "false"
-      APP_KEY: ThisIsARandomStringForTests12345
-      APP_TIMEZONE: UTC
-      APP_URL: http://localhost/
-      CACHE_DRIVER: array
-      MAIL_MAILER: array
-      SESSION_DRIVER: array
-      QUEUE_CONNECTION: sync
-      DB_CONNECTION: mysql
-      DB_HOST: 127.0.0.1
-      DB_DATABASE: testing
-      DB_USERNAME: root
-      GUZZLE_TIMEOUT: 60
-      GUZZLE_CONNECT_TIMEOUT: 60
-    steps:
-      - name: Code Checkout
-        uses: actions/checkout@v4
-
-      - name: Get cache directory
-        id: composer-cache
-        run: |
-          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-
-      - name: Cache
-        uses: actions/cache@v4
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-composer-${{ matrix.php }}-
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php }}
-          extensions: bcmath, curl, gd, mbstring, mysql, openssl, pdo, tokenizer, xml, zip
-          tools: composer:v2
-          coverage: none
-
-      - name: Install dependencies
-        run: composer install --no-interaction --no-suggest --no-progress --no-scripts
-
-      - name: Unit tests
-        run: vendor/bin/pest tests/Unit
-        env:
-          DB_HOST: UNIT_NO_DB
-          SKIP_MIGRATIONS: true
-
-      - name: Integration tests
-        run: vendor/bin/pest tests/Integration
-        env:
-          DB_PORT: ${{ job.services.database.ports[3306] }}
-          DB_USERNAME: root
-
-  mariadb:
-    name: MariaDB
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        php: [8.2, 8.3, 8.4]
-        database: ["mariadb:10.6", "mariadb:10.11", "mariadb:11.4"]
-    services:
-      database:
-        image: ${{ matrix.database }}
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: yes
-          MYSQL_DATABASE: testing
-        ports:
-          - 3306
-        options: --health-cmd="mariadb-admin ping || mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
-    env:
-      APP_ENV: testing
-      APP_DEBUG: "false"
-      APP_KEY: ThisIsARandomStringForTests12345
-      APP_TIMEZONE: UTC
-      APP_URL: http://localhost/
-      CACHE_DRIVER: array
-      MAIL_MAILER: array
-      SESSION_DRIVER: array
-      QUEUE_CONNECTION: sync
-      DB_CONNECTION: mariadb
-      DB_HOST: 127.0.0.1
-      DB_DATABASE: testing
-      DB_USERNAME: root
-      GUZZLE_TIMEOUT: 60
-      GUZZLE_CONNECT_TIMEOUT: 60
-    steps:
-      - name: Code Checkout
-        uses: actions/checkout@v4
-
-      - name: Get cache directory
-        id: composer-cache
-        run: |
-          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-
-      - name: Cache
-        uses: actions/cache@v4
-        with:
-          path: ${{ steps.composer-cache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-composer-${{ matrix.php }}-
-
-      - name: Setup PHP
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php }}
-          extensions: bcmath, curl, gd, mbstring, mysql, openssl, pdo, tokenizer, xml, zip
-          tools: composer:v2
-          coverage: none
-
-      - name: Install dependencies
-        run: composer install --no-interaction --no-suggest --no-progress --no-scripts
-
-      - name: Unit tests
-        run: vendor/bin/pest tests/Unit
-        env:
-          DB_HOST: UNIT_NO_DB
-          SKIP_MIGRATIONS: true
-
-      - name: Integration tests
-        run: vendor/bin/pest tests/Integration
-        env:
-          DB_PORT: ${{ job.services.database.ports[3306] }}
-          DB_USERNAME: root
-
   sqlite:
     name: SQLite
     runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
+      fail-fast: true
       matrix:
-        php: [8.2, 8.3, 8.4]
+        php: [8.3, 8.4, 8.5]
     env:
-      APP_ENV: testing
-      APP_DEBUG: "false"
-      APP_KEY: ThisIsARandomStringForTests12345
-      APP_TIMEZONE: UTC
-      APP_URL: http://localhost/
-      CACHE_DRIVER: array
-      MAIL_MAILER: array
-      SESSION_DRIVER: array
-      QUEUE_CONNECTION: sync
       DB_CONNECTION: sqlite
       DB_DATABASE: testing.sqlite
-      GUZZLE_TIMEOUT: 60
-      GUZZLE_CONNECT_TIMEOUT: 60
     steps:
       - name: Code Checkout
         uses: actions/checkout@v4
@@ -205,23 +61,162 @@ jobs:
       - name: Create SQLite file
         run: touch database/testing.sqlite
 
+      - name: Run Migrations
+        run: php artisan migrate --force --seed
+
       - name: Unit tests
-        run: vendor/bin/pest tests/Unit
+        run: vendor/bin/pest tests/Unit --parallel
         env:
           DB_HOST: UNIT_NO_DB
           SKIP_MIGRATIONS: true
 
       - name: Integration tests
-        run: vendor/bin/pest tests/Integration
+        run: vendor/bin/pest tests/Integration --parallel
+
+  mysql:
+    name: MySQL
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        php: [8.5]
+        database: ["mysql:8.4", "mysql:9.6"]
+    services:
+      database:
+        image: ${{ matrix.database }}
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_DATABASE: testing
+        ports:
+          - 3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    env:
+      DB_CONNECTION: mysql
+      DB_HOST: 127.0.0.1
+      DB_DATABASE: testing
+      DB_USERNAME: root
+    steps:
+      - name: Code Checkout
+        uses: actions/checkout@v4
+
+      - name: Get cache directory
+        id: composer-cache
+        run: |
+          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-${{ matrix.php }}-
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: bcmath, curl, gd, mbstring, mysql, openssl, pdo, tokenizer, xml, zip
+          tools: composer:v2
+          coverage: none
+
+      - name: Install dependencies
+        run: composer install --no-interaction --no-suggest --no-progress --no-scripts
+
+      - name: Run Migrations
+        run: php artisan migrate --force --seed
+        env:
+          DB_PORT: ${{ job.services.database.ports[3306] }}
+          DB_USERNAME: root
+
+      - name: Unit tests
+        run: vendor/bin/pest tests/Unit --parallel
+        env:
+          DB_HOST: UNIT_NO_DB
+          SKIP_MIGRATIONS: true
+
+      - name: Integration tests
+        run: vendor/bin/pest tests/Integration --parallel
+        env:
+          DB_PORT: ${{ job.services.database.ports[3306] }}
+          DB_USERNAME: root
+
+  mariadb:
+    name: MariaDB
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        php: [8.5]
+        database: ["mariadb:10.11", "mariadb:11.4"]
+    services:
+      database:
+        image: ${{ matrix.database }}
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_DATABASE: testing
+        ports:
+          - 3306
+        options: --health-cmd="mariadb-admin ping || mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    env:
+      DB_CONNECTION: mariadb
+      DB_HOST: 127.0.0.1
+      DB_DATABASE: testing
+      DB_USERNAME: root
+    steps:
+      - name: Code Checkout
+        uses: actions/checkout@v4
+
+      - name: Get cache directory
+        id: composer-cache
+        run: |
+          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-${{ matrix.php }}-
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          extensions: bcmath, curl, gd, mbstring, mysql, openssl, pdo, tokenizer, xml, zip
+          tools: composer:v2
+          coverage: none
+
+      - name: Install dependencies
+        run: composer install --no-interaction --no-suggest --no-progress --no-scripts
+
+      - name: Run Migrations
+        run: php artisan migrate --force --seed
+        env:
+          DB_PORT: ${{ job.services.database.ports[3306] }}
+          DB_USERNAME: root
+
+      - name: Unit tests
+        run: vendor/bin/pest tests/Unit --parallel
+        env:
+          DB_HOST: UNIT_NO_DB
+          SKIP_MIGRATIONS: true
+
+      - name: Integration tests
+        run: vendor/bin/pest tests/Integration --parallel
+        env:
+          DB_PORT: ${{ job.services.database.ports[3306] }}
+          DB_USERNAME: root
 
   postgresql:
     name: PostgreSQL
     runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
+      fail-fast: true
       matrix:
-        php: [8.2, 8.3, 8.4]
+        php: [8.5]
-        database: ["postgres:14"]
+        database: ["postgres:17", "postgres:18"]
     services:
       database:
         image: ${{ matrix.database }}
@@ -238,22 +233,11 @@ jobs:
           --health-timeout 5s
           --health-retries 5
     env:
-      APP_ENV: testing
-      APP_DEBUG: "false"
-      APP_KEY: ThisIsARandomStringForTests12345
-      APP_TIMEZONE: UTC
-      APP_URL: http://localhost/
-      CACHE_DRIVER: array
-      MAIL_MAILER: array
-      SESSION_DRIVER: array
-      QUEUE_CONNECTION: sync
       DB_CONNECTION: pgsql
       DB_HOST: 127.0.0.1
       DB_DATABASE: testing
       DB_USERNAME: postgres
       DB_PASSWORD: postgres
-      GUZZLE_TIMEOUT: 60
-      GUZZLE_CONNECT_TIMEOUT: 60
     steps:
       - name: Code Checkout
         uses: actions/checkout@v4
@@ -269,6 +253,7 @@ jobs:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ runner.os }}-composer-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }}
           restore-keys: |
+            ${{ runner.os }}-composer-${{ matrix.php }}-
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
@@ -281,11 +266,14 @@ jobs:
       - name: Install dependencies
         run: composer install --no-interaction --no-suggest --no-progress --no-scripts
 
+      - name: Run Migrations
+        run: php artisan migrate --force --seed
+
       - name: Unit tests
-        run: vendor/bin/pest tests/Unit
+        run: vendor/bin/pest tests/Unit --parallel
         env:
           DB_HOST: UNIT_NO_DB
           SKIP_MIGRATIONS: true
 
       - name: Integration tests
-        run: vendor/bin/pest tests/Integration
+        run: vendor/bin/pest tests/Integration --parallel

.github/workflows/docker-publish.yml

@@ -66,8 +66,6 @@ jobs:
     permissions:
       contents: read
       packages: write
-    strategy:
-      fail-fast: false
     # Start a temp local registry because workflow can not pull from localy loaded images
     services:
       registry:
@@ -134,6 +132,11 @@ jobs:
           docker push localhost:5000/base-php:arm64
           rm base-php-arm64.tar base-php-amd64.tar
           
+      - name: Update version in config/app.php (tag)
+        if: "github.event_name == 'release' && github.event.action == 'published'"
+        run: |
+          sed -i "s/'version' => 'canary',/'version' => '${{ steps.build_info.outputs.version_tag }}',/" config/app.php
+              
       - name: Build and Push (tag)
         uses: docker/build-push-action@v6
         if: "github.event_name == 'release' && github.event.action == 'published'"

.github/workflows/lint.yaml

@@ -3,7 +3,7 @@ name: Lint
 on:
   pull_request:
     branches:
-      - '**'
+      - "**"
 
 jobs:
   pint:
@@ -16,7 +16,7 @@ jobs:
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: "8.3"
+          php-version: "8.4"
           extensions: bcmath, curl, gd, mbstring, mysql, openssl, pdo, tokenizer, xml, zip
           tools: composer:v2
           coverage: none
@@ -33,9 +33,9 @@ jobs:
     name: PHPStan
     runs-on: ubuntu-latest
     strategy:
-      fail-fast: false
+      fail-fast: true
       matrix:
-        php: [ 8.2, 8.3, 8.4 ]
+        php: [8.2, 8.3, 8.4, 8.5]
     steps:
       - name: Code Checkout
         uses: actions/checkout@v4

.gitignore

@@ -21,9 +21,9 @@ yarn-error.log
 /.idea
 /.nova
 /.vscode
+/.ddev
 
 public/assets/manifest.json
 /database/*.sqlite*
-filament-monaco-editor/
 _ide_helper*
 /.phpstorm.meta.php

Dockerfile

@@ -2,7 +2,7 @@
 # Pelican Production Dockerfile
 
 ##
-#  If you want to build this locally you want to run `docker build -f Dockerfile.dev`
+#  If you want to build this locally you want to run `docker build -f Dockerfile.dev .`
 ##
 
 # ================================
@@ -38,7 +38,7 @@ RUN yarn config set network-timeout 300000 \
 FROM --platform=$TARGETOS/$TARGETARCH composer AS composerbuild
 
 # Copy full code to optimize autoload
-COPY --exclude=Caddyfile --exclude=docker/ . ./
+COPY --exclude=docker/ . ./
 
 RUN composer dump-autoload --optimize
 
@@ -50,7 +50,7 @@ FROM --platform=$TARGETOS/$TARGETARCH yarn AS yarnbuild
 WORKDIR /build
 
 # Copy full code
-COPY --exclude=Caddyfile --exclude=docker/ . ./
+COPY --exclude=docker/ . ./
 COPY --from=composer /build .
 
 RUN yarn run build
@@ -62,41 +62,41 @@ FROM --platform=$TARGETOS/$TARGETARCH localhost:5000/base-php:$TARGETARCH AS fin
 
 WORKDIR /var/www/html
 
-# Install additional required libraries
+RUN apk add --no-cache \
-RUN apk update && apk add --no-cache \
+    # packages for running the panel
-    caddy ca-certificates supervisor supercronic
+    caddy ca-certificates supervisor supercronic fcgi \
+    # required for installing plugins. Pulled from https://github.com/pelican-dev/panel/pull/2034
+    zip unzip 7zip bzip2-dev yarn git
 
-COPY --chown=root:www-data --chmod=640 --from=composerbuild /build .
+# Copy composer binary for runtime plugin dependency management
-COPY --chown=root:www-data --chmod=640 --from=yarnbuild /build/public ./public
+COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer
-
+COPY --chown=root:www-data --chmod=770 --from=composerbuild /build .
-# Set permissions
+COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public
-# First ensure all files are owned by root and restrict www-data to read access
-RUN chown root:www-data ./ \
-    && chmod 750 ./ \
-    # Files should not have execute set, but directories need it
-    && find ./ -type d -exec chmod 750 {} \; \
-    # Create necessary directories
-    && mkdir -p /pelican-data/storage /var/www/html/storage/app/public /var/run/supervisord /etc/supercronic \
-    # Symlinks for env, database, and avatars
-    && ln -s /pelican-data/.env ./.env \
-    && ln -s /pelican-data/database/database.sqlite ./database/database.sqlite \
-    && ln -sf /var/www/html/storage/app/public /var/www/html/public/storage \
-    && ln -s  /pelican-data/storage/avatars /var/www/html/storage/app/public/avatars \
-    && ln -s  /pelican-data/storage/fonts /var/www/html/storage/app/public/fonts \
-    # Allow www-data write permissions where necessary
-    && chown -R www-data:www-data /pelican-data ./storage ./bootstrap/cache /var/run/supervisord /var/www/html/public/storage \
-    && chmod -R u+rwX,g+rwX,o-rwx /pelican-data ./storage ./bootstrap/cache /var/run/supervisord
 
+# Create and remove directories
+RUN mkdir -p /pelican-data/storage /pelican-data/plugins /var/run/supervisord \
+    && rm -rf /var/www/html/plugins \
+# Symlinks for env, database, storage, and plugins
+    && ln -s  /pelican-data/.env /var/www/html/.env \
+    && ln -s  /pelican-data/database/database.sqlite ./database/database.sqlite \
+    && ln -s  /pelican-data/storage /var/www/html/public/storage \
+    && ln -s  /pelican-data/storage /var/www/html/storage/app/public \
+    && ln -s  /pelican-data/plugins /var/www/html \
+# Allow www-data write permissions where necessary
+    && chown -R www-data: /pelican-data .env ./storage ./plugins ./bootstrap/cache /var/run/supervisord /var/www/html/public/storage \
+    && chmod -R 770 /pelican-data ./storage ./bootstrap/cache /var/run/supervisord \
+    && chown -R www-data: /usr/local/etc/php/ /usr/local/etc/php-fpm.d/ /var/www/html/composer.json /var/www/html/composer.lock
 # Configure Supervisor
 COPY docker/supervisord.conf /etc/supervisord.conf
 COPY docker/Caddyfile /etc/caddy/Caddyfile
 # Add Laravel scheduler to crontab
-COPY docker/crontab /etc/supercronic/crontab
+COPY docker/crontab /etc/crontabs/crontab
 
-COPY docker/entrypoint.sh ./docker/entrypoint.sh
+COPY docker/entrypoint.sh /entrypoint.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --interval=5m --timeout=10s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost/up || exit 1
+  CMD /bin/ash /healthcheck.sh
 
 EXPOSE 80 443
 
@@ -104,5 +104,5 @@ VOLUME /pelican-data
 
 USER www-data
 
-ENTRYPOINT [ "/bin/ash", "docker/entrypoint.sh" ]
+ENTRYPOINT [ "/bin/ash", "/entrypoint.sh" ]
 CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]

Dockerfile.base

@@ -5,6 +5,6 @@ FROM --platform=$TARGETOS/$TARGETARCH php:8.4-fpm-alpine
 
 ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
 
-RUN install-php-extensions bcmath gd intl zip opcache pcntl posix pdo_mysql pdo_pgsql
+RUN install-php-extensions bcmath gd intl zip pcntl pdo_mysql pdo_pgsql bz2
 
 RUN rm /usr/local/bin/install-php-extensions

Dockerfile.dev

@@ -5,7 +5,7 @@ FROM --platform=$TARGETOS/$TARGETARCH php:8.4-fpm-alpine AS base
 
 ADD --chmod=0755 https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
 
-RUN install-php-extensions bcmath gd intl zip opcache pcntl posix pdo_mysql pdo_pgsql
+RUN install-php-extensions bcmath gd intl zip pcntl pdo_mysql pdo_pgsql bz2
 
 RUN rm /usr/local/bin/install-php-extensions
 
@@ -42,7 +42,7 @@ RUN yarn config set network-timeout 300000 \
 FROM --platform=$TARGETOS/$TARGETARCH composer AS composerbuild
 
 # Copy full code to optimize autoload
-COPY --exclude=Caddyfile --exclude=docker/ . ./
+COPY --exclude=docker/ . ./
 
 RUN composer dump-autoload --optimize
 
@@ -54,7 +54,7 @@ FROM --platform=$TARGETOS/$TARGETARCH yarn AS yarnbuild
 WORKDIR /build
 
 # Copy full code
-COPY --exclude=Caddyfile --exclude=docker/ . ./
+COPY --exclude=docker/ . ./
 COPY --from=composer /build .
 
