Skip to content

[#472] Refactor web flow to explicit response pipeline#477

Merged
armanist merged 10 commits into
quantum-php:masterfrom
armanist:issue/472-web-flow-refactor
Apr 29, 2026
Merged

[#472] Refactor web flow to explicit response pipeline#477
armanist merged 10 commits into
quantum-php:masterfrom
armanist:issue/472-web-flow-refactor

Conversation

@armanist

@armanist armanist commented Apr 28, 2026

Copy link
Copy Markdown
Collaborator

Closes #472

Summary by CodeRabbit

  • New Features

    • Standardized exit codes for application process handling
  • Refactor

    • Redesigned middleware pipeline to use a terminal/closure model
    • Restructured view caching to return optional cached responses
    • Updated web/console adapters for explicit return paths and immediate OPTIONS handling
    • Consolidated 404 response generation to return Response objects
  • Tests

    • Updated unit tests to match the new middleware and view-cache interfaces
  • Chores

    • Normalized file endings across templates; minor template text/encoding fixes (including footer and Spanish messages)

@coderabbitai

coderabbitai Bot commented Apr 28, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Refactors web and middleware control flow to be return-driven: WebAppAdapter returns and sends Response objects (handles OPTIONS and 404 early), MiddlewareManager uses a terminal Closure pipeline, ViewCache returns nullable Response, ConsoleAppAdapter maps StopExecutionException to an ExitCode fallback.

Changes

Cohort / File(s) Summary
Exit Codes
src/App/Enums/ExitCode.php
Adds final ExitCode class with SUCCESS=0, FAILURE=1, INVALID=2.
App Adapters
src/App/Adapters/ConsoleAppAdapter.php, src/App/Adapters/WebAppAdapter.php
Console start maps StopExecutionException to numeric exit (fallback to ExitCode::SUCCESS); WebAppAdapter made fully return-driven (early OPTIONS/404 returns, cache-hit returns, middleware uses terminal closure).
Middleware Core
src/Middleware/MiddlewareManager.php, src/Middleware/QtMiddleware.php
Pipeline changed to accept Closure $terminal; middlewares now apply(Request, Closure): Response and manager threads terminal closure through chain.
Web Trait & Helpers
src/App/Traits/WebAppTrait.php, src/Http/Helpers/http.php
resolveRoute() now nullable; sendResponse() accepts explicit Response; page_not_found_response() returns a Response instead of side effects and uses request Accept header.
View Cache
src/ResourceCache/ViewCache.php
serveCachedViewgetCachedResponse(string): ?Response returning Response or null.
Templates: Middleware
src/Module/Templates/**/Middlewares/*.php.tpl
All middleware templates updated to new apply(Request, Closure) signature; create local response() and invoke $next($request); newline/formatting fixes.
Tests
tests/Unit/Middleware/..., tests/Unit/ResourceCache/ViewCacheTest.php, tests/Unit/Cron/CronManagerTest.php
Unit tests updated to new middleware signature and terminal closure style; ViewCache test asserts returned Response; minor cron test string fixes.
Misc templates & formatting
many src/Module/Templates/** files, .gitattributes, composer.json
Mostly EOF newline normalization and minor template text fixes; composer.json test script drops --testdox.

Sequence Diagram

sequenceDiagram
    participant Client as Client
    participant WebApp as WebAppAdapter
    participant ViewCache as ViewCache
    participant MiddlewareMgr as MiddlewareManager
    participant Middleware as QtMiddleware
    participant Dispatcher as RouteDispatcher
    participant Server as Server

    Client->>WebApp: HTTP Request
    WebApp->>WebApp: check method (OPTIONS?)
    alt OPTIONS
        WebApp->>Server: send 204 No Content
        WebApp-->>Client: return ExitCode::SUCCESS
    else Normal
        WebApp->>WebApp: resolveRoute()
        WebApp->>ViewCache: getCachedResponse(uri)
        alt cache hit
            ViewCache-->>WebApp: Response
            WebApp->>Server: send Response
            WebApp-->>Client: return ExitCode::SUCCESS
        else cache miss
            WebApp->>MiddlewareMgr: applyMiddlewares(request, $terminal)
            Note over MiddlewareMgr,Middleware: MiddlewareManager builds closure chain
            MiddlewareMgr->>Middleware: invoke first middleware ($next(request))
            Middleware->>MiddlewareMgr: call $next(request)
            MiddlewareMgr->>Dispatcher: $terminal(request) -> dispatch
            Dispatcher-->>MiddlewareMgr: Response
            MiddlewareMgr-->>WebApp: Response
            WebApp->>Server: send Response
            WebApp-->>Client: return ExitCode::SUCCESS
        end
    end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related issues

Possibly related PRs

Suggested labels

help wanted

Suggested reviewers

  • andrey-smaelov
  • live-soft

Poem

🐰 I hopped through middleware lanes,
threading closures in my veins,
no more stops to block the way,
responses hop out bright as day,
ExitCode set — let servers play!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 41.67% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title '[#472] Refactor web flow to explicit response pipeline' clearly describes the main change: refactoring the web flow to use explicit returns instead of stop()/StopExecutionException.
Linked Issues check ✅ Passed The PR implements all major requirements from issue #472: removes stop()/StopExecutionException from normal web flow, makes WebAppAdapter return-driven, updates ViewCache API to getCachedResponse(), refactors middleware signatures, and ensures start() returns 0.
Out of Scope Changes check ✅ Passed The PR includes changes to numerous template files (.tpl) for middleware signature updates and trailing newline normalization, which are consistent with the middleware refactoring scope, plus utility changes (composer.json, .gitattributes) that support the refactor.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov

codecov Bot commented Apr 28, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 91.66667% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.19%. Comparing base (6ac0e5f) to head (47a8bee).
⚠️ Report is 11 commits behind head on master.

Files with missing lines Patch % Lines
src/App/Adapters/WebAppAdapter.php 87.50% 2 Missing ⚠️
src/Http/Helpers/http.php 80.00% 1 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##             master     #477      +/-   ##
============================================
- Coverage     83.20%   83.19%   -0.01%     
  Complexity     2905     2905              
============================================
  Files           251      251              
  Lines          7663     7660       -3     
============================================
- Hits           6376     6373       -3     
  Misses         1287     1287              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a93e296b96

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/Middleware/QtMiddleware.php

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (5)
src/App/Adapters/WebAppAdapter.php (1)

92-93: Minor: Consider null-safe handling for getUri().