 RUN yarn run build
@@ -67,40 +67,42 @@ FROM --platform=$TARGETOS/$TARGETARCH base AS final
 WORKDIR /var/www/html
 
 # Install additional required libraries
-RUN apk update && apk add --no-cache \
+RUN apk add --no-cache \
-    caddy ca-certificates supervisor supercronic
+    # packages for running the panel
+    caddy ca-certificates supervisor supercronic fcgi coreutils \
+    # required for installing plugins. Pulled from https://github.com/pelican-dev/panel/pull/2034
+    zip unzip 7zip bzip2-dev yarn git
 
-COPY --chown=root:www-data --chmod=640 --from=composerbuild /build .
+# Copy composer binary for runtime plugin dependency management
-COPY --chown=root:www-data --chmod=640 --from=yarnbuild /build/public ./public
+COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer
+COPY --chown=root:www-data --chmod=770 --from=composerbuild /build .
+COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public
 
-# Set permissions
+# Create and remove directories
-# First ensure all files are owned by root and restrict www-data to read access
+RUN mkdir -p /pelican-data/storage /pelican-data/plugins /var/run/supervisord \
-RUN chown root:www-data ./ \
+    && rm -rf /var/www/html/plugins \
-    && chmod 750 ./ \
+# Symlinks for env, database, storage, and plugins
-    # Files should not have execute set, but directories need it
+    && ln -s  /pelican-data/.env /var/www/html/.env \
-    && find ./ -type d -exec chmod 750 {} \; \
+    && ln -s  /pelican-data/database/database.sqlite ./database/database.sqlite \
-    # Create necessary directories
+    && ln -s  /pelican-data/storage /var/www/html/public/storage \
-    && mkdir -p /pelican-data/storage /var/www/html/storage/app/public /var/run/supervisord /etc/supercronic \
+    && ln -s  /pelican-data/storage /var/www/html/storage/app/public \
-    # Symlinks for env, database, and avatars
+    && ln -s  /pelican-data/plugins /var/www/html \
-    && ln -s /pelican-data/.env ./.env \
+# Allow www-data write permissions where necessary
-    && ln -s /pelican-data/database/database.sqlite ./database/database.sqlite \
+    && chown -R www-data: /pelican-data .env ./storage ./plugins ./bootstrap/cache /var/run/supervisord /var/www/html/public/storage \
-    && ln -sf /var/www/html/storage/app/public /var/www/html/public/storage \
+    && chmod -R 770 /pelican-data ./storage ./bootstrap/cache /var/run/supervisord \
-    && ln -s  /pelican-data/storage/avatars /var/www/html/storage/app/public/avatars \
+    && chown -R www-data: /usr/local/etc/php/ /usr/local/etc/php-fpm.d/ /var/www/html/composer.json /var/www/html/composer.lock
-    && ln -s  /pelican-data/storage/fonts /var/www/html/storage/app/public/fonts \
-    # Allow www-data write permissions where necessary
-    && chown -R www-data:www-data /pelican-data ./storage ./bootstrap/cache /var/run/supervisord /var/www/html/public/storage \
-    && chmod -R u+rwX,g+rwX,o-rwx /pelican-data ./storage ./bootstrap/cache /var/run/supervisord
 
 # Configure Supervisor
 COPY docker/supervisord.conf /etc/supervisord.conf
 COPY docker/Caddyfile /etc/caddy/Caddyfile
 # Add Laravel scheduler to crontab
-COPY docker/crontab /etc/supercronic/crontab
+COPY docker/crontab /etc/crontabs/crontab
 
-COPY docker/entrypoint.sh ./docker/entrypoint.sh
+COPY docker/entrypoint.sh /entrypoint.sh
+COPY docker/healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --interval=5m --timeout=10s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost/up || exit 1
+  CMD /bin/ash /healthcheck.sh
 
 EXPOSE 80 443
 
@@ -108,5 +110,5 @@ VOLUME /pelican-data
 
 USER www-data
 
-ENTRYPOINT [ "/bin/ash", "docker/entrypoint.sh" ]
+ENTRYPOINT [ "/bin/ash", "/entrypoint.sh" ]
 CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]

app/Console/Commands/Dev/GenerateTablerIconsEnum.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Console\Commands\Dev;
+
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\File;
+
+class GenerateTablerIconsEnum extends Command
+{
+    protected $signature = 'dev:generate-tabler-icons-enum';
+
+    protected $description = 'Generate an enum for tabler icons based on the secondnetwork/blade-tabler-icons svgs';
+
+    public function handle(): void
+    {
+        $files = File::files(base_path('vendor/secondnetwork/blade-tabler-icons/resources/svg'));
+        $files = array_filter($files, fn ($file) => $file->getExtension() === 'svg');
+
+        $enumContent = "<?php\n\n";
+        $enumContent .= "namespace App\\Enums;\n\n";
+        $enumContent .= "enum TablerIcon: string\n{\n";
+
+        foreach ($files as $file) {
+            $filename = pathinfo($file->getFilename(), PATHINFO_FILENAME);
+
+            // Letter V is duplicate, as "letter-v" and "letter-letter-v"
+            if (str($filename)->contains('letter-letter')) {
+                continue;
+            }
+
+            // Filled icons exist with "-f" and "-filled", we only want the later
+            if (str($filename)->endsWith('-f') && file_exists(base_path("vendor/secondnetwork/blade-tabler-icons/resources/svg/{$filename}illed.svg"))) {
+                continue;
+            }
+
+            $caseName = str($filename)->title()->replace('-', '');
+            $value = str($filename)->slug()->prepend('tabler-');
+
+            $enumContent .= "    case $caseName = '$value';\n";
+        }
+
+        $enumContent .= "}\n";
+
+        File::put(base_path('app/Enums/TablerIcon.php'), $enumContent);
+
+        $this->info('Enum generated');
+    }
+}

app/Console/Commands/Egg/CheckEggUpdatesCommand.php

@@ -2,10 +2,13 @@
 
 namespace App\Console\Commands\Egg;
 
+use App\Enums\EggFormat;
 use App\Models\Egg;
 use App\Services\Eggs\Sharing\EggExporterService;
 use Exception;
 use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Http;
+use Symfony\Component\Yaml\Yaml;
 
 class CheckEggUpdatesCommand extends Command
 {
@@ -18,11 +21,12 @@ class CheckEggUpdatesCommand extends Command
             try {
                 $this->check($egg, $exporterService);
             } catch (Exception $exception) {
-                $this->error("{$egg->name}: Error ({$exception->getMessage()})");
+                $this->error("$egg->name: Error ({$exception->getMessage()})");
             }
         }
     }
 
+    /** @throws Exception */
     private function check(Egg $egg, EggExporterService $exporterService): void
     {
         if (is_null($egg->update_url)) {
@@ -31,22 +35,30 @@ class CheckEggUpdatesCommand extends Command
             return;
         }
 
-        $currentJson = json_decode($exporterService->handle($egg->id));
+        $ext = strtolower(pathinfo(parse_url($egg->update_url, PHP_URL_PATH), PATHINFO_EXTENSION));
-        unset($currentJson->exported_at);
+        $isYaml = in_array($ext, ['yaml', 'yml']);
 
-        $updatedEgg = file_get_contents($egg->update_url);
+        $local = $isYaml
-        assert($updatedEgg !== false);
+            ? Yaml::parse($exporterService->handle($egg->id, EggFormat::YAML))
-        $updatedJson = json_decode($updatedEgg);
+            : json_decode($exporterService->handle($egg->id, EggFormat::JSON), true);
-        unset($updatedJson->exported_at);
 
-        if (md5(json_encode($currentJson, JSON_THROW_ON_ERROR)) === md5(json_encode($updatedJson, JSON_THROW_ON_ERROR))) {
+        $remote = Http::timeout(5)->connectTimeout(1)->get($egg->update_url);
-            $this->info("$egg->name: Up-to-date");
-            cache()->put("eggs.$egg->uuid.update", false, now()->addHour());
 
-            return;
+        if ($remote->failed()) {
+            throw new Exception("HTTP request returned status code {$remote->status()}");
         }
 
-        $this->warn("$egg->name: Found update");
+        $remote = $remote->body();
-        cache()->put("eggs.$egg->uuid.update", true, now()->addHour());
+        $remote = $isYaml ? Yaml::parse($remote) : json_decode($remote, true);
+
+        unset($local['exported_at'], $remote['exported_at']);
+
+        $localHash = md5(json_encode($local, JSON_THROW_ON_ERROR));
+        $remoteHash = md5(json_encode($remote, JSON_THROW_ON_ERROR));
+
+        $status = $localHash === $remoteHash ? 'Up-to-date' : 'Found update';
+        $this->{($localHash === $remoteHash) ? 'info' : 'warn'}("$egg->name: $status");
+
+        cache()->put("eggs.$egg->uuid.update", $localHash !== $remoteHash, now()->addHour());
     }
 }

app/Console/Commands/Egg/UpdateEggIndexCommand.php

@@ -4,6 +4,7 @@ namespace App\Console\Commands\Egg;
 
 use Exception;
 use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Http;
 
 class UpdateEggIndexCommand extends Command
 {
@@ -12,8 +13,7 @@ class UpdateEggIndexCommand extends Command
     public function handle(): int
     {
         try {
-            $data = file_get_contents('https://raw.githubusercontent.com/pelican-eggs/pelican-eggs.github.io/refs/heads/main/content/pelican.json');
+            $data = Http::timeout(5)->connectTimeout(1)->get(config('panel.cdn.egg_index_url'))->throw()->json();
-            $data = json_decode($data, true, 512, JSON_THROW_ON_ERROR);
         } catch (Exception $exception) {
             $this->error($exception->getMessage());
 

app/Console/Commands/Environment/DatabaseSettingsCommand.php

@@ -6,6 +6,7 @@ use App\Traits\EnvironmentWriterTrait;
 use Illuminate\Console\Command;
 use Illuminate\Contracts\Console\Kernel;
 use Illuminate\Database\DatabaseManager;
+use PDOException;
 
 class DatabaseSettingsCommand extends Command
 {
@@ -105,7 +106,7 @@ class DatabaseSettingsCommand extends Command
                 ]);
 
                 $this->database->connection('_panel_command_test')->getPdo();
-            } catch (\PDOException $exception) {
+            } catch (PDOException $exception) {
                 $this->output->error(sprintf('Unable to connect to the MySQL server using the provided credentials. The error returned was "%s".', $exception->getMessage()));
                 $this->output->error(trans('commands.database_settings.DB_error_2'));
 
@@ -165,7 +166,7 @@ class DatabaseSettingsCommand extends Command
                 ]);
 
                 $this->database->connection('_panel_command_test')->getPdo();
-            } catch (\PDOException $exception) {
+            } catch (PDOException $exception) {
                 $this->output->error(sprintf('Unable to connect to the MariaDB server using the provided credentials. The error returned was "%s".', $exception->getMessage()));
                 $this->output->error(trans('commands.database_settings.DB_error_2'));
 

app/Console/Commands/Environment/EmailSettingsCommand.php

@@ -2,6 +2,7 @@
 
 namespace App\Console\Commands\Environment;
 
+use App\Exceptions\PanelException;
 use App\Traits\EnvironmentWriterTrait;
 use Illuminate\Console\Command;
 
@@ -28,7 +29,7 @@ class EmailSettingsCommand extends Command
     /**
      * Handle command execution.
      *
-     * @throws \App\Exceptions\PanelException
+     * @throws PanelException
      */
     public function handle(): void
     {

app/Console/Commands/Maintenance/CleanServiceBackupFilesCommand.php

@@ -4,8 +4,8 @@ namespace App\Console\Commands\Maintenance;
 
 use Carbon\Carbon;
 use Illuminate\Console\Command;
-use Illuminate\Contracts\Filesystem\Filesystem;
 use Illuminate\Contracts\Filesystem\Factory as FilesystemFactory;
+use Illuminate\Contracts\Filesystem\Filesystem;
 use SplFileInfo;
 
 class CleanServiceBackupFilesCommand extends Command

app/Console/Commands/Maintenance/PruneOrphanedBackupsCommand.php

@@ -5,6 +5,7 @@ namespace App\Console\Commands\Maintenance;
 use App\Models\Backup;
 use Carbon\CarbonImmutable;
 use Illuminate\Console\Command;
+use InvalidArgumentException;
 
 class PruneOrphanedBackupsCommand extends Command
 {
@@ -16,7 +17,7 @@ class PruneOrphanedBackupsCommand extends Command
     {
         $since = $this->option('prune-age') ?? config('backups.prune_age', 360);
         if (!$since || !is_digit($since)) {
-            throw new \InvalidArgumentException('The "--prune-age" argument must be a value greater than 0.');
+            throw new InvalidArgumentException('The "--prune-age" argument must be a value greater than 0.');
         }
 
         $query = Backup::query()

app/Console/Commands/Node/MakeNodeCommand.php

@@ -2,6 +2,7 @@
 
 namespace App\Console\Commands\Node;
 
+use App\Exceptions\Model\DataValidationException;
 use App\Models\Node;
 use Illuminate\Console\Command;
 
@@ -34,7 +35,7 @@ class MakeNodeCommand extends Command
     /**
      * Handle the command execution process.
      *
-     * @throws \App\Exceptions\Model\DataValidationException
+     * @throws DataValidationException
      */
     public function handle(): void
     {

app/Console/Commands/Node/NodeConfigurationCommand.php

@@ -17,7 +17,7 @@ class NodeConfigurationCommand extends Command
     {
         $column = ctype_digit((string) $this->argument('node')) ? 'id' : 'uuid';
 