The fallback ?? '' on getUri() handles null, but an empty string would still be passed to getCachedResponse(). If getUri() can legitimately return an empty string (e.g., root path /), this may cause unexpected cache behavior.

♻️ Consider explicit handling
-        $terminal = fn ($request) => $this->setupViewCache()->getCachedResponse($request->getUri() ?? '')
+        $terminal = fn ($request) => $this->setupViewCache()->getCachedResponse($request->getUri() ?: '/')

Or ensure getUri() always returns a non-null string for valid requests.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/App/Adapters/WebAppAdapter.php` around lines 92 - 93, The closure
assigned to $terminal uses $request->getUri() with a fallback to '' which can
pass an empty string to setupViewCache()->getCachedResponse() and confuse cache
lookups; update the $terminal logic (the closure, plus calls to
setupViewCache()->getCachedResponse and RouteDispatcher::dispatch) to first
null-safe-check and normalize the request URI (e.g., treat null or empty as '/'
or use the URI path component), then pass that normalized string into
getCachedResponse so cache keys are consistent and root requests are handled
correctly.
src/App/Adapters/ConsoleAppAdapter.php (1)

98-98: Clarify exit code fallback logic.

Using ?: treats 0 as falsy, which is conceptually confusing since exit code 0 represents success. While the result is correct (both values are 0), the intent would be clearer with explicit handling.

♻️ Suggested improvement for clarity
-            return $exception->getCode() ?: ExitCode::SUCCESS;
+            $code = $exception->getCode();
+            return $code !== 0 ? $code : ExitCode::SUCCESS;

Or simply always return the code since the default is already 0:

-            return $exception->getCode() ?: ExitCode::SUCCESS;
+            return $exception->getCode();
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/App/Adapters/ConsoleAppAdapter.php` at line 98, The fallback using the
`?:` operator in the return statement `return $exception->getCode() ?:
ExitCode::SUCCESS;` is misleading because `0` is falsy; change this to
explicitly return the exception code (or cast it) to make the intent
clear—replace with `return (int) $exception->getCode();` in the
ConsoleAppAdapter logic where the exception exit code is returned, or
alternatively assign `$code = $exception->getCode(); return $code;` so the code
path is explicit and unambiguous.
tests/Unit/Middleware/MiddlewareManagerTest.php (2)

121-121: Consider underscore prefix for intentionally unused closure parameters.

The terminal closures have an unused $request parameter (required by contract). Using $_ or $_request would suppress static analysis warnings and signal intent.

♻️ Suggested fix
-            $manager->applyMiddlewares(request(), fn (Request $request): Response => response()->json([]));
+            $manager->applyMiddlewares(request(), fn (Request $_): Response => response()->json([]));

Also applies to: 135-135

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@tests/Unit/Middleware/MiddlewareManagerTest.php` at line 121, The closure
passed into manager->applyMiddlewares uses an unused parameter named $request
which triggers static analysis warnings; rename that parameter to an
underscore-prefixed name like $_request (or $_) in the closure signature used in
the applyMiddlewares call(s) so the unused parameter intent is explicit (apply
the same change for the other occurrence noted in the test).

20-29: Header set on local variable relies on response() singleton behavior.

TestMwTwo sets a header on $response (line 26) but returns the result of $next($request) (line 27). The test assertion on line 86 passes only because response() returns a singleton. While this correctly tests framework behavior, consider adding a brief comment to clarify this implicit coupling for future maintainers.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@tests/Unit/Middleware/MiddlewareManagerTest.php` around lines 20 - 29, The
apply method in class TestMwTwo mutates a Response via the response() helper and
then returns $next($request), relying on response() being a singleton so the
header change is observed; add a short inline comment inside TestMwTwo::apply
(near the response() call / header set) stating that setting the header on the
local $response relies on the response() singleton behavior and that
$next($request) will return the same response instance, to make the implicit
coupling explicit for future maintainers.
src/Middleware/MiddlewareManager.php (1)

72-80: Inconsistent request reference: use the $request parameter instead of request() helper.

Line 74 uses the request() global singleton to retrieve the module namespace, while the method receives $request as a parameter. While the module namespace doesn't change during middleware execution, the method should use its parameter for consistency rather than relying on the global singleton. This makes the dependency explicit and prevents confusion if the code evolves.

♻️ Suggested fix
     private function getMiddleware(Request $request): QtMiddleware
     {
-        $middlewareClass = request()->getModuleBaseNamespace() . '\\' . $this->module . '\\Middlewares\\' . current($this->middlewares);
+        $middlewareClass = $request->getModuleBaseNamespace() . '\\' . $this->module . '\\Middlewares\\' . current($this->middlewares);
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Middleware/MiddlewareManager.php` around lines 72 - 80, In
getMiddleware(Request $request) replace the global helper call
request()->getModuleBaseNamespace() with the method parameter
$request->getModuleBaseNamespace() so the module namespace is retrieved from the
passed-in Request instance (keep the rest of the logic: build $middlewareClass,
class_exists check and throw MiddlewareException::middlewareNotFound, and new
$middlewareClass($request)); this makes getMiddleware use the explicit $request
dependency and avoids the global singleton.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/Http/Helpers/http.php`:
- Around line 128-130: The code reads the Accept header from the response
(response()->getHeader('Accept')) which is incorrect; change it to read the
client's request Accept header (e.g., request()->header('Accept') or
request()->getHeader('Accept')) so $acceptHeader reflects the incoming request,
and keep the $isJson comparison against ContentType::JSON (update the
$acceptHeader assignment and leave the $isJson logic intact).
- Around line 149-152: The page_not_found() wrapper currently discards the
Response from page_not_found_response(), so update page_not_found() to either
return the Response (change signature to return Response and "return
page_not_found_response();") if callers should receive the Response, or actively
send it by invoking the response's send/emission method (e.g.,
"page_not_found_response()->send();") if the function is intended to send output
directly; alternatively, if callers should use page_not_found_response()
directly, mark page_not_found() as deprecated and add a comment indicating
removal. Ensure you reference the page_not_found() and page_not_found_response()
symbols when making the change.

---

Nitpick comments:
In `@src/App/Adapters/ConsoleAppAdapter.php`:
- Line 98: The fallback using the `?:` operator in the return statement `return
$exception->getCode() ?: ExitCode::SUCCESS;` is misleading because `0` is falsy;
change this to explicitly return the exception code (or cast it) to make the
intent clear—replace with `return (int) $exception->getCode();` in the
ConsoleAppAdapter logic where the exception exit code is returned, or
alternatively assign `$code = $exception->getCode(); return $code;` so the code
path is explicit and unambiguous.

In `@src/App/Adapters/WebAppAdapter.php`:
- Around line 92-93: The closure assigned to $terminal uses $request->getUri()
with a fallback to '' which can pass an empty string to
setupViewCache()->getCachedResponse() and confuse cache lookups; update the
$terminal logic (the closure, plus calls to setupViewCache()->getCachedResponse
and RouteDispatcher::dispatch) to first null-safe-check and normalize the
request URI (e.g., treat null or empty as '/' or use the URI path component),
then pass that normalized string into getCachedResponse so cache keys are
consistent and root requests are handled correctly.

In `@src/Middleware/MiddlewareManager.php`:
- Around line 72-80: In getMiddleware(Request $request) replace the global
helper call request()->getModuleBaseNamespace() with the method parameter
$request->getModuleBaseNamespace() so the module namespace is retrieved from the
passed-in Request instance (keep the rest of the logic: build $middlewareClass,
class_exists check and throw MiddlewareException::middlewareNotFound, and new
$middlewareClass($request)); this makes getMiddleware use the explicit $request
dependency and avoids the global singleton.

In `@tests/Unit/Middleware/MiddlewareManagerTest.php`:
- Line 121: The closure passed into manager->applyMiddlewares uses an unused
parameter named $request which triggers static analysis warnings; rename that
parameter to an underscore-prefixed name like $_request (or $_) in the closure
signature used in the applyMiddlewares call(s) so the unused parameter intent is
explicit (apply the same change for the other occurrence noted in the test).
- Around line 20-29: The apply method in class TestMwTwo mutates a Response via
the response() helper and then returns $next($request), relying on response()
being a singleton so the header change is observed; add a short inline comment
inside TestMwTwo::apply (near the response() call / header set) stating that
setting the header on the local $response relies on the response() singleton
behavior and that $next($request) will return the same response instance, to
make the implicit coupling explicit for future maintainers.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2a42fc6d-313c-4eab-892c-7a460937bde7

📥 Commits

Reviewing files that changed from the base of the PR and between 6ac0e5f and a93e296.

📒 Files selected for processing (10)
  • src/App/Adapters/ConsoleAppAdapter.php
  • src/App/Adapters/WebAppAdapter.php
  • src/App/Enums/ExitCode.php
  • src/App/Traits/WebAppTrait.php
  • src/Http/Helpers/http.php
  • src/Middleware/MiddlewareManager.php
  • src/Middleware/QtMiddleware.php
  • src/ResourceCache/ViewCache.php
  • tests/Unit/Middleware/MiddlewareManagerTest.php
  • tests/Unit/ResourceCache/ViewCacheTest.php

Comment thread src/Http/Helpers/http.php Outdated
Comment thread src/Http/Helpers/http.php Outdated
@armanist armanist added bug Something isn't working enhancement New feature or request labels Apr 28, 2026
@armanist armanist added this to the 3.0.0 milestone Apr 28, 2026
@armanist armanist force-pushed the issue/472-web-flow-refactor branch 2 times, most recently from 142c92d to 088ccef Compare April 28, 2026 17:47

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
src/Module/Templates/DemoApi/src/Middlewares/Signout.php.tpl (1)

37-45: ⚠️ Potential issue | 🔴 Critical

Error response is discarded; invalid signout requests still proceed.

When refresh_token is absent, respondWithError(...) must be returned; otherwise the middleware continues to $next($request).

🐛 Proposed fix
         if (!$request->hasHeader('refresh_token')) {
-            $this->respondWithError(
+            return $this->respondWithError(
                 $request,
                 $response,
                 [t('validation.nonExistingRecord', 'token')]
             );
         }

         return $next($request);
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoApi/src/Middlewares/Signout.php.tpl` around lines 37
- 45, The middleware in Signout.php.tpl currently calls
$this->respondWithError(...) when $request->hasHeader('refresh_token') is false
but does not return its response, so processing continues to $next($request);
fix by returning the result of $this->respondWithError(...) when the header is
missing (i.e., replace the current call with a return of respondWithError) so
the error response short-circuits the middleware and prevents calling
$next($request).
src/Module/Templates/DemoApi/src/Middlewares/Auth.php.tpl (1)

38-47: ⚠️ Potential issue | 🔴 Critical

Return the unauthorized response instead of continuing the pipeline.

On Line 39, respondWithError(...) is invoked but its return value is ignored, then Line 47 always executes $next($request). This permits unauthenticated requests to pass middleware.

Proposed fix
     public function apply(Request $request, Closure $next): Response
     {
         $response = response();
         if (!auth()->check()) {
-            $this->respondWithError(
+            return $this->respondWithError(
                 $request,
                 $response,
                 t('validation.unauthorizedRequest'),
                 StatusCode::UNAUTHORIZED
             );
         }

         return $next($request);
     }
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoApi/src/Middlewares/Auth.php.tpl` around lines 38 -
47, The middleware currently calls $this->respondWithError(...) when
auth()->check() is false but ignores its return value and always calls return
$next($request), allowing unauthenticated requests through; update the Auth
middleware so that when auth()->check() is false it returns the result of
$this->respondWithError($request, $response,
t('validation.unauthorizedRequest'), StatusCode::UNAUTHORIZED) and only calls
return $next($request) when authentication passes (i.e., keep the existing
auth()->check() condition but change it to return the error response instead of
falling through).
🧹 Nitpick comments (3)
src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl (1)

30-35: Update stale PHPDoc for apply().

The docblock still documents @param Response $response, but the method now only accepts Request $request, Closure $next.

💡 Proposed fix
 /**
  * `@param` Request $request
- * `@param` Response $response
  * `@param` Closure $next
  * `@return` Response
  */
 public function apply(Request $request, Closure $next): Response
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl` around
lines 30 - 35, The PHPDoc for the apply() method is stale: remove the incorrect
"@param Response $response" entry and update the docblock to match the current
signature by documenting "@param Request $request" and "@param Closure $next"
(and keep or adjust the "@return Response" as appropriate). Locate the apply()
method in CreateTable.php.tpl and update its docblock annotations to exactly
reflect the method parameters and return type.
src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl (1)

30-36: Update apply() PHPDoc to match the new signature.

The docblock still documents @param Response $response, but apply() no longer accepts that parameter.