-        /** @var \App\Models\Node $node */
+        /** @var Node $node */
         $node = Node::query()->where($column, $this->argument('node'))->firstOr(function () {
             $this->error(trans('commands.node_config.error_not_exist'));
 

app/Console/Commands/Overrides/ConfigCacheCommand.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Console\Commands\Overrides;
+
+use Illuminate\Foundation\Console\ConfigCacheCommand as BaseConfigCacheCommand;
+
+class ConfigCacheCommand extends BaseConfigCacheCommand
+{
+    /**
+     * Prevent config from being cached
+     */
+    public function handle()
+    {
+        $this->components->warn('Configuration caching has been disabled.');
+
+        $this->line('  Reason: This application uses dynamic plugins. Caching config');
+        $this->line('  prevents /plugins/config/*.php files from being loaded correctly.');
+    }
+}

app/Console/Commands/Overrides/OptimizeCommand.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Console\Commands\Overrides;
+
+use Illuminate\Foundation\Console\OptimizeCommand as BaseOptimizeCommand;
+
+class OptimizeCommand extends BaseOptimizeCommand
+{
+    /**
+     * Prevent config from being cached
+     *
+     * @return array<string, string>
+     */
+    protected function getOptimizeTasks()
+    {
+        return array_except(parent::getOptimizeTasks(), 'config');
+    }
+}

app/Console/Commands/Plugin/ComposerPluginsCommand.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Console\Commands\Plugin;
+
+use App\Services\Helpers\PluginService;
+use Exception;
+use Illuminate\Console\Command;
+
+class ComposerPluginsCommand extends Command
+{
+    protected $signature = 'p:plugin:composer';
+
+    protected $description = 'Makes sure the needed composer packages for all installed plugins are available.';
+
+    public function handle(PluginService $pluginService): void
+    {
+        try {
+            $pluginService->manageComposerPackages();
+        } catch (Exception $exception) {
+            report($exception);
+
+            $this->error($exception->getMessage());
+        }
+    }
+}

app/Console/Commands/Plugin/DisablePluginCommand.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Console\Commands\Plugin;
+
+use App\Models\Plugin;
+use App\Services\Helpers\PluginService;
+use Illuminate\Console\Command;
+
+class DisablePluginCommand extends Command
+{
+    protected $signature = 'p:plugin:disable {id?}';
+
+    protected $description = 'Disables a plugin';
+
+    public function handle(PluginService $pluginService): void
+    {
+        $id = $this->argument('id') ?? $this->choice('Plugin', Plugin::pluck('name', 'id')->toArray());
+
+        $plugin = Plugin::find(str($id)->lower()->toString());
+
+        if (!$plugin) {
+            $this->error('Plugin does not exist!');
+
+            return;
+        }
+
+        if (!$plugin->canDisable()) {
+            $this->error("Plugin can't be disabled!");
+
+            return;
+        }
+
+        $pluginService->disablePlugin($plugin);
+
+        $this->info('Plugin disabled.');
+    }
+}

app/Console/Commands/Plugin/InstallPluginCommand.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Console\Commands\Plugin;
+
+use App\Enums\PluginStatus;
+use App\Models\Plugin;
+use App\Services\Helpers\PluginService;
+use Exception;
+use Illuminate\Console\Command;
+
+class InstallPluginCommand extends Command
+{
+    protected $signature = 'p:plugin:install {id?}';
+
+    protected $description = 'Installs a plugin';
+
+    public function handle(PluginService $pluginService): void
+    {
+        $id = $this->argument('id') ?? $this->choice('Plugin', Plugin::pluck('name', 'id')->toArray());
+
+        $plugin = Plugin::find(str($id)->lower()->toString());
+
+        if (!$plugin) {
+            $this->error('Plugin does not exist!');
+
+            return;
+        }
+
+        if ($plugin->status !== PluginStatus::NotInstalled) {
+            $this->error('Plugin is already installed!');
+
+            return;
+        }
+
+        try {
+            $pluginService->installPlugin($plugin);
+
+            $this->info('Plugin installed and enabled.');
+        } catch (Exception $exception) {
+            $this->error('Could not install plugin: ' . $exception->getMessage());
+        }
+    }
+}

app/Console/Commands/Plugin/ListPluginsCommand.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Console\Commands\Plugin;
+
+use App\Models\Plugin;
+use Illuminate\Console\Command;
+
+class ListPluginsCommand extends Command
+{
+    protected $signature = 'p:plugin:list';
+
+    protected $description = 'List all installed plugins';
+
+    public function handle(): void
+    {
+        $plugins = Plugin::query()->get(['name', 'author', 'status', 'version', 'panels', 'category']);
+
+        if (count($plugins) < 1) {
+            $this->warn('No plugins installed');
+
+            return;
+        }
+
+        $this->table(['Name', 'Author', 'Status', 'Version', 'Panels', 'Category'], $plugins->toArray());
+
+        $this->output->newLine();
+    }
+}

app/Console/Commands/Plugin/MakePluginCommand.php

@@ -0,0 +1,135 @@
+<?php
+
+namespace App\Console\Commands\Plugin;
+
+use App\Enums\PluginCategory;
+use App\Enums\PluginStatus;
+use Illuminate\Console\Command;
+use Illuminate\Filesystem\Filesystem;
+use Illuminate\Support\Str;
+
+class MakePluginCommand extends Command
+{
+    protected $signature = 'p:plugin:make
+                            {--name=}
+                            {--author=}
+                            {--description=}
+                            {--category=}
+                            {--url=}
+                            {--updateUrl=}
+                            {--panels=}
+                            {--panelVersion=}';
+
+    protected $description = 'Create a new plugin';
+
+    public function __construct(private Filesystem $filesystem)
+    {
+        parent::__construct();
+    }
+
+    public function handle(): void
+    {
+        $name = $this->option('name') ?? $this->ask('Name');
+        $name = preg_replace('/[^A-Za-z0-9 ]/', '', Str::ascii($name));
+
+        $id = Str::slug($name);
+
+        if ($this->filesystem->exists(plugin_path($id))) {
+            $this->error('Plugin with that name already exists!');
+
+            return;
+        }
+
+        $author = $this->option('author') ?? $this->ask('Author', cache('plugin.author'));
+        $author = preg_replace('/[^A-Za-z0-9 ]/', '', Str::ascii($author));
+        cache()->forever('plugin.author', $author);
+
+        $namespace = Str::studly($author) . '\\' . Str::studly($name);
+        $class = Str::studly($name . 'Plugin');
+
+        if (class_exists('\\' . $namespace . '\\' . $class)) {
+            $this->error('Plugin class with that name already exists!');
+
+            return;
+        }
+
+        $this->info('Creating Plugin "' . $name . '" (' . $id . ') by ' . $author);
+
+        $description = $this->option('description') ?? $this->ask('Description (can be empty)');
+
+        $category = $this->option('category') ?? $this->choice('Category', collect(PluginCategory::cases())->mapWithKeys(fn (PluginCategory $category) => [$category->value => $category->getLabel()])->toArray(), PluginCategory::Plugin->value);
+
+        if (!PluginCategory::tryFrom($category)) {
+            $this->error('Unknown plugin category!');
+
+            return;
+        }
+
+        $url = $this->option('url') ?? $this->ask('URL (can be empty)');
+        $updateUrl = $this->option('updateUrl') ?? $this->ask('Update URL (can be empty)');
+
+        $panels = $this->option('panels');
+        if (!$panels) {
+            if ($this->confirm('Should the plugin be available on all panels?', true)) {
+                $panels = null;
+            } else {
+                $panels = $this->choice('Panels (comma separated list)', [
+                    'admin' => 'Admin Area',
+                    'server' => 'Client Area',
+                    'app' => 'Server List',
+                ], multiple: true);
+            }
+        }
+        $panels = is_string($panels) ? explode(',', $panels) : $panels;
+
+        $panelVersion = $this->option('panelVersion');
+        if (!$panelVersion) {
+            $panelVersion = $this->ask('Required panel version (leave empty for no constraint)', config('app.version') === 'canary' ? null : config('app.version'));
+
+            if ($panelVersion && $this->confirm("Should the version constraint be minimal instead of strict? ($panelVersion or higher instead of only $panelVersion)")) {
+                $panelVersion = "^$panelVersion";
+            }
+        }
+
+        $composerPackages = null;
+        // TODO: ask for composer packages?
+
+        // Create base directory
+        $this->filesystem->makeDirectory(plugin_path($id));
+
+        // Write plugin.json
+        $this->filesystem->put(plugin_path($id, 'plugin.json'), json_encode([
+            'id' => $id,
+            'name' => $name,
+            'author' => $author,
+            'version' => '1.0.0',
+            'description' => $description,
+            'category' => $category,
+            'url' => $url,
+            'update_url' => $updateUrl,
+            'namespace' => $namespace,
+            'class' => $class,
+            'panels' => $panels,
+            'panel_version' => $panelVersion,
+            'composer_packages' => $composerPackages,
+            'meta' => [
+                'status' => PluginStatus::Enabled,
+                'status_message' => null,
+            ],
+        ], JSON_THROW_ON_ERROR | JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES));
+
+        // Create src directory and create main class
+        $this->filesystem->makeDirectory(plugin_path($id, 'src'));
+        $this->filesystem->put(plugin_path($id, 'src', $class . '.php'), Str::replace(['$namespace$', '$class$', '$id$'], [$namespace, $class, $id], file_get_contents(__DIR__ . '/Plugin.stub')));
+
+        // Create Providers directory and create service provider
+        $this->filesystem->makeDirectory(plugin_path($id, 'src', 'Providers'));
+        $this->filesystem->put(plugin_path($id, 'src', 'Providers', $class . 'Provider.php'), Str::replace(['$namespace$', '$class$'], [$namespace, $class], file_get_contents(__DIR__ . '/PluginProvider.stub')));
+
+        // Create config directory and create config file
+        $this->filesystem->makeDirectory(plugin_path($id, 'config'));
+        $this->filesystem->put(plugin_path($id, 'config', $id . '.php'), Str::replace(['$name$'], [$name], file_get_contents(__DIR__ . '/PluginConfig.stub')));
+
+        $this->info('Plugin created.');
+    }
+}

app/Console/Commands/Plugin/Plugin.stub

@@ -0,0 +1,25 @@
+<?php
+
+namespace $namespace$;
+
+use Filament\Contracts\Plugin;
+use Filament\Panel;
+
+class $class$ implements Plugin
+{
+    public function getId(): string
+    {
+        return '$id$';
+    }
+
+    public function register(Panel $panel): void
+    {
+        // Allows you to use any configuration option that is available to the panel.
+        // This includes registering resources, custom pages, themes, render hooks and more.
+    }
+
+    public function boot(Panel $panel): void
+    {
+        // Is run only when the panel that the plugin is being registered to is actually in-use. It is executed by a middleware class.
+    }
+}

app/Console/Commands/Plugin/PluginConfig.stub

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    // Config values for $name$
+];

app/Console/Commands/Plugin/PluginProvider.stub

@@ -0,0 +1,18 @@
+<?php
+
+namespace $namespace$\Providers;
+
+use Illuminate\Support\ServiceProvider;
+
+class $class$Provider extends ServiceProvider
+{
+    public function register(): void
+    {
+        //
+    }
+
+    public function boot(): void
+    {
+        //
+    }
+}

app/Console/Commands/Plugin/UninstallPluginCommand.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Console\Commands\Plugin;
+
+use App\Enums\PluginStatus;
+use App\Models\Plugin;
+use App\Services\Helpers\PluginService;
+use Exception;
+use Illuminate\Console\Command;
+
+class UninstallPluginCommand extends Command
+{
+    protected $signature = 'p:plugin:uninstall {id?} {--delete : Delete the plugin files}';
+
+    protected $description = 'Uninstalls a plugin';
+
+    public function handle(PluginService $pluginService): void
+    {
+        $id = $this->argument('id') ?? $this->choice('Plugin', Plugin::pluck('name', 'id')->toArray());
+
+        $plugin = Plugin::find(str($id)->lower()->toString());
+
+        if (!$plugin) {
+            $this->error('Plugin does not exist!');
+
+            return;
+        }
+
+        if ($plugin->status === PluginStatus::NotInstalled) {
+            $this->error('Plugin is not installed!');
+
+            return;
+        }
+
+        $deleteFiles = $this->option('delete');
+        if ($this->input->isInteractive() && !$deleteFiles) {
+            $deleteFiles = $this->confirm('Do you also want to delete the plugin files?');
+        }
+
+        try {
+            $pluginService->uninstallPlugin($plugin, $deleteFiles);
+
+            $this->info('Plugin uninstalled' . ($deleteFiles ? ' and files deleted' : '') . '.');
+        } catch (Exception $exception) {
+            $this->error('Could not uninstall plugin: ' . $exception->getMessage());
+        }
+    }
+}

app/Console/Commands/Plugin/UpdatePluginCommand.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Console\Commands\Plugin;
+
+use App\Models\Plugin;
+use App\Services\Helpers\PluginService;
+use Exception;
+use Illuminate\Console\Command;
+
+class UpdatePluginCommand extends Command
+{
+    protected $signature = 'p:plugin:update {id?}';
+
+    protected $description = 'Updates a plugin';
+
+    public function handle(PluginService $pluginService): void
+    {
+        $id = $this->argument('id') ?? $this->choice('Plugin', Plugin::pluck('name', 'id')->toArray());
+
+        $plugin = Plugin::find(str($id)->lower()->toString());
+
+        if (!$plugin) {
+            $this->error('Plugin does not exist!');
+
+            return;
+        }
+
+        if (!$plugin->isUpdateAvailable()) {
+            $this->error("Plugin doesn't need updating!");
+
+            return;
+        }
+
+        try {
+            $pluginService->updatePlugin($plugin);
+
+            $this->info('Plugin updated.');
+        } catch (Exception $exception) {
+            $this->error('Could not update plugin: ' . $exception->getMessage());
+        }
+    }
+}

app/Console/Commands/Schedule/ProcessRunnableCommand.php

@@ -2,10 +2,10 @@
 
 namespace App\Console\Commands\Schedule;
 
-use Illuminate\Console\Command;
 use App\Models\Schedule;
-use Illuminate\Database\Eloquent\Builder;
 use App\Services\Schedules\ProcessScheduleService;
+use Illuminate\Console\Command;
+use Illuminate\Database\Eloquent\Builder;
 use Throwable;
 
 class ProcessRunnableCommand extends Command
@@ -64,7 +64,7 @@ class ProcessRunnableCommand extends Command
         } catch (Throwable $exception) {
             logger()->error($exception, ['schedule_id' => $schedule->id]);
 
-            $this->error(trans('commands.schedule.process.no_tasks') . " #$schedule->id: " . $exception->getMessage());
+            $this->error(trans('commands.schedule.process.error_message', ['schedules' => " #$schedule->id: " . $exception->getMessage()]));
         }
     }
 }

app/Console/Commands/Server/BulkPowerActionCommand.php

@@ -3,12 +3,12 @@
 namespace App\Console\Commands\Server;
 
 use App\Models\Server;
+use App\Repositories\Daemon\DaemonServerRepository;
+use Exception;
 use Illuminate\Console\Command;
 use Illuminate\Database\Eloquent\Builder;
-use Illuminate\Validation\ValidationException;
 use Illuminate\Validation\Factory as ValidatorFactory;
-use App\Repositories\Daemon\DaemonPowerRepository;
+use Illuminate\Validation\ValidationException;
-use Exception;
 
 class BulkPowerActionCommand extends Command
 {
@@ -19,7 +19,7 @@ class BulkPowerActionCommand extends Command
 
     protected $description = 'Perform bulk power management on large groupings of servers or nodes at once.';
 
-    public function handle(DaemonPowerRepository $powerRepository, ValidatorFactory $validator): void
+    public function handle(DaemonServerRepository $serverRepository, ValidatorFactory $validator): void
     {
         $action = $this->argument('action');
         $nodes = empty($this->option('nodes')) ? [] : explode(',', $this->option('nodes'));
@@ -52,7 +52,7 @@ class BulkPowerActionCommand extends Command
 
         $bar = $this->output->createProgressBar($count);
 
-        $this->getQueryBuilder($servers, $nodes)->get()->each(function ($server, int $index) use ($action, $powerRepository, &$bar): mixed {
+        $this->getQueryBuilder($servers, $nodes)->get()->each(function ($server, int $index) use ($action, $serverRepository, &$bar): mixed {
             $bar->clear();
 
             if (!$server instanceof Server) {
@@ -60,7 +60,7 @@ class BulkPowerActionCommand extends Command
             }
 
             try {
-                $powerRepository->setServer($server)->send($action);
+                $serverRepository->setServer($server)->power($action);
             } catch (Exception $exception) {
                 $this->output->error(trans('command/messages.server.power.action_failed', [
                     'name' => $server->name,

app/Console/Commands/UpgradeCommand.php

@@ -1,193 +0,0 @@
-<?php
-
-namespace App\Console\Commands;
-
-use Illuminate\Console\Command;
-use App\Console\Kernel;
-use Symfony\Component\Process\Process;
-use Symfony\Component\Console\Helper\ProgressBar;
-
-class UpgradeCommand extends Command
-{
-    protected const DEFAULT_URL = 'https://github.com/pelican-dev/panel/releases/%s/panel.tar.gz';
-
-    protected $signature = 'p:upgrade
-        {--user= : The user that PHP runs under. All files will be owned by this user.}
-        {--group= : The group that PHP runs under. All files will be owned by this group.}
-        {--url= : The specific archive to download.}
-        {--release= : A specific version to download from GitHub. Leave blank to use latest.}
-        {--skip-download : If set no archive will be downloaded.}';
-
-    protected $description = 'Downloads a new archive from GitHub and then executes the normal upgrade commands.';
-
-    /**
-     * Executes an upgrade command which will run through all of our standard
-     * Panel commands and enable users to basically just download
-     * the archive and execute this and be done.
-     *
-     * This places the application in maintenance mode as well while the commands
-     * are being executed.
-     *
-     * @throws \Exception
-     */
-    public function handle(): void
-    {
-        $skipDownload = $this->option('skip-download');
-        if (!$skipDownload) {
-            $this->output->warning(trans('commands.upgrade.integrity'));
-            $this->output->comment(trans('commands.upgrade.source_url'));
-            $this->line($this->getUrl());
-        }
-
-        $user = 'www-data';
-        $group = 'www-data';
-        if ($this->input->isInteractive()) {
-            if (!$skipDownload) {
-                $skipDownload = !$this->confirm(trans('commands.upgrade.skipDownload'), true);
-            }
-
-            if (is_null($this->option('user'))) {
-                $userDetails = function_exists('posix_getpwuid') ? posix_getpwuid(fileowner('public')) : [];
-                $user = $userDetails['name'] ?? 'www-data';
-
-                $message = trans('commands.upgrade.webserver_user', ['user' => $user]);
-                if (!$this->confirm($message, true)) {
-                    $user = $this->anticipate(
-                        trans('commands.upgrade.name_webserver'),
-                        [
-                            'www-data',
-                            'nginx',
-                            'apache',
-                        ]
-                    );
-                }
-            }
-
-            if (is_null($this->option('group'))) {
-                $groupDetails = function_exists('posix_getgrgid') ? posix_getgrgid(filegroup('public')) : [];
-                $group = $groupDetails['name'] ?? 'www-data';
-
-                $message = trans('commands.upgrade.group_webserver', ['group' => $user]);
-                if (!$this->confirm($message, true)) {
-                    $group = $this->anticipate(
-                        trans('commands.upgrade.group_webserver_question'),
-                        [
-                            'www-data',
-                            'nginx',
-                            'apache',
-                        ]
-                    );
-                }
-            }
-
-            if (!$this->confirm(trans('commands.upgrade.are_your_sure'))) {
-                $this->warn(trans('commands.upgrade.terminated'));
-
-                return;
-            }
-        }
-
-        ini_set('output_buffering', '0');
-        $bar = $this->output->createProgressBar($skipDownload ? 9 : 10);
-        $bar->start();
-
-        if (!$skipDownload) {
-            $this->withProgress($bar, function () {
-                $this->line("\$upgrader> curl -L \"{$this->getUrl()}\" | tar -xzv");
-                $process = Process::fromShellCommandline("curl -L \"{$this->getUrl()}\" | tar -xzv");
-                $process->run(function ($type, $buffer) {
-                    $this->{$type === Process::ERR ? 'error' : 'line'}($buffer);
-                });
-            });
-        }
-
-        $this->withProgress($bar, function () {
-            $this->line('$upgrader> php artisan down');
-            $this->call('down');
-        });
-
-        $this->withProgress($bar, function () {
-            $this->line('$upgrader> chmod -R 755 storage bootstrap/cache');
-            $process = new Process(['chmod', '-R', '755', 'storage', 'bootstrap/cache']);
-            $process->run(function ($type, $buffer) {
-                $this->{$type === Process::ERR ? 'error' : 'line'}($buffer);
-            });
-        });
-
-        $this->withProgress($bar, function () {
-            $command = ['composer', 'install', '--no-ansi'];
-            if (config('app.env') === 'production' && !config('app.debug')) {
-                $command[] = '--optimize-autoloader';
-                $command[] = '--no-dev';
-            }
-
-            $this->line('$upgrader> ' . implode(' ', $command));
-            $process = new Process($command);
-            $process->setTimeout(10 * 60);
-            $process->run(function ($type, $buffer) {
-                $this->line($buffer);
-            });
-        });
-
-        /** @var \Illuminate\Foundation\Application $app */
-        $app = require __DIR__ . '/../../../bootstrap/app.php';
-        /** @var \App\Console\Kernel $kernel */
-        $kernel = $app->make(Kernel::class);
-        $kernel->bootstrap();
-        $this->setLaravel($app);
-
-        $this->withProgress($bar, function () {
-            $this->line('$upgrader> php artisan view:clear');
-            $this->call('view:clear');
-        });
-
-        $this->withProgress($bar, function () {
-            $this->line('$upgrader> php artisan config:clear');
-            $this->call('config:clear');
-        });
-
-        $this->withProgress($bar, function () {
-            $this->line('$upgrader> php artisan migrate --force --seed');
-            $this->call('migrate', ['--force' => true, '--seed' => true]);
-        });
-
-        $this->withProgress($bar, function () use ($user, $group) {
-            $this->line("\$upgrader> chown -R {$user}:{$group} *");
-            $process = Process::fromShellCommandline("chown -R {$user}:{$group} *", $this->getLaravel()->basePath());
-            $process->setTimeout(10 * 60);
-            $process->run(function ($type, $buffer) {
-                $this->{$type === Process::ERR ? 'error' : 'line'}($buffer);
-            });
-        });
-
-        $this->withProgress($bar, function () {
-            $this->line('$upgrader> php artisan queue:restart');
-            $this->call('queue:restart');
-        });
-
-        $this->withProgress($bar, function () {
-            $this->line('$upgrader> php artisan up');
-            $this->call('up');
-        });
-
-        $this->newLine(2);
-        $this->info(trans('commands.upgrade.success'));
-    }
-
-    protected function withProgress(ProgressBar $bar, \Closure $callback): void
-    {
-        $bar->clear();
-        $callback();
-        $bar->advance();
-        $bar->display();
-    }
-
-    protected function getUrl(): string
-    {
-        if ($this->option('url')) {
-            return $this->option('url');
-        }
-
-        return sprintf(self::DEFAULT_URL, $this->option('release') ? 'download/v' . $this->option('release') : 'latest/download');
-    }
-}

app/Console/Commands/User/DeleteUserCommand.php

@@ -3,8 +3,8 @@
 namespace App\Console\Commands\User;
 
 use App\Models\User;
-use Webmozart\Assert\Assert;
 use Illuminate\Console\Command;
+use Webmozart\Assert\Assert;
 
 class DeleteUserCommand extends Command
 {
@@ -35,7 +35,7 @@ class DeleteUserCommand extends Command
         if ($this->input->isInteractive()) {
             $tableValues = [];
             foreach ($results as $user) {
-                $tableValues[] = [$user->id, $user->email, $user->name];
+                $tableValues[] = [$user->id, $user->email, $user->username];
             }
 
             $this->table(['User ID', 'Email', 'Name'], $tableValues);

app/Console/Commands/User/DisableTwoFactorCommand.php

@@ -2,6 +2,7 @@
 
 namespace App\Console\Commands\User;
 
+use App\Exceptions\Model\DataValidationException;
 use App\Models\User;
 use Illuminate\Console\Command;
 
@@ -14,20 +15,22 @@ class DisableTwoFactorCommand extends Command
     /**
      * Handle command execution process.
      *
-     * @throws \App\Exceptions\Model\DataValidationException
+     * @throws DataValidationException
      */
     public function handle(): void
     {
         if ($this->input->isInteractive()) {
-            $this->output->warning(trans('command/messages.user.2fa_help_text.0') . trans('command/messages.user.2fa_help_text.1'));
+            $this->output->warning(trans('command/messages.user.2fa_help_text'));
         }
 
         $email = $this->option('email') ?? $this->ask(trans('command/messages.user.ask_email'));
 
-        $user = User::query()->where('email', $email)->firstOrFail();
+        $user = User::where('email', $email)->firstOrFail();
-        $user->use_totp = false;
+        $user->update([
-        $user->totp_secret = null;
+            'mfa_app_secret' => null,
-        $user->save();
+            'mfa_app_recovery_codes' => null,
+            'mfa_email_enabled' => false,
+        ]);
 
         $this->info(trans('command/messages.user.2fa_disabled', ['email' => $user->email]));
     }

app/Console/Commands/User/MakeUserCommand.php

@@ -2,9 +2,10 @@
 
 namespace App\Console\Commands\User;
 
+use App\Exceptions\Model\DataValidationException;
+use App\Services\Users\UserCreationService;
 use Exception;
 use Illuminate\Console\Command;
-use App\Services\Users\UserCreationService;
 use Illuminate\Support\Facades\DB;
 
 class MakeUserCommand extends Command
@@ -25,7 +26,7 @@ class MakeUserCommand extends Command
      * Handle command request to create a new user.
      *
      * @throws Exception
-     * @throws \App\Exceptions\Model\DataValidationException
+     * @throws DataValidationException
      */
     public function handle(): int
     {

app/Contracts/Http/ClientPermissionsRequest.php

@@ -2,12 +2,13 @@
 
 namespace App\Contracts\Http;
 
+use App\Enums\SubuserPermission;
+
 interface ClientPermissionsRequest
 {
     /**
-     * Returns the permissions string indicating which permission should be used to
+     * Returns the permission used to validate that the authenticated user may perform
-     * validate that the authenticated user has permission to perform this action against
+     * this action against the given resource (server).
-     * the given resource (server).
      */
-    public function permission(): string;
+    public function permission(): SubuserPermission|string;
 }

app/Contracts/Plugins/HasPluginSettings.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace App\Contracts\Plugins;
+
+use Filament\Schemas\Components\Component;
+
+interface HasPluginSettings
+{
+    /**
+     * @return Component[]
+     */
+    public function getSettingsForm(): array;
+
+    /**
+     * @param  array<mixed, mixed>  $data
+     */
+    public function saveSettings(array $data): void;
+}

app/Enums/BackupStatus.php

@@ -2,6 +2,7 @@
 
 namespace App\Enums;
 
+use BackedEnum;
 use Filament\Support\Contracts\HasColor;
 use Filament\Support\Contracts\HasIcon;
 use Filament\Support\Contracts\HasLabel;
@@ -12,12 +13,12 @@ enum BackupStatus: string implements HasColor, HasIcon, HasLabel
     case Successful = 'successful';
     case Failed = 'failed';
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
         return match ($this) {
-            self::InProgress => 'tabler-circle-dashed',
+            self::InProgress => TablerIcon::CircleDashed,
-            self::Successful => 'tabler-circle-check',
+            self::Successful => TablerIcon::CircleCheck,
-            self::Failed => 'tabler-circle-x',
+            self::Failed => TablerIcon::CircleX,
         };
     }
 
@@ -32,6 +33,6 @@ enum BackupStatus: string implements HasColor, HasIcon, HasLabel
 
     public function getLabel(): string
     {
-        return str($this->value)->headline();
+        return trans('server/backup.backup_status.' . $this->value);
     }
 }

app/Enums/ContainerStatus.php

@@ -2,6 +2,7 @@
 
 namespace App\Enums;
 
+use BackedEnum;
 use Filament\Support\Contracts\HasColor;
 use Filament\Support\Contracts\HasIcon;
 use Filament\Support\Contracts\HasLabel;
@@ -23,20 +24,20 @@ enum ContainerStatus: string implements HasColor, HasIcon, HasLabel
     // HTTP Based
     case Missing = 'missing';
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
         return match ($this) {
 
-            self::Created => 'tabler-heart-plus',
+            self::Created => TablerIcon::HeartPlus,
-            self::Starting => 'tabler-heart-up',
+            self::Starting => TablerIcon::HeartUp,
-            self::Running => 'tabler-heartbeat',
+            self::Running => TablerIcon::Heartbeat,
-            self::Restarting => 'tabler-heart-bolt',
+            self::Restarting => TablerIcon::HeartBolt,
-            self::Exited => 'tabler-heart-exclamation',
+            self::Exited => TablerIcon::HeartExclamation,
-            self::Paused => 'tabler-heart-pause',
+            self::Paused => TablerIcon::HeartPause,
-            self::Dead, self::Offline => 'tabler-heart-x',
+            self::Dead, self::Offline => TablerIcon::HeartX,
-            self::Removing => 'tabler-heart-down',
+            self::Removing => TablerIcon::HeartDown,
-            self::Missing => 'tabler-heart-search',
+            self::Missing => TablerIcon::HeartSearch,
-            self::Stopping => 'tabler-heart-minus',
+            self::Stopping => TablerIcon::HeartMinus,
         };
     }
 
@@ -68,7 +69,7 @@ enum ContainerStatus: string implements HasColor, HasIcon, HasLabel
 
     public function getLabel(): string
     {
-        return str($this->value)->title();
+        return trans('server/console.status.' . $this->value);
     }
 
     public function isOffline(): bool

app/Enums/CustomRenderHooks.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Enums;
+
+enum CustomRenderHooks: string
+{
+    case FooterStart = 'pelican::footer.start';
+    case FooterEnd = 'pelican::footer.end';
+}

app/Enums/CustomizationKey.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace App\Enums;
+
+enum CustomizationKey: string
+{
+    case ConsoleRows = 'console_rows';
+    case ConsoleFont = 'console_font';
+    case ConsoleFontSize = 'console_font_size';
+    case ConsoleGraphPeriod = 'console_graph_period';
+    case TopNavigation = 'top_navigation';
+    case DashboardLayout = 'dashboard_layout';
+
+    case ButtonStyle = 'button_style';
+    case RedirectToAdmin = 'redirect_to_admin';
+
+    public function getDefaultValue(): string|int|bool
+    {
+        return match ($this) {
+            self::ConsoleRows => 30,
+            self::ConsoleFont => 'monospace',
+            self::ConsoleFontSize => 14,
+            self::ConsoleGraphPeriod => 30,
+            self::TopNavigation => config('panel.filament.default-navigation', 'sidebar'),
+            self::DashboardLayout => 'grid',
+            self::ButtonStyle => true,
+            self::RedirectToAdmin => false,
+        };
+    }
+
+    /** @return array<string, string|int|bool> */
+    public static function getDefaultCustomization(): array
+    {
+        $default = [];
+
+        foreach (self::cases() as $key) {
+            $default[$key->value] = $key->getDefaultValue();
+        }
+
+        return $default;
+    }
+}

app/Enums/EditorLanguages.php

@@ -13,7 +13,7 @@ enum EditorLanguages: string implements HasLabel
     case bat = 'bat';
     case bicep = 'bicep';
     case cameligo = 'cameligo';
-    case coljure = 'coljure';
+    case clojure = 'clojure';
     case coffeescript = 'coffeescript';
     case c = 'c';
     case cpp = 'cpp';

app/Enums/EggFormat.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Enums;
+
+enum EggFormat: string
+{
+    case YAML = 'yaml';
+    case JSON = 'json';
+}

app/Enums/PluginCategory.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Enums;
+
+use BackedEnum;
+use Filament\Support\Contracts\HasIcon;
+use Filament\Support\Contracts\HasLabel;
+
+enum PluginCategory: string implements HasIcon, HasLabel
+{
+    case Plugin = 'plugin';
+    case Theme = 'theme';
+    case Language = 'language';
+
+    public function getIcon(): BackedEnum
+    {
+        return match ($this) {
+            self::Plugin => TablerIcon::Package,
+            self::Theme => TablerIcon::Palette,
+            self::Language => TablerIcon::Language,
+        };
+    }
+
+    public function getLabel(): string
+    {
+        return trans('admin/plugin.category_enum.' . $this->value);
+    }
+}

app/Enums/PluginStatus.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace App\Enums;
+
+use BackedEnum;
+use Filament\Support\Contracts\HasColor;
+use Filament\Support\Contracts\HasIcon;
+use Filament\Support\Contracts\HasLabel;
+
+enum PluginStatus: string implements HasColor, HasIcon, HasLabel
+{
+    case NotInstalled = 'not_installed';
+    case Disabled = 'disabled';
+    case Enabled = 'enabled';
+    case Errored = 'errored';
+    case Incompatible = 'incompatible';
+
+    public function getIcon(): BackedEnum
+    {
+        return match ($this) {
+            self::NotInstalled => TablerIcon::HeartOff,
+            self::Disabled => TablerIcon::HeartX,
+            self::Enabled => TablerIcon::HeartCheck,
+            self::Errored => TablerIcon::HeartBroken,
+            self::Incompatible => TablerIcon::HeartCancel,
+        };
+    }
+
+    public function getColor(): string
+    {
+        return match ($this) {
+            self::NotInstalled => 'gray',
+            self::Disabled => 'warning',
+            self::Enabled => 'success',
+            self::Errored => 'danger',
+            self::Incompatible => 'danger',
+        };
+    }
+
+    public function getLabel(): string
+    {
+        return trans('admin/plugin.status_enum.' . $this->value);
+    }
+}