🧹 Proposed fix
 /**
  * `@param` Request $request
- * `@param` Response $response
  * `@param` Closure $next
  * `@return` Response
  */
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl` around lines
30 - 36, The PHPDoc for the apply() method is out of sync: remove the stray
`@param Response $response` entry and update the docblock to reflect the actual
signature of `apply(Request $request, Closure $next): Response` by keeping
`@param Request $request`, ensuring `@param Closure $next` is present, and
keeping `@return Response`; update any type names to match the
imported/fully-qualified types used by the `apply` method.
src/Module/Templates/DemoApi/src/Middlewares/CommentOwner.php.tpl (1)

31-35: Update stale PHPDoc parameters to match the new middleware contract.

The docblock still documents @param Response $response, but the method no longer accepts it. This can mislead generated docs and template users.

Suggested docblock fix
     /**
      * `@param` Request $request
-     * `@param` Response $response
      * `@param` Closure $next
      * `@return` Response
      */
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoApi/src/Middlewares/CommentOwner.php.tpl` around
lines 31 - 35, The PHPDoc in the CommentOwner middleware template is stale: it
lists `@param` Response $response even though the middleware method no longer
accepts a Response argument. Edit the docblock above the middleware method in
CommentOwner.php.tpl to remove the Response param and update the params to match
the current method signature (e.g., keep `@param` Request $request and replace or
add the correct `@param` for the next callable/Closure such as `@param` Closure
$next or `@param` callable $next), and ensure the `@return` tag matches the actual
return type of the method.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/Http/Helpers/http.php`:
- Around line 128-130: $request()->getHeader('Accept') can be an array or a
parameterized string so the strict equality check ($acceptHeader ===
ContentType::JSON) wrongly rejects valid JSON Accept headers; update the logic
around $acceptHeader and $isJson to (1) normalize the header to a string if it's
an array (e.g., implode(',' , $acceptHeader) or use current()), (2) trim and
lowercase it, and (3) set $isJson true when the header contains
'application/json', '+json', or is '*/*' (use strpos/stripos or a regex) while
safely handling null/empty headers—refer to the $acceptHeader variable and
ContentType::JSON constant and replace the equality check with a contains-based
check.

In `@src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl`:
- Line 1: Several PHP template files (for example PostOwner.php.tpl) contain a
UTF-8 BOM before the "<?php" tag which will emit output and break headers;
remove the BOM from each affected template so the file begins exactly with
"<?php". Locate templates in the module template sets (e.g., files like
PostOwner.php.tpl and the other middleware templates) and strip the BOM bytes
(or re-save files as UTF-8 without BOM) ensuring no whitespace or invisible
characters precede the "<?php" opening tag so generated modules do not emit
output.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Auth.php.tpl`:
- Around line 37-41: The unauthenticated branch calls redirect(...) but does not
return it, allowing execution to continue to $next($request); update the
middleware so the redirect response is returned immediately (e.g., change the
unauthenticated branch to return redirect(base_url(true) . '/' . current_lang()
. '/signin');) so that auth()->check(), redirect(...), and $next($request)
behave correctly and request handling stops on redirect.

In `@src/Module/Templates/DemoWeb/src/Middlewares/CommentOwner.php.tpl`:
- Line 1: This PHP template begins with a UTF-8 BOM which can emit output before
headers; open the template containing the "<?php" tag (e.g.,
CommentOwner.php.tpl), remove the BOM so the file is saved as UTF-8 without BOM
and ensure there are no bytes or whitespace before the opening "<?php" tag, then
re-save the file (or convert encoding) so the file starts immediately with
"<?php" to avoid premature output.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl`:
- Around line 37-45: The apply(Request $request, Closure $next): Response method
currently ignores the result of validateRequest and always calls return
$next($request), so validation failures don't short-circuit; change apply to
capture the return value of validateRequest($request, $response) and if it
yields a Response (an error/redirect) return that immediately instead of calling
$next($request); also ensure respondWithError(...) is implemented to return the
redirect/response object (not void) so validateRequest can return it; apply the
same fix to the other apply block at lines ~73-77 that uses
validateRequest/respondWithError.

In `@src/Module/Templates/Toolkit/src/Middlewares/BasicAuth.php.tpl`:
- Line 1: The template files (e.g., the PHP templates starting with the "<?php"
opening tag such as in BasicAuth.php.tpl) contain a leading UTF-8 BOM which
injects hidden bytes into generated output; remove the BOM from this file and
the other affected .tpl templates (DemoApi, DemoWeb, Toolkit sets) so the files
start directly with "<?php" (no invisible characters) to avoid "headers already
sent" issues for redirects, cookies, and sessions. Ensure your editor saves
these templates as UTF-8 without BOM and verify by reopening the files that the
first character is '<' of "<?php" with no preceding bytes.

In `@src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl`:
- Line 1: The template file CreateTable.php.tpl (and other affected templates in
DemoApi, DemoWeb, and Toolkit) contains a UTF-8 BOM before the opening "<?php"
which can emit output early; remove the BOM by re-saving the file(s) as UTF-8
without BOM (strip the 0xEF 0xBB 0xBF bytes) so the first byte is '<', ensure
the opening token is the very first characters in CreateTable.php.tpl, and apply
the same fix to the other ~30 template files; after changing, run a quick check
(or script) that the first bytes of each template are "<?php" to prevent
regressions.

---

Outside diff comments:
In `@src/Module/Templates/DemoApi/src/Middlewares/Auth.php.tpl`:
- Around line 38-47: The middleware currently calls $this->respondWithError(...)
when auth()->check() is false but ignores its return value and always calls
return $next($request), allowing unauthenticated requests through; update the
Auth middleware so that when auth()->check() is false it returns the result of
$this->respondWithError($request, $response,
t('validation.unauthorizedRequest'), StatusCode::UNAUTHORIZED) and only calls
return $next($request) when authentication passes (i.e., keep the existing
auth()->check() condition but change it to return the error response instead of
falling through).

In `@src/Module/Templates/DemoApi/src/Middlewares/Signout.php.tpl`:
- Around line 37-45: The middleware in Signout.php.tpl currently calls
$this->respondWithError(...) when $request->hasHeader('refresh_token') is false
but does not return its response, so processing continues to $next($request);
fix by returning the result of $this->respondWithError(...) when the header is
missing (i.e., replace the current call with a return of respondWithError) so
the error response short-circuits the middleware and prevents calling
$next($request).

---

Nitpick comments:
In `@src/Module/Templates/DemoApi/src/Middlewares/CommentOwner.php.tpl`:
- Around line 31-35: The PHPDoc in the CommentOwner middleware template is
stale: it lists `@param` Response $response even though the middleware method no
longer accepts a Response argument. Edit the docblock above the middleware
method in CommentOwner.php.tpl to remove the Response param and update the
params to match the current method signature (e.g., keep `@param` Request $request
and replace or add the correct `@param` for the next callable/Closure such as
`@param` Closure $next or `@param` callable $next), and ensure the `@return` tag
matches the actual return type of the method.