app/Enums/ResourceLimit.php

@@ -0,0 +1,65 @@
+<?php
+
+namespace App\Enums;
+
+use App\Models\Server;
+use Illuminate\Cache\RateLimiting\Limit;
+use Illuminate\Http\Request;
+use Illuminate\Routing\Middleware\ThrottleRequests;
+use Illuminate\Support\Facades\RateLimiter;
+use Webmozart\Assert\Assert;
+
+/**
+ * A basic resource throttler for individual servers. This is applied in addition
+ * to existing rate limits and allows the code to slow down speedy users that might
+ * be creating resources a little too quickly for comfort. This throttle generally
+ * only applies to creation flows, and not general view/edit/delete flows.
+ */
+enum ResourceLimit: string
+{
+    case Websocket = 'websocket';
+    case AllocationCreate = 'allocation-create';
+    case BackupRestore = 'backup-restore';
+    case DatabaseCreate = 'database-create';
+    case ScheduleCreate = 'schedule-create';
+    case SubuserCreate = 'subuser-create';
+    case FilePull = 'file-pull';
+
+    public function throttleKey(): string
+    {
+        return "api.client:server-resource:{$this->name}";
+    }
+
+    /**
+     * Returns a middleware that will throttle the specific resource by server. This
+     * throttle applies to any user making changes to that resource on the specific
+     * server, it is NOT per-user.
+     */
+    public function middleware(): string
+    {
+        return ThrottleRequests::using($this->throttleKey());
+    }
+
+    public function limit(): Limit
+    {
+        return match ($this) {
+            self::Websocket => Limit::perMinute(5),
+            self::BackupRestore => Limit::perMinutes(15, 3),
+            self::DatabaseCreate => Limit::perMinute(2),
+            self::SubuserCreate => Limit::perMinutes(15, 10),
+            self::FilePull => Limit::perMinutes(10, 5),
+            default => Limit::perMinute(2),
+        };
+    }
+
+    public static function boot(): void
+    {
+        foreach (self::cases() as $case) {
+            RateLimiter::for($case->throttleKey(), function (Request $request) use ($case) {
+                Assert::isInstanceOf($server = $request->route()->parameter('server'), Server::class);
+
+                return $case->limit()->by($server->uuid);
+            });
+        }
+    }
+}

app/Enums/RolePermissionModels.php

@@ -5,6 +5,7 @@ namespace App\Enums;
 enum RolePermissionModels: string
 {
     case ApiKey = 'apiKey';
+    case Allocation = 'allocation';
     case DatabaseHost = 'databaseHost';
     case Database = 'database';
     case Egg = 'egg';
@@ -34,4 +35,9 @@ enum RolePermissionModels: string
     {
         return RolePermissionPrefixes::Update->value . ' ' . $this->value;
     }
+
+    public function delete(): string
+    {
+        return RolePermissionPrefixes::Delete->value . ' ' . $this->value;
+    }
 }

app/Enums/ScheduleStatus.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Enums;
+
+use Filament\Support\Contracts\HasColor;
+use Filament\Support\Contracts\HasLabel;
+
+enum ScheduleStatus: string implements HasColor, HasLabel
+{
+    case Inactive = 'inactive';
+    case Processing = 'processing';
+    case Active = 'active';
+
+    public function getColor(): string
+    {
+        return match ($this) {
+            self::Inactive => 'danger',
+            self::Processing => 'warning',
+            self::Active => 'success',
+        };
+    }
+
+    public function getLabel(): string
+    {
+        return trans('server/schedule.schedule_status.' . $this->value);
+    }
+}

app/Enums/ServerResourceType.php

@@ -2,9 +2,50 @@
 
 namespace App\Enums;
 
-enum ServerResourceType
+use App\Models\Server;
+
+enum ServerResourceType: string
 {
-    case Unit;
+    case Uptime = 'uptime';
-    case Percentage;
+    case CPU = 'cpu_absolute';
-    case Time;
+    case Memory = 'memory_bytes';
+    case Disk = 'disk_bytes';
+
+    case CPULimit = 'cpu';
+    case MemoryLimit = 'memory';
+    case DiskLimit = 'disk';
+
+    /**
+     * @return int resource amount in bytes
+     */
+    public function getResourceAmount(Server $server): int
+    {
+        if ($this->isLimit()) {
+            $resourceAmount = $server->{$this->value} ?? 0;
+
+            if (!$this->isPercentage()) {
+                // Our limits are entered as MiB/ MB so we need to convert them to bytes
+                $resourceAmount *= config('panel.use_binary_prefix') ? 1024 * 1024 : 1000 * 1000;
+            }
+
+            return $resourceAmount;
+        }
+
+        return $server->retrieveResources()[$this->value] ?? 0;
+    }
+
+    public function isLimit(): bool
+    {
+        return $this === ServerResourceType::CPULimit || $this === ServerResourceType::MemoryLimit || $this === ServerResourceType::DiskLimit;
+    }
+
+    public function isTime(): bool
+    {
+        return $this === ServerResourceType::Uptime;
+    }
+
+    public function isPercentage(): bool
+    {
+        return $this === ServerResourceType::CPU || $this === ServerResourceType::CPULimit;
+    }
 }

app/Enums/ServerState.php

@@ -2,28 +2,26 @@
 
 namespace App\Enums;
 
+use BackedEnum;
 use Filament\Support\Contracts\HasColor;
 use Filament\Support\Contracts\HasIcon;
 use Filament\Support\Contracts\HasLabel;
 
 enum ServerState: string implements HasColor, HasIcon, HasLabel
 {
-    case Normal = 'normal';
     case Installing = 'installing';
     case InstallFailed = 'install_failed';
     case ReinstallFailed = 'reinstall_failed';
     case Suspended = 'suspended';
     case RestoringBackup = 'restoring_backup';
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
         return match ($this) {
-            self::Normal => 'tabler-heart',
+            self::Installing => TablerIcon::HeartBolt,
-            self::Installing => 'tabler-heart-bolt',
+            self::InstallFailed, self::ReinstallFailed => TablerIcon::HeartX,
-            self::InstallFailed => 'tabler-heart-x',
+            self::Suspended => TablerIcon::HeartCancel,
-            self::ReinstallFailed => 'tabler-heart-x',
+            self::RestoringBackup => TablerIcon::HeartUp,
-            self::Suspended => 'tabler-heart-cancel',
-            self::RestoringBackup => 'tabler-heart-up',
         };
     }
 
@@ -31,14 +29,13 @@ enum ServerState: string implements HasColor, HasIcon, HasLabel
     {
         if ($hex) {
             return match ($this) {
-                self::Normal, self::Installing, self::RestoringBackup => '#2563EB',
+                self::Installing, self::RestoringBackup => '#2563EB',
                 self::Suspended => '#D97706',
                 self::InstallFailed, self::ReinstallFailed => '#EF4444',
             };
         }
 
         return match ($this) {
-            self::Normal => 'primary',
             self::Installing => 'primary',
             self::InstallFailed => 'danger',
             self::ReinstallFailed => 'danger',

app/Enums/StartupVariableType.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Enums;
+
+enum StartupVariableType: string
+{
+    case Text = 'text';
+    case Number = 'number';
+    case Select = 'select';
+    case Toggle = 'toggle';
+}

app/Enums/StepPosition.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Enums;
+
+enum StepPosition: string
+{
+    case Before = 'before';
+    case After = 'after';
+}

app/Enums/SubuserPermission.php

@@ -0,0 +1,95 @@
+<?php
+
+namespace App\Enums;
+
+use BackedEnum;
+
+enum SubuserPermission: string
+{
+    case WebsocketConnect = 'websocket.connect';
+
+    case ControlConsole = 'control.console';
+    case ControlStart = 'control.start';
+    case ControlStop = 'control.stop';
+    case ControlRestart = 'control.restart';
+
+    case FileRead = 'file.read';
+    case FileReadContent = 'file.read-content';
+    case FileCreate = 'file.create';
+    case FileUpdate = 'file.update';
+    case FileDelete = 'file.delete';
+    case FileArchive = 'file.archive';
+    case FileSftp = 'file.sftp';
+
+    case BackupRead = 'backup.read';
+    case BackupCreate = 'backup.create';
+    case BackupDelete = 'backup.delete';
+    case BackupDownload = 'backup.download';
+    case BackupRestore = 'backup.restore';
+
+    case ScheduleRead = 'schedule.read';
+    case ScheduleCreate = 'schedule.create';
+    case ScheduleUpdate = 'schedule.update';
+    case ScheduleDelete = 'schedule.delete';
+
+    case UserRead = 'user.read';
+    case UserCreate = 'user.create';
+    case UserUpdate = 'user.update';
+    case UserDelete = 'user.delete';
+
+    case DatabaseRead = 'database.read';
+    case DatabaseCreate = 'database.create';
+    case DatabaseUpdate = 'database.update';
+    case DatabaseDelete = 'database.delete';
+    case DatabaseViewPassword = 'database.view-password';
+
+    case AllocationRead = 'allocation.read';
+    case AllocationCreate = 'allocation.create';
+    case AllocationUpdate = 'allocation.update';
+    case AllocationDelete = 'allocation.delete';
+
+    case ActivityRead = 'activity.read';
+
+    case MountRead = 'mount.read';
+    case MountUpdate = 'mount.update';
+
+    case StartupRead = 'startup.read';
+    case StartupUpdate = 'startup.update';
+    case StartupDockerImage = 'startup.docker-image';
+
+    case SettingsRename = 'settings.rename';
+    case SettingsDescription = 'settings.description';
+    case SettingsReinstall = 'settings.reinstall';
+    case SettingsChangeIcon = 'settings.change-icon';
+
+    /** @return string[] */
+    public function split(): array
+    {
+        return explode('.', $this->value, 2);
+    }
+
+    public function isHidden(): bool
+    {
+        return $this === self::WebsocketConnect;
+    }
+
+    public function getIcon(): ?BackedEnum
+    {
+        [$group, $permission] = $this->split();
+
+        return match ($group) {
+            'control' => TablerIcon::Terminal2,
+            'user' => TablerIcon::Users,
+            'file' => TablerIcon::Files,
+            'backup' => TablerIcon::FileZip,
+            'allocation' => TablerIcon::Network,
+            'startup' => TablerIcon::PlayerPlay,
+            'database' => TablerIcon::Database,
+            'schedule' => TablerIcon::Clock,
+            'settings' => TablerIcon::Settings,
+            'activity' => TablerIcon::Stack,
+            'mount' => TablerIcon::LayersLinked,
+            default => null,
+        };
+    }
+}

app/Enums/TabPosition.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace App\Enums;
+
+enum TabPosition: string
+{
+    case Before = 'before';
+    case After = 'after';
+}

app/Enums/WebhookType.php

@@ -2,9 +2,10 @@
 
 namespace App\Enums;
 
-use Filament\Support\Contracts\HasLabel;
+use BackedEnum;
 use Filament\Support\Contracts\HasColor;
 use Filament\Support\Contracts\HasIcon;
+use Filament\Support\Contracts\HasLabel;
 
 enum WebhookType: string implements HasColor, HasIcon, HasLabel
 {
@@ -24,11 +25,11 @@ enum WebhookType: string implements HasColor, HasIcon, HasLabel
         };
     }
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
         return match ($this) {
-            self::Regular => 'tabler-world-www',
+            self::Regular => TablerIcon::WorldWww,
-            self::Discord => 'tabler-brand-discord',
+            self::Discord => TablerIcon::BrandDiscord,
         };
     }
 }

app/Events/ActivityLogged.php

@@ -2,9 +2,9 @@
 
 namespace App\Events;
 
-use Illuminate\Support\Str;
 use App\Models\ActivityLog;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Str;
 
 class ActivityLogged extends Event
 {

app/Events/Auth/ProvidedAuthenticationToken.php

@@ -2,8 +2,8 @@
 
 namespace App\Events\Auth;
 
-use App\Models\User;
 use App\Events\Event;
+use App\Models\User;
 
 class ProvidedAuthenticationToken extends Event
 {

app/Events/User/Deleting.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Events\User;
+
+use App\Events\Event;
+use App\Models\User;
+use Illuminate\Queue\SerializesModels;
+
+class Deleting extends Event
+{
+    use SerializesModels;
+
+    /**
+     * Create a new event instance.
+     */
+    public function __construct(public User $user) {}
+}

app/Events/User/PasswordChanged.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace App\Events\User;
+
+use App\Models\User;
+use Illuminate\Foundation\Events\Dispatchable;
+
+final class PasswordChanged
+{
+    use Dispatchable;
+
+    public function __construct(public readonly User $user) {}
+}

app/Exceptions/DisplayException.php

@@ -4,13 +4,14 @@ namespace App\Exceptions;
 
 use Exception;
 use Filament\Notifications\Notification;
+use Illuminate\Container\Container;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
-use Psr\Log\LoggerInterface;
 use Illuminate\Http\Response;
-use Illuminate\Container\Container;
+use Psr\Log\LoggerInterface;
 use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
+use Throwable;
 
 /**
  * @deprecated
@@ -28,7 +29,7 @@ class DisplayException extends PanelException implements HttpExceptionInterface
     /**
      * DisplayException constructor.
      */
-    public function __construct(string $message, ?\Throwable $previous = null, protected string $level = self::LEVEL_ERROR, int $code = 0)
+    public function __construct(string $message, ?Throwable $previous = null, protected string $level = self::LEVEL_ERROR, int $code = 0)
     {
         parent::__construct($message, $code, $previous);
     }
@@ -79,11 +80,11 @@ class DisplayException extends PanelException implements HttpExceptionInterface
      * Log the exception to the logs using the defined error level only if the previous
      * exception is set.
      *
-     * @throws \Throwable
+     * @throws Throwable
      */
     public function report(): void
     {
-        if (!$this->getPrevious() instanceof \Exception || !Handler::isReportable($this->getPrevious())) {
+        if (!$this->getPrevious() instanceof Exception || !Handler::isReportable($this->getPrevious())) {
             return;
         }
 

app/Exceptions/Handler.php

@@ -2,24 +2,27 @@
 
 namespace App\Exceptions;
 
-use Illuminate\Support\Arr;
+use Exception;
-use Illuminate\Support\Str;
+use Illuminate\Auth\Access\AuthorizationException;
-use Illuminate\Http\JsonResponse;
+use Illuminate\Auth\AuthenticationException;
-use Illuminate\Support\Collection;
 use Illuminate\Container\Container;
 use Illuminate\Database\Connection;
-use Illuminate\Http\RedirectResponse;
-use Illuminate\Foundation\Application;
-use Illuminate\Auth\AuthenticationException;
-use Illuminate\Session\TokenMismatchException;
-use Illuminate\Validation\ValidationException;
-use Symfony\Component\HttpFoundation\Response;
-use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
-use Symfony\Component\HttpKernel\Exception\HttpException;
+use Illuminate\Foundation\Application;
-use Symfony\Component\Mailer\Exception\TransportException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Session\TokenMismatchException;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Str;
+use Illuminate\Validation\ValidationException;
+use PDOException;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
+use Symfony\Component\Mailer\Exception\TransportException;
 use Throwable;
 
 class Handler extends ExceptionHandler
@@ -79,7 +82,7 @@ class Handler extends ExceptionHandler
             $this->dontReport = [];
         }
 
-        $this->reportable(function (\PDOException $ex) {
+        $this->reportable(function (PDOException $ex) {
             $ex = $this->generateCleanedExceptionStack($ex);
         });
 
@@ -88,7 +91,7 @@ class Handler extends ExceptionHandler
         });
     }
 
-    private function generateCleanedExceptionStack(\Throwable $exception): string
+    private function generateCleanedExceptionStack(Throwable $exception): string
     {
         $cleanedStack = '';
         foreach ($exception->getTrace() as $index => $item) {
@@ -117,11 +120,11 @@ class Handler extends ExceptionHandler
     /**
      * Render an exception into an HTTP response.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  Request  $request
      *
-     * @throws \Throwable
+     * @throws Throwable
      */
-    public function render($request, \Throwable $e): Response
+    public function render($request, Throwable $e): Response
     {
         $connections = $this->container->make(Connection::class);
 