In `@src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl`:
- Around line 30-36: The PHPDoc for the apply() method is out of sync: remove
the stray `@param Response $response` entry and update the docblock to reflect
the actual signature of `apply(Request $request, Closure $next): Response` by
keeping `@param Request $request`, ensuring `@param Closure $next` is present,
and keeping `@return Response`; update any type names to match the
imported/fully-qualified types used by the `apply` method.

In `@src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl`:
- Around line 30-35: The PHPDoc for the apply() method is stale: remove the
incorrect "@param Response $response" entry and update the docblock to match the
current signature by documenting "@param Request $request" and "@param Closure
$next" (and keep or adjust the "@return Response" as appropriate). Locate the
apply() method in CreateTable.php.tpl and update its docblock annotations to
exactly reflect the method parameters and return type.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b5f1c4f3-f4db-4006-8248-811039406a4c

📥 Commits

Reviewing files that changed from the base of the PR and between a93e296 and 088ccef.

📒 Files selected for processing (32)
  • src/Http/Helpers/http.php
  • src/Module/Templates/DemoApi/src/Middlewares/Activate.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Auth.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Comment.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/CommentOwner.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Editor.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Forget.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Password.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Resend.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Reset.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Signout.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Signup.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Update.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Verify.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Activate.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Auth.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Comment.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/CommentOwner.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Editor.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Guest.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/PostOwner.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Resend.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Reset.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Signup.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Verify.php.tpl
  • src/Module/Templates/Toolkit/src/Middlewares/BasicAuth.php.tpl
  • src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl
  • tests/Unit/Cron/CronManagerTest.php

Comment thread src/Http/Helpers/http.php
Comment thread src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl Outdated
Comment thread src/Module/Templates/DemoWeb/src/Middlewares/Auth.php.tpl
Comment thread src/Module/Templates/DemoWeb/src/Middlewares/CommentOwner.php.tpl Outdated
Comment thread src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl
Comment thread src/Module/Templates/Toolkit/src/Middlewares/BasicAuth.php.tpl Outdated
Comment thread src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl Outdated
Comment thread src/App/Adapters/WebAppAdapter.php Outdated
Comment thread src/App/Enums/ExitCode.php
Comment thread src/Module/Templates/DemoApi/src/Middlewares/Activate.php.tpl Outdated
@armanist armanist requested a review from andrey-smaelov April 29, 2026 06:54

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)
src/Module/Templates/DemoWeb/src/Middlewares/Comment.php.tpl (1)

29-34: ⚠️ Potential issue | 🟡 Minor

Update PHPDoc to match the new apply signature.

The docblock still includes @param Response $response, but apply no longer accepts that parameter. Please sync the annotations to avoid template/API confusion.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Comment.php.tpl` around lines 29
- 34, Update the PHPDoc block above the apply method in Comment.php.tpl to
reflect the current signature of public function apply(Request $request, Closure
$next): Response by removing the now-invalid `@param` Response $response entry
and, if desired, adding a `@return` Response annotation; ensure only `@param`
Request $request and `@param` Closure $next remain (and `@return` Response if
present) so the docblock matches the apply method signature.
src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl (1)

31-37: ⚠️ Potential issue | 🟡 Minor

Update PHPDoc to match the new middleware signature.

On Line 33, @param Response $response is stale after the signature change on Line 37. Please remove it to keep generated docs and IDE hints accurate.

Suggested diff
     /**
      * `@param` Request $request
-     * `@param` Response $response
      * `@param` Closure $next
      * `@return` Response
      */
     public function apply(Request $request, Closure $next): Response
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl` around lines 31
- 37, The PHPDoc for the apply method is out of date: remove the stale "@param
Response $response" line from the docblock above the apply(Request $request,
Closure $next): Response method (the apply method signature) so the docblock
matches the current signature and IDE/type hints are correct; leave the other
tags (Request $request, Closure $next, `@return` Response) intact and ensure
formatting stays valid.
src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl (1)

31-34: ⚠️ Potential issue | 🟡 Minor

Update PHPDoc to match the new middleware signature.

@param Response $response is stale after the signature change and now contradicts apply(Request $request, Closure $next): Response.

Proposed docblock fix
     /**
      * `@param` Request $request
-     * `@param` Response $response
      * `@param` Closure $next
+     * `@return` Response
      */
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl` around lines 31
- 34, The PHPDoc for the middleware is out of sync: remove the stale "@param
Response $response" entry and update the docblock to match the apply(Request
$request, Closure $next): Response signature by listing only "@param Request
$request" and "@param Closure $next" and adding an "@return Response" (or
fully-qualified Response) entry; update the docblock above the apply method
(symbol: apply) in the Update middleware template to reflect these parameter and
return types.
src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl (1)

33-36: ⚠️ Potential issue | 🟡 Minor

Update the apply() PHPDoc to match the new signature.

The docblock still documents @param Response $response, but apply() no longer accepts that parameter.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl` around lines
33 - 36, The PHPDoc for the apply() middleware is out of sync: it still lists
"@param Response $response" even though apply() no longer accepts that
parameter. Edit the apply() docblock (above the apply() method) to remove the
Response parameter and update the `@param` tags to reflect the actual signature
(e.g., Request $request and Closure $next) and adjust or add an `@return` tag to
match the method's return type so the docblock matches the apply() method
declaration.
src/Module/Templates/DemoApi/src/Middlewares/Verify.php.tpl (1)

31-35: ⚠️ Potential issue | 🟡 Minor

Update stale apply() phpdoc parameters.

The docblock still declares @param Response $response, but that parameter was removed from the method signature (Line 37). Please update this here and in sibling middleware templates changed in this PR.

Suggested patch
     /**
      * `@param` Request $request
-     * `@param` Response $response
      * `@param` Closure $next
      * `@return` Response
      */
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoApi/src/Middlewares/Verify.php.tpl` around lines 31
- 35, The apply() method's PHPDoc in Verify.php.tpl is stale: it still lists a
`@param Response $response` which no longer exists in the method signature;
update the docblock for the Verify::apply() method to reflect the current
parameters (remove the Response param and ensure only the actual
parameters—e.g., Request $request and Closure $next—are documented) and make the
same correction in the other middleware templates changed in this PR so all
apply() docblocks match their signatures.
♻️ Duplicate comments (1)
src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl (1)

39-44: ⚠️ Potential issue | 🔴 Critical

Validation failure is still not short-circuiting the middleware chain.