@@ -143,7 +146,7 @@ class Handler extends ExceptionHandler
      * Transform a validation exception into a consistent format to be returned for
      * calls to the API.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  Request  $request
      */
     public function invalidJson($request, ValidationException $exception): JsonResponse
     {
@@ -249,7 +252,7 @@ class Handler extends ExceptionHandler
     /**
      * Return an array of exceptions that should not be reported.
      */
-    public static function isReportable(\Exception $exception): bool
+    public static function isReportable(Exception $exception): bool
     {
         return (new self(Container::getInstance()))->shouldReport($exception);
     }
@@ -257,7 +260,7 @@ class Handler extends ExceptionHandler
     /**
      * Convert an authentication exception into an unauthenticated response.
      *
-     * @param  \Illuminate\Http\Request  $request
+     * @param  Request  $request
      */
     protected function unauthenticated($request, AuthenticationException $exception): JsonResponse|RedirectResponse
     {
@@ -291,7 +294,7 @@ class Handler extends ExceptionHandler
      *
      * @return array<mixed>
      */
-    public static function toArray(\Throwable $e): array
+    public static function toArray(Throwable $e): array
     {
         return self::exceptionToArray($e);
     }

app/Exceptions/Http/HttpForbiddenException.php

@@ -4,13 +4,14 @@ namespace App\Exceptions\Http;
 
 use Illuminate\Http\Response;
 use Symfony\Component\HttpKernel\Exception\HttpException;
+use Throwable;
 
 class HttpForbiddenException extends HttpException
 {
     /**
      * HttpForbiddenException constructor.
      */
-    public function __construct(?string $message = null, ?\Throwable $previous = null)
+    public function __construct(?string $message = null, ?Throwable $previous = null)
     {
         parent::__construct(Response::HTTP_FORBIDDEN, $message, $previous);
     }

app/Exceptions/Http/Server/ServerStateConflictException.php

@@ -5,6 +5,7 @@ namespace App\Exceptions\Http\Server;
 use App\Enums\ServerState;
 use App\Models\Server;
 use Symfony\Component\HttpKernel\Exception\ConflictHttpException;
+use Throwable;
 
 class ServerStateConflictException extends ConflictHttpException
 {
@@ -12,7 +13,7 @@ class ServerStateConflictException extends ConflictHttpException
      * Exception thrown when the server is in an unsupported state for API access or
      * certain operations within the codebase.
      */
-    public function __construct(Server $server, ?\Throwable $previous = null)
+    public function __construct(Server $server, ?Throwable $previous = null)
     {
         $message = 'This server is currently in an unsupported state, please try again later.';
         if ($server->isSuspended()) {

app/Exceptions/ManifestDoesNotExistException.php

@@ -1,14 +0,0 @@
-<?php
-
-namespace App\Exceptions;
-
-use Spatie\Ignition\Contracts\Solution;
-use Spatie\Ignition\Contracts\ProvidesSolution;
-
-class ManifestDoesNotExistException extends \Exception implements ProvidesSolution
-{
-    public function getSolution(): Solution
-    {
-        return new Solutions\ManifestDoesNotExistSolution();
-    }
-}

app/Exceptions/Model/DataValidationException.php

@@ -2,11 +2,11 @@
 
 namespace App\Exceptions\Model;
 
-use Illuminate\Support\MessageBag;
-use Illuminate\Database\Eloquent\Model;
-use Illuminate\Contracts\Validation\Validator;
 use App\Exceptions\PanelException;
 use Illuminate\Contracts\Support\MessageProvider;
+use Illuminate\Contracts\Validation\Validator;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\MessageBag;
 use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
 
 class DataValidationException extends PanelException implements HttpExceptionInterface, MessageProvider

app/Exceptions/PanelException.php

@@ -2,4 +2,6 @@
 
 namespace App\Exceptions;
 
-class PanelException extends \Exception {}
+use Exception;
+
+class PanelException extends Exception {}

app/Exceptions/PluginIdMismatchException.php

@@ -0,0 +1,7 @@
+<?php
+
+namespace App\Exceptions;
+
+use Exception;
+
+class PluginIdMismatchException extends Exception {}

app/Exceptions/Service/HasActiveServersException.php

@@ -2,8 +2,8 @@
 
 namespace App\Exceptions\Service;
 
-use Illuminate\Http\Response;
 use App\Exceptions\DisplayException;
+use Illuminate\Http\Response;
 
 class HasActiveServersException extends DisplayException
 {

app/Exceptions/Service/ServiceLimitExceededException.php

@@ -3,6 +3,7 @@
 namespace App\Exceptions\Service;
 
 use App\Exceptions\DisplayException;
+use Throwable;
 
 class ServiceLimitExceededException extends DisplayException
 {
@@ -10,7 +11,7 @@ class ServiceLimitExceededException extends DisplayException
      * Exception thrown when something goes over a defined limit, such as allocated
      * ports, tasks, databases, etc.
      */
-    public function __construct(string $message, ?\Throwable $previous = null)
+    public function __construct(string $message, ?Throwable $previous = null)
     {
         parent::__construct($message, $previous, self::LEVEL_WARNING);
     }

app/Exceptions/Service/User/TwoFactorAuthenticationTokenInvalid.php

@@ -1,17 +0,0 @@
-<?php
-
-namespace App\Exceptions\Service\User;
-
-use App\Exceptions\DisplayException;
-
-class TwoFactorAuthenticationTokenInvalid extends DisplayException
-{
-    public string $title = 'Invalid 2FA Code';
-
-    public string $icon = 'tabler-2fa';
-
-    public function __construct()
-    {
-        parent::__construct('The provided two-factor authentication token was not valid.');
-    }
-}

app/Exceptions/Solutions/ManifestDoesNotExistSolution.php

@@ -1,25 +0,0 @@
-<?php
-
-namespace App\Exceptions\Solutions;
-
-use Spatie\Ignition\Contracts\Solution;
-
-class ManifestDoesNotExistSolution implements Solution
-{
-    public function getSolutionTitle(): string
-    {
-        return "The manifest.json file hasn't been generated yet";
-    }
-
-    public function getSolutionDescription(): string
-    {
-        return 'Run yarn run build:production to build the frontend first.';
-    }
-
-    public function getDocumentationLinks(): array
-    {
-        return [
-            'Docs' => 'https://github.com/pelican/panel/blob/master/package.json',
-        ];
-    }
-}

app/Extensions/Backups/BackupManager.php

@@ -2,15 +2,16 @@
 
 namespace App\Extensions\Backups;
 
-use Closure;
+use App\Extensions\Filesystem\S3Filesystem;
 use Aws\S3\S3Client;
+use Closure;
+use Illuminate\Foundation\Application;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
-use Webmozart\Assert\Assert;
+use InvalidArgumentException;
-use Illuminate\Foundation\Application;
 use League\Flysystem\FilesystemAdapter;
-use App\Extensions\Filesystem\S3Filesystem;
 use League\Flysystem\InMemory\InMemoryFilesystemAdapter;
+use Webmozart\Assert\Assert;
 
 class BackupManager
 {
@@ -64,7 +65,7 @@ class BackupManager
         $config = $this->getConfig($name);
 
         if (empty($config['adapter'])) {
-            throw new \InvalidArgumentException("Backup disk [$name] does not have a configured adapter.");
+            throw new InvalidArgumentException("Backup disk [$name] does not have a configured adapter.");
         }
 
         $adapter = $config['adapter'];
@@ -82,7 +83,7 @@ class BackupManager
             return $instance;
         }
 
-        throw new \InvalidArgumentException("Adapter [$adapter] is not supported.");
+        throw new InvalidArgumentException("Adapter [$adapter] is not supported.");
     }
 
     /**

app/Extensions/Captcha/Schemas/BaseSchema.php

@@ -2,8 +2,8 @@
 
 namespace App\Extensions\Captcha\Schemas;
 
-use Filament\Forms\Components\Component;
 use Filament\Forms\Components\TextInput;
+use Filament\Schemas\Components\Component;
 use Illuminate\Support\Str;
 
 abstract class BaseSchema
@@ -56,9 +56,4 @@ abstract class BaseSchema
                 ->default(env("CAPTCHA_{$id}_SECRET_KEY")),
         ];
     }
-
-    public function verifyDomain(string $hostname, ?string $requestUrl = null): bool
-    {
-        return true;
-    }
 }

app/Extensions/Captcha/Schemas/CaptchaSchemaInterface.php

@@ -2,7 +2,8 @@
 
 namespace App\Extensions\Captcha\Schemas;
 
-use Filament\Forms\Components\Component;
+use BackedEnum;
+use Filament\Schemas\Components\Component;
 
 interface CaptchaSchemaInterface
 {
@@ -24,12 +25,7 @@ interface CaptchaSchemaInterface
      */
     public function getSettingsForm(): array;
 
-    public function getIcon(): ?string;
+    public function getIcon(): null|string|BackedEnum;
 
-    /**
+    public function validateResponse(?string $captchaResponse = null): void;
-     * @return array<string, string|bool>
-     */
-    public function validateResponse(?string $captchaResponse = null): array;
-
-    public function verifyDomain(string $hostname, ?string $requestUrl = null): bool;
 }

app/Extensions/Captcha/Schemas/Turnstile/Rule.php

@@ -4,6 +4,7 @@ namespace App\Extensions\Captcha\Schemas\Turnstile;
 
 use App\Extensions\Captcha\CaptchaService;
 use Closure;
+use Exception;
 use Illuminate\Contracts\Validation\ValidationRule;
 use Illuminate\Support\Facades\App;
 
@@ -11,10 +12,12 @@ class Rule implements ValidationRule
 {
     public function validate(string $attribute, mixed $value, Closure $fail): void
     {
-        $response = App::call(fn (CaptchaService $service) => $service->getActiveSchema()->validateResponse($value));
+        try {
+            App::call(fn (CaptchaService $service) => $service->get('turnstile')->validateResponse($value));
+        } catch (Exception $exception) {
+            report($exception);
 
-        if (!$response['success']) {
+            $fail('Captcha validation failed: ' . $exception->getMessage());
-            $fail($response['message'] ?? 'Unknown error occurred, please try again');
         }
     }
 }

app/Extensions/Captcha/Schemas/Turnstile/TurnstileSchema.php

@@ -2,12 +2,13 @@
 
 namespace App\Extensions\Captcha\Schemas\Turnstile;
 
-use App\Extensions\Captcha\Schemas\CaptchaSchemaInterface;
+use App\Enums\TablerIcon;
 use App\Extensions\Captcha\Schemas\BaseSchema;
+use App\Extensions\Captcha\Schemas\CaptchaSchemaInterface;
+use BackedEnum;
 use Exception;
-use Filament\Forms\Components\Component as BaseComponent;
-use Filament\Forms\Components\Placeholder;
 use Filament\Forms\Components\Toggle;
+use Filament\Infolists\Components\TextEntry;
 use Illuminate\Support\Facades\Http;
 use Illuminate\Support\HtmlString;
 
@@ -23,7 +24,7 @@ class TurnstileSchema extends BaseSchema implements CaptchaSchemaInterface
         return env('CAPTCHA_TURNSTILE_ENABLED', false);
     }
 
-    public function getFormComponent(): BaseComponent
+    public function getFormComponent(): Component
     {
         return Component::make('turnstile');
     }
@@ -39,7 +40,9 @@ class TurnstileSchema extends BaseSchema implements CaptchaSchemaInterface
     }
 
     /**
-     * @return BaseComponent[]
+     * @return \Filament\Support\Components\Component[]
+     *
+     * @throws Exception
      */
     public function getSettingsForm(): array
     {
@@ -48,27 +51,27 @@ class TurnstileSchema extends BaseSchema implements CaptchaSchemaInterface
                 ->label(trans('admin/setting.captcha.verify'))
                 ->columnSpan(2)
                 ->inline(false)
-                ->onIcon('tabler-check')
+                ->onIcon(TablerIcon::Check)
-                ->offIcon('tabler-x')
+                ->offIcon(TablerIcon::X)
                 ->onColor('success')
                 ->offColor('danger')
                 ->default(env('CAPTCHA_TURNSTILE_VERIFY_DOMAIN', true)),
-            Placeholder::make('info')
+            TextEntry::make('info')
                 ->label(trans('admin/setting.captcha.info_label'))
                 ->columnSpan(2)
-                ->content(new HtmlString(trans('admin/setting.captcha.info'))),
+                ->state(new HtmlString(trans('admin/setting.captcha.info'))),
         ]);
     }
 
-    public function getIcon(): ?string
+    public function getIcon(): BackedEnum
     {
-        return 'tabler-brand-cloudflare';
+        return TablerIcon::BrandCloudflare;
     }
 
     /**
-     * @return array<string, string|bool>
+     * @throws Exception
      */
-    public function validateResponse(?string $captchaResponse = null): array
+    public function validateResponse(?string $captchaResponse = null): void
     {
         $captchaResponse ??= request()->get('cf-turnstile-response');
 
@@ -83,22 +86,33 @@ class TurnstileSchema extends BaseSchema implements CaptchaSchemaInterface
             ->post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
                 'secret' => $secret,
                 'response' => $captchaResponse,
-            ]);
+            ])
+            ->json();
 
-        return count($response->json()) ? $response->json() : [
+        if (!$response['success']) {
-            'success' => false,
+            match ($response['error-codes'][0] ?? null) {
-            'message' => 'Unknown error occurred, please try again',
+                'missing-input-secret' => throw new Exception('The secret parameter was not passed.'),
-        ];
+                'invalid-input-secret' => throw new Exception('The secret parameter was invalid, did not exist, or is a testing secret key with a non-testing response.'),
+                'missing-input-response' => throw new Exception('The response parameter (token) was not passed.'),
+                'invalid-input-response' => throw new Exception('The response parameter (token) is invalid or has expired.'),
+                'bad-request' => throw new Exception('The request was rejected because it was malformed.'),
+                'timeout-or-duplicate' => throw new Exception('The response parameter (token) has already been validated before.'),
+                default => throw new Exception('An internal error happened while validating the response.'),
+            };
+        }
+
+        if (!$this->verifyDomain($response['hostname'] ?? '')) {
+            throw new Exception('Domain verification failed.');
+        }
     }
 
-    public function verifyDomain(string $hostname, ?string $requestUrl = null): bool
+    private function verifyDomain(string $hostname): bool
     {
         if (!env('CAPTCHA_TURNSTILE_VERIFY_DOMAIN', true)) {
             return true;
         }
 
-        $requestUrl ??= request()->url;
+        $requestUrl = parse_url(request()->url());
-        $requestUrl = parse_url($requestUrl);
 
         return $hostname === array_get($requestUrl, 'host');
     }

app/Extensions/Features/Schemas/GSLTokenSchema.php

@@ -2,18 +2,19 @@
 
 namespace App\Extensions\Features\Schemas;
 
+use App\Enums\SubuserPermission;
+use App\Enums\TablerIcon;
 use App\Extensions\Features\FeatureSchemaInterface;
 use App\Facades\Activity;
-use App\Models\Permission;
 use App\Models\Server;
 use App\Models\ServerVariable;
-use App\Repositories\Daemon\DaemonPowerRepository;
+use App\Repositories\Daemon\DaemonServerRepository;
 use Closure;
 use Exception;
 use Filament\Actions\Action;
 use Filament\Facades\Filament;
-use Filament\Forms\Components\Placeholder;
 use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
 use Filament\Notifications\Notification;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\Blade;
@@ -36,6 +37,9 @@ class GSLTokenSchema implements FeatureSchemaInterface
         return 'gsl_token';
     }
 
+    /**
+     * @throws Exception
+     */
     public function getAction(): Action
     {
         /** @var Server $server */
@@ -51,9 +55,9 @@ class GSLTokenSchema implements FeatureSchemaInterface
             ->modalHeading('Invalid GSL token')
             ->modalDescription('It seems like your Gameserver Login Token (GSL token) is invalid or has expired.')
             ->modalSubmitActionLabel('Update GSL Token')
-            ->disabledForm(fn () => !auth()->user()->can(Permission::ACTION_STARTUP_UPDATE, $server))
+            ->disabledSchema(fn () => !user()?->can(SubuserPermission::StartupUpdate, $server))
-            ->form([
+            ->schema([
-                Placeholder::make('info')
+                TextEntry::make('info')
                     ->label(new HtmlString(Blade::render('You can either <x-filament::link href="https://steamcommunity.com/dev/managegameservers" target="_blank">generate a new one</x-filament::link> and enter it below or leave the field blank to remove it completely.'))),
                 TextInput::make('gsltoken')
                     ->label('GSL Token')
@@ -70,13 +74,12 @@ class GSLTokenSchema implements FeatureSchemaInterface
                             }
                         },
                     ])
-                    ->hintIcon('tabler-code')
+                    ->hintIcon(TablerIcon::Code, fn () => implode('|', $serverVariable->variable->rules))
                     ->label(fn () => $serverVariable->variable->name)
-                    ->hintIconTooltip(fn () => implode('|', $serverVariable->variable->rules))
                     ->prefix(fn () => '{{' . $serverVariable->variable->env_variable . '}}')
                     ->helperText(fn () => empty($serverVariable->variable->description) ? '—' : $serverVariable->variable->description),
             ])
-            ->action(function (array $data, DaemonPowerRepository $powerRepository) use ($server, $serverVariable) {
+            ->action(function (array $data, DaemonServerRepository $serverRepository) use ($server, $serverVariable) {
                 /** @var Server $server */
                 $server = Filament::getTenant();
                 try {
@@ -98,7 +101,7 @@ class GSLTokenSchema implements FeatureSchemaInterface
                             ->log();
                     }
 
-                    $powerRepository->setServer($server)->send('restart');
+                    $serverRepository->setServer($server)->power('restart');
 
                     Notification::make()
                         ->title('GSL Token updated')

app/Extensions/Features/Schemas/JavaVersionSchema.php

@@ -2,16 +2,16 @@
 
 namespace App\Extensions\Features\Schemas;
 
+use App\Enums\SubuserPermission;
 use App\Extensions\Features\FeatureSchemaInterface;
 use App\Facades\Activity;
-use App\Models\Permission;
 use App\Models\Server;
-use App\Repositories\Daemon\DaemonPowerRepository;
+use App\Repositories\Daemon\DaemonServerRepository;
 use Exception;
 use Filament\Actions\Action;
 use Filament\Facades\Filament;
-use Filament\Forms\Components\Placeholder;
 use Filament\Forms\Components\Select;
+use Filament\Infolists\Components\TextEntry;
 use Filament\Notifications\Notification;
 
 class JavaVersionSchema implements FeatureSchemaInterface
@@ -44,9 +44,9 @@ class JavaVersionSchema implements FeatureSchemaInterface
             ->modalHeading('Unsupported Java Version')
             ->modalDescription('This server is currently running an unsupported version of Java and cannot be started.')
             ->modalSubmitActionLabel('Update Docker Image')
-            ->disabledForm(fn () => !auth()->user()->can(Permission::ACTION_STARTUP_DOCKER_IMAGE, $server))
+            ->disabledSchema(fn () => !user()?->can(SubuserPermission::StartupDockerImage, $server))
-            ->form([
+            ->schema([
-                Placeholder::make('java')
+                TextEntry::make('java')
                     ->label('Please select a supported version from the list below to continue starting the server.'),
                 Select::make('image')
                     ->label('Docker Image')
@@ -56,10 +56,9 @@ class JavaVersionSchema implements FeatureSchemaInterface
                     ->default(fn () => $server->image)
                     ->notIn(fn () => $server->image)
                     ->required()
-                    ->preload()
+                    ->preload(),
-                    ->native(false),
             ])
-            ->action(function (array $data, DaemonPowerRepository $powerRepository) use ($server) {
+            ->action(function (array $data, DaemonServerRepository $serverRepository) use ($server) {
                 try {
                     $new = $data['image'];
                     $original = $server->image;
@@ -71,7 +70,7 @@ class JavaVersionSchema implements FeatureSchemaInterface
                             ->log();
                     }
 
-                    $powerRepository->setServer($server)->send('restart');
+                    $serverRepository->setServer($server)->power('restart');
 
                     Notification::make()
                         ->title('Docker image updated')

app/Extensions/Features/Schemas/MinecraftEulaSchema.php

@@ -5,7 +5,7 @@ namespace App\Extensions\Features\Schemas;
 use App\Extensions\Features\FeatureSchemaInterface;
 use App\Models\Server;
 use App\Repositories\Daemon\DaemonFileRepository;
-use App\Repositories\Daemon\DaemonPowerRepository;
+use App\Repositories\Daemon\DaemonServerRepository;
 use Exception;
 use Filament\Actions\Action;
 use Filament\Facades\Filament;
@@ -35,14 +35,14 @@ class MinecraftEulaSchema implements FeatureSchemaInterface
             ->modalHeading('Minecraft EULA')
             ->modalDescription(new HtmlString(Blade::render('By pressing "I Accept" below you are indicating your agreement to the <x-filament::link href="https://minecraft.net/eula" target="_blank">Minecraft EULA </x-filament::link>.')))
             ->modalSubmitActionLabel('I Accept')
-            ->action(function (DaemonFileRepository $fileRepository, DaemonPowerRepository $powerRepository) {
+            ->action(function (DaemonFileRepository $fileRepository, DaemonServerRepository $serverRepository) {
                 try {
                     /** @var Server $server */
                     $server = Filament::getTenant();
 
                     $fileRepository->setServer($server)->putContent('eula.txt', 'eula=true');
 
-                    $powerRepository->setServer($server)->send('restart');
+                    $serverRepository->setServer($server)->power('restart');
 
                     Notification::make()
                         ->title('Minecraft EULA accepted')

app/Extensions/Features/Schemas/PIDLimitSchema.php

@@ -2,6 +2,7 @@
 
 namespace App\Extensions\Features\Schemas;
 
+use App\Enums\TablerIcon;
 use App\Extensions\Features\FeatureSchemaInterface;
 use Filament\Actions\Action;
 use Illuminate\Support\Facades\Blade;
@@ -31,10 +32,10 @@ class PIDLimitSchema implements FeatureSchemaInterface
     {
         return Action::make($this->getId())
             ->requiresConfirmation()
-            ->icon('tabler-alert-triangle')
+            ->icon(TablerIcon::AlertTriangle)
-            ->modalHeading(fn () => auth()->user()->isAdmin() ? 'Memory or process limit reached...' : 'Possible resource limit reached...')
+            ->modalHeading(fn () => user()?->isAdmin() ? 'Memory or process limit reached...' : 'Possible resource limit reached...')
             ->modalDescription(new HtmlString(Blade::render(
-                auth()->user()->isAdmin() ? <<<'HTML'
+                user()?->isAdmin() ? <<<'HTML'
                     <p>
                         This server has reached the maximum process or memory limit.
                     </p>

app/Extensions/Features/Schemas/SteamDiskSpaceSchema.php

@@ -29,7 +29,7 @@ class SteamDiskSpaceSchema implements FeatureSchemaInterface
             ->requiresConfirmation()
             ->modalHeading('Out of available disk space...')
             ->modalDescription(new HtmlString(Blade::render(
-                auth()->user()->isAdmin() ? <<<'HTML'
+                user()?->isAdmin() ? <<<'HTML'
                     <p>
                         This server has run out of available disk space and cannot complete the install or update
                         process.

app/Extensions/Laravel/Sanctum/NewAccessToken.php

@@ -6,7 +6,7 @@ use App\Models\ApiKey;
 use Laravel\Sanctum\NewAccessToken as SanctumAccessToken;
 
 /**
- * @property \App\Models\ApiKey $accessToken
+ * @property ApiKey $accessToken
  */
 class NewAccessToken extends SanctumAccessToken
 {

app/Extensions/Lcobucci/JWT/Encoding/TimestampDates.php

@@ -2,6 +2,7 @@
 
 namespace App\Extensions\Lcobucci\JWT\Encoding;
 
+use DateTimeImmutable;
 use Lcobucci\JWT\ClaimsFormatter;
 use Lcobucci\JWT\Token\RegisteredClaims;
 
@@ -20,7 +21,7 @@ final class TimestampDates implements ClaimsFormatter
                 continue;
             }
 
-            assert($claims[$claim] instanceof \DateTimeImmutable);
+            assert($claims[$claim] instanceof DateTimeImmutable);
             $claims[$claim] = $claims[$claim]->getTimestamp();
         }
 

app/Extensions/OAuth/OAuthSchemaInterface.php

@@ -2,8 +2,11 @@
 
 namespace App\Extensions\OAuth;
 
-use Filament\Forms\Components\Component;
+use App\Models\User;
-use Filament\Forms\Components\Wizard\Step;
+use BackedEnum;
+use Filament\Schemas\Components\Component;
+use Filament\Schemas\Components\Wizard\Step;
+use Laravel\Socialite\Contracts\User as OAuthUser;
 
 interface OAuthSchemaInterface
 {
@@ -27,9 +30,13 @@ interface OAuthSchemaInterface
     /** @return Step[] */
     public function getSetupSteps(): array;
 
-    public function getIcon(): ?string;
+    public function getIcon(): null|string|BackedEnum;
 
     public function getHexColor(): ?string;
 
     public function isEnabled(): bool;
+
+    public function shouldCreateMissingUser(OAuthUser $user): bool;
+
+    public function shouldLinkMissingUser(User $user, OAuthUser $oauthUser): bool;
 }

app/Extensions/OAuth/OAuthService.php

@@ -2,7 +2,9 @@
 
 namespace App\Extensions\OAuth;
 
+use App\Models\User;
 use Illuminate\Support\Facades\Event;
+use Laravel\Socialite\Contracts\User as OAuthUser;
 use SocialiteProviders\Manager\SocialiteWasCalled;
 
 class OAuthService
@@ -43,4 +45,27 @@ class OAuthService
 
         $this->schemas[$schema->getId()] = $schema;
     }
+
+    public function linkUser(User $user, OAuthSchemaInterface $schema, OAuthUser $oauthUser): User
+    {
+        $oauth = $user->oauth ?? [];
+        $oauth[$schema->getId()] = $oauthUser->getId();
+
+        $user->update(['oauth' => $oauth]);
+
+        return $user->refresh();
+    }
+
+    public function unlinkUser(User $user, OAuthSchemaInterface $schema): User
+    {
+        $oauth = $user->oauth ?? [];
+        if (!isset($oauth[$schema->getId()])) {
+            return $user;
+        }
+
+        unset($oauth[$schema->getId()]);
+        $user->update(['oauth' => $oauth]);
+
+        return $user->refresh();
+    }
 }

app/Extensions/OAuth/Schemas/AuthentikSchema.php

@@ -4,6 +4,10 @@ namespace App\Extensions\OAuth\Schemas;
 
 use Filament\Forms\Components\ColorPicker;
 use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\HtmlString;
 use SocialiteProviders\Authentik\Provider;
 
 final class AuthentikSchema extends OAuthSchema
@@ -20,11 +24,27 @@ final class AuthentikSchema extends OAuthSchema
 
     public function getServiceConfig(): array
     {
-        return [
+        return array_merge(parent::getServiceConfig(), [
             'base_url' => env('OAUTH_AUTHENTIK_BASE_URL'),
-            'client_id' => env('OAUTH_AUTHENTIK_CLIENT_ID'),
+        ]);
-            'client_secret' => env('OAUTH_AUTHENTIK_CLIENT_SECRET'),
+    }
-        ];
+
+    public function getSetupSteps(): array
+    {
+        return array_merge([
+            Step::make('Create Authentik Application')
+                ->schema([
+                    TextEntry::make('create_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p>On your Authentik dashboard select <b>Applications</b>, then select <b>Create with Provider</b>.</p><p>On the creation step select <b>OAuth2/OpenID Provider</b> and on the configure step set <b>Redirect URIs/Origins</b> to the value below.</p>'))),
+                    TextInput::make('_noenv_callback')
+                        ->label('Callback URL')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('/auth/oauth/callback/authentik')),
+                ]),
+        ], parent::getSetupSteps());
     }
 
     public function getSettingsForm(): array

app/Extensions/OAuth/Schemas/BitbucketSchema.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace App\Extensions\OAuth\Schemas;
+
+use App\Enums\TablerIcon;
+use BackedEnum;
+use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\HtmlString;
+
+final class BitbucketSchema extends OAuthSchema
+{
+    public function getId(): string
+    {
+        return 'bitbucket';
+    }
+
+    public function getSetupSteps(): array
+    {
+        return array_merge([
+            Step::make('Register new Bitbucket Consumer')
+                ->schema([
+                    TextEntry::make('create_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud" target="_blank">Bitbucket OAuth Documentation</x-filament::link> and follow the steps in <b>Create a consumer</b>.</p><p>For the <b>Callback URL</b> use the value below.</p>'))),
+                    TextInput::make('_noenv_callback')
+                        ->label('Callback URL')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('/auth/oauth/callback/bitbucket')),
+                ]),
+        ], parent::getSetupSteps());
+    }
+
+    public function getIcon(): BackedEnum
+    {
+        return TablerIcon::BrandBitbucketFilled;
+    }
+
+    public function getHexColor(): string
+    {
+        return '#205081';
+    }
+}

app/Extensions/OAuth/Schemas/CommonSchema.php

@@ -2,13 +2,15 @@
 
 namespace App\Extensions\OAuth\Schemas;
 
+use BackedEnum;
+
 final class CommonSchema extends OAuthSchema
 {
     public function __construct(
         private readonly string $id,
         private readonly ?string $name = null,
         private readonly ?string $configName = null,
-        private readonly ?string $icon = null,
+        private readonly null|string|BackedEnum $icon = null,
         private readonly ?string $hexColor = null,
     ) {}
 
@@ -27,7 +29,7 @@ final class CommonSchema extends OAuthSchema
         return $this->configName ?? parent::getConfigKey();
     }
 
-    public function getIcon(): ?string
+    public function getIcon(): null|string|BackedEnum
     {
         return $this->icon;
     }

app/Extensions/OAuth/Schemas/DiscordSchema.php

@@ -2,13 +2,14 @@
 
 namespace App\Extensions\OAuth\Schemas;
 
-use Filament\Forms\Components\Placeholder;
+use App\Enums\TablerIcon;
+use BackedEnum;
 use Filament\Forms\Components\TextInput;
-use Filament\Forms\Components\Wizard\Step;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\HtmlString;
 use SocialiteProviders\Discord\Provider;
-use Webbingbrasil\FilamentCopyActions\Forms\Actions\CopyAction;
 
 final class DiscordSchema extends OAuthSchema
 {
@@ -27,23 +28,25 @@ final class DiscordSchema extends OAuthSchema
         return array_merge([
             Step::make('Register new Discord OAuth App')
                 ->schema([
-                    Placeholder::make('')
+                    TextEntry::make('create_application')
-                        ->content(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://discord.com/developers/applications" target="_blank">Discord Developer Portal</x-filament::link> and click on <b>New Application</b>. Enter a <b>Name</b> (e.g. your panel name) and click on <b>Create</b>.</p><p>Copy the <b>Client ID</b> and the <b>Client Secret</b> from the OAuth2 tab, you will need them in the final step.</p>'))),
+                        ->hiddenLabel()
-                    Placeholder::make('')
+                        ->state(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://discord.com/developers/applications" target="_blank">Discord Developer Portal</x-filament::link> and click on <b>New Application</b>. Enter a <b>Name</b> (e.g. your panel name) and click on <b>Create</b>.</p><p>Copy the <b>Client ID</b> and the <b>Client Secret</b> from the OAuth2 tab, you will need them in the final step.</p>'))),
-                        ->content(new HtmlString('<p>Under <b>Redirects</b> add the below URL.</p>')),
+                    TextEntry::make('set_redirect')
+                        ->hiddenLabel()
+                        ->state(new HtmlString('<p>Under <b>Redirects</b> add the below URL.</p>')),
                     TextInput::make('_noenv_callback')
                         ->label('Redirect URL')
                         ->dehydrated()
                         ->disabled()
-                        ->hintAction(fn (string $state) => request()->isSecure() ? CopyAction::make()->copyable($state) : null)
+                        ->hintCopy()
                         ->formatStateUsing(fn () => url('/auth/oauth/callback/discord')),
                 ]),
         ], parent::getSetupSteps());
     }
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
-        return 'tabler-brand-discord-f';
+        return TablerIcon::BrandDiscordFilled;
     }
 
     public function getHexColor(): string

app/Extensions/OAuth/Schemas/FacebookSchema.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace App\Extensions\OAuth\Schemas;
+
+use App\Enums\TablerIcon;
+use BackedEnum;
+use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\HtmlString;
+
+final class FacebookSchema extends OAuthSchema
+{
+    public function getId(): string
+    {
+        return 'facebook';
+    }
+
+    public function getSetupSteps(): array
+    {
+        return array_merge([
+            Step::make('Register new Facebook Application')
+                ->schema([
+                    TextEntry::make('create_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://developers.facebook.com/apps" target="_blank">Facebook Developer Dashboard</x-filament::link> and select or create a new app you will use for authentication. Make sure to have "Authenticate and request data from users with Facebook Login" as one of the Use Cases.</p><p>Once selected go to <b>Use Cases</b> and customize "Authenticate and request data from users with Facebook Login", from there go to <b>Settings</b> and add <b>Valid OAuth Redirect URIs</b> using the value below.</p>'))),
+                    TextInput::make('_noenv_callback')
+                        ->label('Valid OAuth Redirect URIs')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('/auth/oauth/callback/facebook')),
+                    TextEntry::make('get_app_info')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p>To obtain the OAuth values go to <b>App Settings > Basic</b>.</p>'))),
+                ]),
+        ], parent::getSetupSteps());
+    }
+
+    public function getIcon(): BackedEnum
+    {
+        return TablerIcon::BrandFacebookFilled;
+    }
+
+    public function getHexColor(): string
+    {
+        return '#1877f2';
+    }
+}

app/Extensions/OAuth/Schemas/GithubSchema.php

@@ -2,12 +2,13 @@
 
 namespace App\Extensions\OAuth\Schemas;
 