Line 41 calls validateRequest(...) but ignores its returned error response, so invalid POST input can still reach return $next($request) on Line 44. Also, respondWithError(...) (Lines 73-77) must return the redirect Response to support return-driven flow.

Proposed fix
 public function apply(Request $request, Closure $next): Response
 {
     $response = response();
     if ($request->isMethod('post')) {
-        $this->validateRequest($request, $response);
+        if ($errorResponse = $this->validateRequest($request, $response)) {
+            return $errorResponse;
+        }
     }

     return $next($request);
 }
@@
-protected function respondWithError(Request $request, Response $response, $message)
+protected function respondWithError(Request $request, Response $response, $message): Response
 {
     session()->setFlash('error', $message);
-    redirectWith(base_url(true) . '/' . current_lang() . '/account-settings#account_password', $request->all());
+    return redirectWith(base_url(true) . '/' . current_lang() . '/account-settings#account_password', $request->all());
 }

Also applies to: 73-77

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl` around lines
39 - 44, validateRequest(...) currently is called but its response is ignored,
so validation failures don't short-circuit the middleware; update the middleware
flow in the POST branch to capture the return value of validateRequest($request,
$response) and if it is a Response (an error/redirect) return it immediately
instead of calling return $next($request); also modify respondWithError(...) to
return the redirect Response object it builds (instead of void) so callers like
validateRequest can propagate that Response back to the middleware and enable
proper return-driven short-circuiting.
🧹 Nitpick comments (3)
src/Module/Templates/DemoWeb/src/Middlewares/Activate.php.tpl (1)

31-35: Update PHPDoc to match the new apply signature.

Line 33 still documents @param Response $response, but that argument was removed in Line 37. Please sync the docblock with the method signature to avoid IDE/static-analysis drift.

Suggested docblock update
     /**
      * `@param` Request $request
-     * `@param` Response $response
      * `@param` Closure $next
      * `@return` Response
      */
     public function apply(Request $request, Closure $next): Response

Also applies to: 37-37

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Activate.php.tpl` around lines
31 - 35, The PHPDoc for the middleware is out of sync with the new apply method
signature in Activate.php.tpl; update the docblock above the apply method
(method name: apply) to remove the stale "@param Response $response" entry and
ensure the remaining `@param` entries match the actual parameters (Request
$request, Closure $next) and the `@return` tag reflects the method's real return
type (Response|mixed as appropriate) so IDEs and static analysis are accurate.
src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl (1)

39-42: Create the response object only when validation is needed.

On Line 39, $response is only used in the POST validation branch. Moving creation into that branch improves intent and avoids unnecessary work on non-POST requests.

Suggested diff
-        $response = response();
         if ($request->isMethod('post')) {
+            $response = response();
             if ($errorResponse = $this->validateRequest($request, $response)) {
                 return $errorResponse;
             }
         }
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl` around lines 39
- 42, The response object is being created unconditionally but only used for
POST validation; move the response() call inside the POST branch so it is only
constructed when $request->isMethod('post') is true and passed into
validateRequest($request, $response); update the block around validateRequest to
create $response immediately before calling $this->validateRequest and return
$errorResponse as before.
src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl (1)

37-39: Create the response object only in the POST validation path.

$response = response(); is currently allocated for every request but used only when method is POST.

Proposed small optimization
-        $response = response();
         if ($request->isMethod('post')) {
+            $response = response();
             if ($errorResponse = $this->validateRequest($request, $response)) {
                 return $errorResponse;
             }
         }
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl` around lines 37
- 39, The response() object is created unconditionally but only used for POST
validation; move the creation of $response inside the POST branch so it's only
allocated when $request->isMethod('post') is true and then passed into
$this->validateRequest($request, $response); update the code around the
$request->isMethod('post') check to instantiate $response before calling
validateRequest and remove the top-level $response = response() allocation.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/Module/Templates/DemoWeb/src/Views/partials/footer.php.tpl`:
- Line 5: The footer template currently contains mojibake "©" in the line with
"© 2018 - <?php echo date('Y') . ' ' . env('APP_NAME') ?>"; open the footer
template (footer.php.tpl) and replace the corrupted sequence "©" with a proper
copyright mark such as the HTML entity "&copy;" or the Unicode © character so
the line uses "&copy; 2018 - <?php echo date('Y') . ' ' . env('APP_NAME') ?>".

In `@src/Module/Templates/Toolkit/src/resources/lang/es/validation.php.tpl`:
- Around line 4-5: The Spanish validation messages for keys 'nonEmptyJson' and
'uniqueTableName' contain mojibake ("vacío", "único"); replace them with
correctly encoded UTF-8 strings "vacío" and "único" in the template
(validation.php.tpl) and ensure the file is saved in UTF-8 (no BOM) so the
characters render properly for end users.

---

Outside diff comments:
In `@src/Module/Templates/DemoApi/src/Middlewares/Verify.php.tpl`:
- Around line 31-35: The apply() method's PHPDoc in Verify.php.tpl is stale: it
still lists a `@param Response $response` which no longer exists in the method
signature; update the docblock for the Verify::apply() method to reflect the
current parameters (remove the Response param and ensure only the actual
parameters—e.g., Request $request and Closure $next—are documented) and make the
same correction in the other middleware templates changed in this PR so all
apply() docblocks match their signatures.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Comment.php.tpl`:
- Around line 29-34: Update the PHPDoc block above the apply method in
Comment.php.tpl to reflect the current signature of public function
apply(Request $request, Closure $next): Response by removing the now-invalid
`@param` Response $response entry and, if desired, adding a `@return` Response
annotation; ensure only `@param` Request $request and `@param` Closure $next remain
(and `@return` Response if present) so the docblock matches the apply method
signature.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl`:
- Around line 31-37: The PHPDoc for the apply method is out of date: remove the
stale "@param Response $response" line from the docblock above the apply(Request
$request, Closure $next): Response method (the apply method signature) so the
docblock matches the current signature and IDE/type hints are correct; leave the
other tags (Request $request, Closure $next, `@return` Response) intact and ensure
formatting stays valid.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl`:
- Around line 33-36: The PHPDoc for the apply() middleware is out of sync: it
still lists "@param Response $response" even though apply() no longer accepts
that parameter. Edit the apply() docblock (above the apply() method) to remove
the Response parameter and update the `@param` tags to reflect the actual
signature (e.g., Request $request and Closure $next) and adjust or add an
`@return` tag to match the method's return type so the docblock matches the
apply() method declaration.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl`:
- Around line 31-34: The PHPDoc for the middleware is out of sync: remove the
stale "@param Response $response" entry and update the docblock to match the
apply(Request $request, Closure $next): Response signature by listing only
"@param Request $request" and "@param Closure $next" and adding an "@return
Response" (or fully-qualified Response) entry; update the docblock above the
apply method (symbol: apply) in the Update middleware template to reflect these
parameter and return types.

---

Duplicate comments:
In `@src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl`:
- Around line 39-44: validateRequest(...) currently is called but its response
is ignored, so validation failures don't short-circuit the middleware; update
the middleware flow in the POST branch to capture the return value of
validateRequest($request, $response) and if it is a Response (an error/redirect)
return it immediately instead of calling return $next($request); also modify
respondWithError(...) to return the redirect Response object it builds (instead
of void) so callers like validateRequest can propagate that Response back to the
middleware and enable proper return-driven short-circuiting.

---

Nitpick comments:
In `@src/Module/Templates/DemoWeb/src/Middlewares/Activate.php.tpl`:
- Around line 31-35: The PHPDoc for the middleware is out of sync with the new
apply method signature in Activate.php.tpl; update the docblock above the apply
method (method name: apply) to remove the stale "@param Response $response"
entry and ensure the remaining `@param` entries match the actual parameters
(Request $request, Closure $next) and the `@return` tag reflects the method's real
return type (Response|mixed as appropriate) so IDEs and static analysis are
accurate.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl`:
- Around line 39-42: The response object is being created unconditionally but
only used for POST validation; move the response() call inside the POST branch
so it is only constructed when $request->isMethod('post') is true and passed
into validateRequest($request, $response); update the block around
validateRequest to create $response immediately before calling
$this->validateRequest and return $errorResponse as before.

In `@src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl`:
- Around line 37-39: The response() object is created unconditionally but only
used for POST validation; move the creation of $response inside the POST branch
so it's only allocated when $request->isMethod('post') is true and then passed
into $this->validateRequest($request, $response); update the code around the
$request->isMethod('post') check to instantiate $response before calling
validateRequest and remove the top-level $response = response() allocation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 883ed863-8d90-4a10-94d8-c0f0159048b5

📥 Commits

Reviewing files that changed from the base of the PR and between 088ccef and 6c36a23.