-use Filament\Forms\Components\Placeholder;
+use App\Enums\TablerIcon;
+use BackedEnum;
 use Filament\Forms\Components\TextInput;
-use Filament\Forms\Components\Wizard\Step;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\HtmlString;
-use Webbingbrasil\FilamentCopyActions\Forms\Actions\CopyAction;
 
 final class GithubSchema extends OAuthSchema
 {
@@ -19,30 +20,33 @@ final class GithubSchema extends OAuthSchema
     public function getSetupSteps(): array
     {
         return array_merge([
-            Step::make('Register new Github OAuth App')
+            Step::make('Register new GitHub OAuth App')
                 ->schema([
-                    Placeholder::make('')
+                    TextEntry::make('create_application')
-                        ->content(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://github.com/settings/developers" target="_blank">Github Developer Dashboard</x-filament::link>, go to <b>OAuth Apps</b> and click on <b>New OAuth App</b>.</p><p>Enter an <b>Application name</b> (e.g. your panel name), set <b>Homepage URL</b> to your panel url and enter the below url as <b>Authorization callback URL</b>.</p>'))),
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://github.com/settings/developers" target="_blank">GitHub Developer Dashboard</x-filament::link>, go to <b>OAuth Apps</b> and click on <b>New OAuth App</b>.</p><p>Enter an <b>Application name</b> (e.g. your panel name), set <b>Homepage URL</b> to your panel url and enter the below url as <b>Authorization callback URL</b>.</p>'))),
                     TextInput::make('_noenv_callback')
                         ->label('Authorization callback URL')
                         ->dehydrated()
                         ->disabled()
-                        ->hintAction(fn (string $state) => request()->isSecure() ? CopyAction::make()->copyable($state) : null)
+                        ->hintCopy()
                         ->default(fn () => url('/auth/oauth/callback/github')),
-                    Placeholder::make('')
+                    TextEntry::make('register_application')
-                        ->content(new HtmlString('<p>When you filled all fields click on <b>Register application</b>.</p>')),
+                        ->hiddenLabel()
+                        ->state(new HtmlString('<p>When you filled all fields click on <b>Register application</b>.</p>')),
                 ]),
             Step::make('Create Client Secret')
                 ->schema([
-                    Placeholder::make('')
+                    TextEntry::make('create_client_secret')
-                        ->content(new HtmlString('<p>Once you registered your app, generate a new <b>Client Secret</b>.</p><p>You will also need the <b>Client ID</b>.</p>')),
+                        ->hiddenLabel()
+                        ->state(new HtmlString('<p>Once you registered your app, generate a new <b>Client Secret</b>.</p><p>You will also need the <b>Client ID</b>.</p>')),
                 ]),
         ], parent::getSetupSteps());
     }
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
-        return 'tabler-brand-github-f';
+        return TablerIcon::BrandGithubFilled;
     }
 
     public function getHexColor(): string

app/Extensions/OAuth/Schemas/GitlabSchema.php

@@ -2,12 +2,13 @@
 
 namespace App\Extensions\OAuth\Schemas;
 
-use Filament\Forms\Components\Placeholder;
+use App\Enums\TablerIcon;
+use BackedEnum;
 use Filament\Forms\Components\TextInput;
-use Filament\Forms\Components\Wizard\Step;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\HtmlString;
-use Webbingbrasil\FilamentCopyActions\Forms\Actions\CopyAction;
 
 final class GitlabSchema extends OAuthSchema
 {
@@ -41,21 +42,22 @@ final class GitlabSchema extends OAuthSchema
         return array_merge([
             Step::make('Register new Gitlab OAuth App')
                 ->schema([
-                    Placeholder::make('')
+                    TextEntry::make('register_application')
-                        ->content(new HtmlString(Blade::render('Check out the <x-filament::link href="https://docs.gitlab.com/integration/oauth_provider/" target="_blank">Gitlab docs</x-filament::link> on how to create the oauth app.'))),
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('Check out the <x-filament::link href="https://docs.gitlab.com/integration/oauth_provider/" target="_blank">Gitlab docs</x-filament::link> on how to create the oauth app.'))),
                     TextInput::make('_noenv_callback')
                         ->label('Redirect URI')
                         ->dehydrated()
                         ->disabled()
-                        ->hintAction(fn (string $state) => request()->isSecure() ? CopyAction::make()->copyable($state) : null)
+                        ->hintCopy()
                         ->default(fn () => url('/auth/oauth/callback/gitlab')),
                 ]),
         ], parent::getSetupSteps());
     }
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
-        return 'tabler-brand-gitlab';
+        return TablerIcon::BrandGitlab;
     }
 
     public function getHexColor(): string

app/Extensions/OAuth/Schemas/GoogleSchema.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Extensions\OAuth\Schemas;
+
+use App\Enums\TablerIcon;
+use BackedEnum;
+use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\HtmlString;
+
+final class GoogleSchema extends OAuthSchema
+{
+    public function getId(): string
+    {
+        return 'google';
+    }
+
+    public function getSetupSteps(): array
+    {
+        return array_merge([
+            Step::make('Register new OAuth client')
+                ->schema([
+                    TextEntry::make('create_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://console.developers.google.com/" target="_blank">Google API Console</x-filament::link> and create or select the project you want to use.</p><p>Navigate or search <b>Credentials</b>, click on the <b>Create Credentials</b> button and select <b>OAuth client ID</b>. On the Application type select <b>Web Application</b>.</p><p>On <b>Authorized JavaScript origins</b> and <b>Authorized redirect URIs</b> add and use the values below.</p>'))),
+                    TextInput::make('_noenv_origin')
+                        ->label('Authorized JavaScript origins')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('')),
+                    TextInput::make('_noenv_callback')
+                        ->label('Authorized redirect URIs')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('/auth/oauth/callback/google')),
+                    TextEntry::make('register_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString('<p>When you filled all fields click on <b>Create</b>.</p>')),
+                ]),
+        ], parent::getSetupSteps());
+    }
+
+    public function getIcon(): BackedEnum
+    {
+        return TablerIcon::BrandGoogleFilled;
+    }
+
+    public function getHexColor(): string
+    {
+        return '#4285f4';
+    }
+}

app/Extensions/OAuth/Schemas/LinkedinSchema.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace App\Extensions\OAuth\Schemas;
+
+use App\Enums\TablerIcon;
+use BackedEnum;
+use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\HtmlString;
+
+final class LinkedinSchema extends OAuthSchema
+{
+    public function getId(): string
+    {
+        return 'linkedin';
+    }
+
+    public function getSetupSteps(): array
+    {
+        return array_merge([
+            Step::make('Obtain Linkedin App OAuth Config')
+                ->schema([
+                    TextEntry::make('create_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p><x-filament::link href="https://www.linkedin.com/developers/apps/new" target="_blank">Create</x-filament::link> or <x-filament::link href="https://www.linkedin.com/developers/apps" target="_blank">select</x-filament::link> the one you will be using for authentication.</p><p>Select the <b>Auth</b> tab and set <b>Authorized redirect URLs for your app</b> to the value below.</p>'))),
+                    TextInput::make('_noenv_callback')
+                        ->label('Authorized redirect URL')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('/auth/oauth/callback/linkedin')),
+                ]),
+        ], parent::getSetupSteps());
+    }
+
+    public function getIcon(): BackedEnum
+    {
+        return TablerIcon::BrandLinkedinFilled;
+    }
+
+    public function getHexColor(): string
+    {
+        return '#0a66c2';
+    }
+}

app/Extensions/OAuth/Schemas/OAuthSchema.php

@@ -2,11 +2,17 @@
 
 namespace App\Extensions\OAuth\Schemas;
 
+use App\Enums\TablerIcon;
 use App\Extensions\OAuth\OAuthSchemaInterface;
-use Filament\Forms\Components\Component;
+use App\Models\User;
+use BackedEnum;
 use Filament\Forms\Components\TextInput;
-use Filament\Forms\Components\Wizard\Step;
+use Filament\Forms\Components\Toggle;
+use Filament\Schemas\Components\Component;
+use Filament\Schemas\Components\Utilities\Set;
+use Filament\Schemas\Components\Wizard\Step;
 use Illuminate\Support\Str;
+use Laravel\Socialite\Contracts\User as OAuthUser;
 
 abstract class OAuthSchema implements OAuthSchemaInterface
 {
@@ -53,6 +59,28 @@ abstract class OAuthSchema implements OAuthSchemaInterface
                 ->revealable()
                 ->autocomplete(false)
                 ->default(env("OAUTH_{$id}_CLIENT_SECRET")),
+            Toggle::make("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS")
+                ->label(trans('admin/setting.oauth.create_missing_users'))
+                ->columnSpan(2)
+                ->inline(false)
+                ->onIcon(TablerIcon::Check)
+                ->offIcon(TablerIcon::X)
+                ->onColor('success')
+                ->offColor('danger')
+                ->formatStateUsing(fn ($state) => (bool) $state)
+                ->afterStateUpdated(fn ($state, Set $set) => $set("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS", (bool) $state))
+                ->default(env("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS")),
+            Toggle::make("OAUTH_{$id}_SHOULD_LINK_MISSING_USERS")
+                ->label(trans('admin/setting.oauth.link_missing_users'))
+                ->columnSpan(2)
+                ->inline(false)
+                ->onIcon(TablerIcon::Check)
+                ->offIcon(TablerIcon::X)
+                ->onColor('success')
+                ->offColor('danger')
+                ->formatStateUsing(fn ($state) => (bool) $state)
+                ->afterStateUpdated(fn ($state, Set $set) => $set("OAUTH_{$id}_SHOULD_LINK_MISSING_USERS", (bool) $state))
+                ->default(env("OAUTH_{$id}_SHOULD_LINK_MISSING_USERS")),
         ];
     }
 
@@ -80,7 +108,7 @@ abstract class OAuthSchema implements OAuthSchemaInterface
         return "OAUTH_{$id}_ENABLED";
     }
 
-    public function getIcon(): ?string
+    public function getIcon(): null|string|BackedEnum
     {
         return null;
     }
@@ -91,9 +119,21 @@ abstract class OAuthSchema implements OAuthSchemaInterface
     }
 
     public function isEnabled(): bool
+    {
+        return env($this->getConfigKey(), false);
+    }
+
+    public function shouldCreateMissingUser(OAuthUser $user): bool
     {
         $id = Str::upper($this->getId());
 
-        return env("OAUTH_{$id}_ENABLED", false);
+        return env("OAUTH_{$id}_SHOULD_CREATE_MISSING_USERS", false);
+    }
+
+    public function shouldLinkMissingUser(User $user, OAuthUser $oauthUser): bool
+    {
+        $id = Str::upper($this->getId());
+
+        return env("OAUTH_{$id}_SHOULD_LINK_MISSING_USERS", false);
     }
 }

app/Extensions/OAuth/Schemas/SlackSchema.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace App\Extensions\OAuth\Schemas;
+
+use App\Enums\TablerIcon;
+use BackedEnum;
+use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\HtmlString;
+
+final class SlackSchema extends OAuthSchema
+{
+    public function getId(): string
+    {
+        return 'slack';
+    }
+
+    public function getSetupSteps(): array
+    {
+        return array_merge([
+            Step::make('Register new Slack OAuth')
+                ->schema([
+                    TextEntry::make('create_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p><x-filament::link href="https://api.slack.com/apps?new_app=1" target="_blank">Create</x-filament::link> a slack app or <x-filament::link href="https://api.slack.com/apps" target="_blank">select</x-filament::link> the one you will be using for authentication.</p><p>Navigate to the <b>OAuth & Permissions</b> section and configure the <b>Redirect URL</b> using the value below.</p>'))),
+                    TextInput::make('_noenv_callback')
+                        ->label('Redirect URL')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('/auth/oauth/callback/slack')),
+                ]),
+        ], parent::getSetupSteps());
+    }
+
+    public function getIcon(): BackedEnum
+    {
+        return TablerIcon::BrandSlack;
+    }
+
+    public function getHexColor(): string
+    {
+        return '#6ecadc';
+    }
+}

app/Extensions/OAuth/Schemas/SteamSchema.php

@@ -2,9 +2,11 @@
 
 namespace App\Extensions\OAuth\Schemas;
 
-use Filament\Forms\Components\Placeholder;
+use App\Enums\TablerIcon;
+use BackedEnum;
 use Filament\Forms\Components\TextInput;
-use Filament\Forms\Components\Wizard\Step;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\HtmlString;
 use SocialiteProviders\Steam\Provider;
@@ -52,15 +54,16 @@ final class SteamSchema extends OAuthSchema
         return array_merge([
             Step::make('Create API Key')
                 ->schema([
-                    Placeholder::make('')
+                    TextEntry::make('create_api_key')
-                        ->content(new HtmlString(Blade::render('Visit <x-filament::link href="https://steamcommunity.com/dev/apikey" target="_blank">https://steamcommunity.com/dev/apikey</x-filament::link> to generate an API key.'))),
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('Visit <x-filament::link href="https://steamcommunity.com/dev/apikey" target="_blank">https://steamcommunity.com/dev/apikey</x-filament::link> to generate an API key.'))),
                 ]),
         ], parent::getSetupSteps());
     }
 
-    public function getIcon(): string
+    public function getIcon(): BackedEnum
     {
-        return 'tabler-brand-steam-f';
+        return TablerIcon::BrandSteamFilled;
     }
 
     public function getHexColor(): string

app/Extensions/OAuth/Schemas/XSchema.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Extensions\OAuth\Schemas;
+
+use App\Enums\TablerIcon;
+use BackedEnum;
+use Filament\Forms\Components\TextInput;
+use Filament\Infolists\Components\TextEntry;
+use Filament\Schemas\Components\Wizard\Step;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\HtmlString;
+
+final class XSchema extends OAuthSchema
+{
+    public function getId(): string
+    {
+        return 'x';
+    }
+
+    public function getSetupSteps(): array
+    {
+        return array_merge([
+            Step::make('Register new X App')
+                ->schema([
+                    TextEntry::make('create_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString(Blade::render('<p>Visit the <x-filament::link href="https://developer.x.com/en/portal/dashboard" target="_blank">X Developer Dashboard</x-filament::link> and create or select the project app you want to use.</p><p>Go to the app\'s settings and set up <b>User authentication</b> if not yet. Make sure to select <b>Web App</b> as the type of app.</p><p>For the <b>Callback URI / Redirect URL</b> and <b>Website URL</b> set it using the value below.</p>'))),
+                    TextInput::make('_noenv_origin')
+                        ->label('Website URL')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('')),
+                    TextInput::make('_noenv_callback')
+                        ->label('Callback URI / Redirect URL')
+                        ->dehydrated()
+                        ->disabled()
+                        ->hintCopy()
+                        ->default(fn () => url('/auth/oauth/callback/x')),
+                    TextEntry::make('register_application')
+                        ->hiddenLabel()
+                        ->state(new HtmlString('<p>If you have already set this up go to your app\'s <b>Keys and tokens</b> and obtain the Client ID and Secret there.</p>')),
+                ]),
+        ], parent::getSetupSteps());
+    }
+
+    public function getIcon(): BackedEnum
+    {
+        return TablerIcon::BrandX;
+    }
+
+    public function getHexColor(): string
+    {
+        return '#1da1f2';
+    }
+}