📒 Files selected for processing (123)
  • .gitattributes
  • composer.json
  • src/App/Adapters/WebAppAdapter.php
  • src/Module/Templates/DefaultApi/src/Controllers/MainController.php.tpl
  • src/Module/Templates/DefaultApi/src/Controllers/OpenApi/OpenApiController.php.tpl
  • src/Module/Templates/DefaultApi/src/Controllers/OpenApi/OpenApiMainController.php.tpl
  • src/Module/Templates/DefaultApi/src/config/cors.php.tpl
  • src/Module/Templates/DefaultApi/src/routes/routes.php.tpl
  • src/Module/Templates/DefaultWeb/src/Controllers/MainController.php.tpl
  • src/Module/Templates/DefaultWeb/src/Views/index.php.tpl
  • src/Module/Templates/DefaultWeb/src/Views/layouts/main.php.tpl
  • src/Module/Templates/DefaultWeb/src/Views/partials/bubbles.php.tpl
  • src/Module/Templates/DefaultWeb/src/routes/routes.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/AccountController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/AuthController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/BaseController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/OpenApi/OpenApiAuthController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/OpenApi/OpenApiController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/OpenApi/OpenApiPostController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/PostController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/PostManagementController.php.tpl
  • src/Module/Templates/DemoApi/src/Enums/Role.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Activate.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Auth.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Comment.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/CommentOwner.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Editor.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Forget.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Password.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Resend.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Reset.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Signout.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Signup.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Update.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Verify.php.tpl
  • src/Module/Templates/DemoApi/src/Models/Post.php.tpl
  • src/Module/Templates/DemoApi/src/Models/User.php.tpl
  • src/Module/Templates/DemoApi/src/Services/AuthService.php.tpl
  • src/Module/Templates/DemoApi/src/Services/PostService.php.tpl
  • src/Module/Templates/DemoApi/src/Transformers/PostTransformer.php.tpl
  • src/Module/Templates/DemoApi/src/config/auth.php.tpl
  • src/Module/Templates/DemoApi/src/config/cors.php.tpl
  • src/Module/Templates/DemoApi/src/config/database.php.tpl
  • src/Module/Templates/DemoApi/src/routes/routes.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/AccountController.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/AuthController.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/BaseController.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/PageController.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/PostController.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/PostManagementController.php.tpl
  • src/Module/Templates/DemoWeb/src/Enums/Role.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Activate.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Auth.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/BaseMiddleware.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Comment.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/CommentOwner.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Editor.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Forget.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Guest.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Password.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/PostOwner.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Resend.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Reset.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Signup.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Update.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Verify.php.tpl
  • src/Module/Templates/DemoWeb/src/Models/Post.php.tpl
  • src/Module/Templates/DemoWeb/src/Models/User.php.tpl
  • src/Module/Templates/DemoWeb/src/Services/AuthService.php.tpl
  • src/Module/Templates/DemoWeb/src/Services/CommandService.php.tpl
  • src/Module/Templates/DemoWeb/src/Services/PostService.php.tpl
  • src/Module/Templates/DemoWeb/src/Transformers/PostTransformer.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/account/form.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/account/partials/account.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/account/partials/password.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/forget.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/reset.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/signin.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/signup.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/verify.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/layouts/main.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/pages/about.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/pages/index.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/bubbles.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/footer.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/language.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/logo.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/messages/error.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/messages/success.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/navbar.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/search.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/sidebar.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/form.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/my-posts.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/back.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/comment-form.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/comment-item.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/modal.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/my-post-item.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/post-item.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/post.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/single.php.tpl
  • src/Module/Templates/DemoWeb/src/config/auth.php.tpl
  • src/Module/Templates/DemoWeb/src/config/database.php.tpl
  • src/Module/Templates/DemoWeb/src/routes/routes.php.tpl
  • src/Module/Templates/Toolkit/src/Middlewares/BasicAuth.php.tpl
  • src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl
  • src/Module/Templates/Toolkit/src/Views/layouts/iframe.php.tpl
  • src/Module/Templates/Toolkit/src/Views/layouts/main.php.tpl
  • src/Module/Templates/Toolkit/src/Views/pages/database/index.php.tpl
  • src/Module/Templates/Toolkit/src/Views/pages/database/table.php.tpl
  • src/Module/Templates/Toolkit/src/Views/pages/email/index.php.tpl
  • src/Module/Templates/Toolkit/src/Views/pages/logs/index.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/database-row.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/delete-modal.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/email-item.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/jsoneditor-modal.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/navbar.php.tpl
  • src/Module/Templates/Toolkit/src/config/basic_auth.php.tpl
  • src/Module/Templates/Toolkit/src/helpers/toolkit.php.tpl
  • src/Module/Templates/Toolkit/src/resources/lang/es/validation.php.tpl
  • src/Module/Templates/Toolkit/src/routes/routes.php.tpl
💤 Files with no reviewable changes (2)
  • src/Module/Templates/Toolkit/src/Views/pages/email/index.php.tpl
  • src/Module/Templates/Toolkit/src/Views/pages/logs/index.php.tpl
✅ Files skipped from review due to trivial changes (89)
  • src/Module/Templates/DemoWeb/src/routes/routes.php.tpl
  • src/Module/Templates/DemoWeb/src/config/auth.php.tpl
  • src/Module/Templates/DefaultApi/src/Controllers/MainController.php.tpl
  • src/Module/Templates/DemoWeb/src/config/database.php.tpl
  • src/Module/Templates/DefaultWeb/src/Views/layouts/main.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/AuthController.php.tpl
  • src/Module/Templates/DefaultWeb/src/Controllers/MainController.php.tpl
  • src/Module/Templates/DefaultWeb/src/Views/partials/bubbles.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/OpenApi/OpenApiPostController.php.tpl
  • src/Module/Templates/DefaultWeb/src/Views/index.php.tpl
  • src/Module/Templates/DefaultWeb/src/routes/routes.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/BaseController.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/account/partials/password.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/post.php.tpl
  • src/Module/Templates/DemoApi/src/Models/User.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/AccountController.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/layouts/main.php.tpl
  • src/Module/Templates/DemoApi/src/Services/PostService.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/sidebar.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/logo.php.tpl
  • src/Module/Templates/DemoWeb/src/Services/AuthService.php.tpl
  • src/Module/Templates/Toolkit/src/routes/routes.php.tpl
  • src/Module/Templates/DemoWeb/src/Enums/Role.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/OpenApi/OpenApiAuthController.php.tpl
  • src/Module/Templates/DemoApi/src/Enums/Role.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/PostController.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/search.php.tpl
  • src/Module/Templates/DefaultApi/src/Controllers/OpenApi/OpenApiMainController.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/PageController.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/PostManagementController.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/modal.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/pages/about.php.tpl
  • src/Module/Templates/Toolkit/src/Views/layouts/iframe.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/reset.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/my-post-item.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/navbar.php.tpl
  • src/Module/Templates/DemoApi/src/Services/AuthService.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/messages/success.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/signup.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/account/partials/account.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/comment-form.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/verify.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/single.php.tpl
  • src/Module/Templates/DemoApi/src/config/database.php.tpl
  • src/Module/Templates/DemoApi/src/config/cors.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/language.php.tpl
  • src/Module/Templates/DemoWeb/src/Models/Post.php.tpl
  • src/Module/Templates/DemoWeb/src/Services/PostService.php.tpl
  • src/Module/Templates/DemoWeb/src/Controllers/AuthController.php.tpl
  • src/Module/Templates/DemoApi/src/Models/Post.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/AccountController.php.tpl
  • src/Module/Templates/Toolkit/src/Views/pages/database/table.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/post-item.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/PostManagementController.php.tpl
  • src/Module/Templates/Toolkit/src/helpers/toolkit.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/database-row.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/back.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/form.php.tpl
  • src/Module/Templates/Toolkit/src/Views/layouts/main.php.tpl
  • src/Module/Templates/DemoWeb/src/Transformers/PostTransformer.php.tpl
  • src/Module/Templates/DemoWeb/src/Services/CommandService.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/PostController.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/pages/index.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/navbar.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/messages/error.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/signin.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/account/form.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/my-posts.php.tpl
  • src/Module/Templates/Toolkit/src/config/basic_auth.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/jsoneditor-modal.php.tpl
  • src/Module/Templates/DemoWeb/src/Models/User.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/delete-modal.php.tpl
  • src/Module/Templates/DefaultApi/src/routes/routes.php.tpl
  • composer.json
  • src/Module/Templates/DemoApi/src/Transformers/PostTransformer.php.tpl
  • src/Module/Templates/Toolkit/src/Views/partials/email-item.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/auth/forget.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/BaseMiddleware.php.tpl
  • src/Module/Templates/DefaultApi/src/config/cors.php.tpl
  • src/Module/Templates/DefaultApi/src/Controllers/OpenApi/OpenApiController.php.tpl
  • src/Module/Templates/DemoApi/src/routes/routes.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/partials/bubbles.php.tpl
  • src/Module/Templates/DemoApi/src/config/auth.php.tpl
  • .gitattributes
  • src/Module/Templates/DemoWeb/src/Middlewares/Auth.php.tpl
  • src/Module/Templates/DemoWeb/src/Views/post/partials/comment-item.php.tpl
  • src/Module/Templates/Toolkit/src/Views/pages/database/index.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/OpenApi/OpenApiController.php.tpl
  • src/Module/Templates/DemoApi/src/Controllers/BaseController.php.tpl
🚧 Files skipped from review as they are similar to previous changes (21)
  • src/Module/Templates/DemoApi/src/Middlewares/Update.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/PostOwner.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/CommentOwner.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Password.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Reset.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Auth.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Forget.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Signup.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Comment.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Editor.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Signout.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Reset.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Editor.php.tpl
  • src/Module/Templates/DemoApi/src/Middlewares/Resend.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/PostOwner.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Verify.php.tpl
  • src/Module/Templates/Toolkit/src/Middlewares/CreateTable.php.tpl
  • src/Module/Templates/Toolkit/src/Middlewares/BasicAuth.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Guest.php.tpl
  • src/Module/Templates/DemoWeb/src/Middlewares/Resend.php.tpl
  • src/App/Adapters/WebAppAdapter.php

Comment thread src/Module/Templates/DemoWeb/src/Views/partials/footer.php.tpl
Comment thread src/Module/Templates/Toolkit/src/resources/lang/es/validation.php.tpl Outdated
@armanist armanist merged commit 12648d7 into quantum-php:master Apr 29, 2026
7 checks passed
@armanist armanist deleted the issue/472-web-flow-refactor branch April 29, 2026 07:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Refactor WebAppAdapter and web helpers to remove normal stop() usage

2 participants