commit 08-2025

2025-08-12 18:01:59 +02:00 · 2025-08-12 18:01:59 +02:00 · 480fdc65ed
commit 480fdc65ed
parent 9ae662f63e
404 changed files with 65310 additions and 2600431 deletions
--- a/dev/subdomain-optimization/current-issues-analysis.md
+++ b/dev/subdomain-optimization/current-issues-analysis.md
@ -0,0 +1,300 @@
+# Current Implementation Issues Analysis
+
+## Executive Summary
+
+The current multi-domain and subdomain implementation in the Mivita application has several architectural issues that impact maintainability, performance, and scalability. This document provides a detailed analysis of these issues and their implications.
+
+## 1. Middleware Issues
+
+### 1.1 Subdomain Middleware (`app/Http/Middleware/Subdomain.php`)
+
+#### Critical Issues:
+
+**Hard-coded Fallback Logic**
+```php
+// Line 47: Hard-coded shop selection
+$user_shop = UserShop::where('slug', 'aloevera')->first();
+```
+- **Impact**: Inflexible fallback mechanism
+- **Risk**: Cannot easily change default shop
+- **Maintainability**: Low - requires code changes for configuration
+
+**Mixed Responsibilities**
+```php
+// Lines 24-43: Dynamic subdomain handling
+// Lines 44-57: Main domain handling
+```
+- **Issue**: Single middleware handles multiple domain types
+- **Impact**: Complex conditional logic
+- **Maintainability**: Difficult to test and modify
+
+**Direct Session Manipulation**
+```php
+// Lines 39-41: Direct session writes
+\Session::put('user_shop', $user_shop);
+\Session::put('user_shop_domain', config('app.protocol').$user_shop->slug.".".config('app.domain').config('app.tld_care'));
+Config::set('app.url', $user_shop->slug.".".config('app.domain').config('app.tld_care'));
+```
+- **Issue**: Middleware directly modifies global state
+- **Risk**: Side effects and testing difficulties
+- **Best Practice**: Middleware should be stateless
+
+**No Error Handling**
+- **Issue**: No validation of user shop status
+- **Risk**: Invalid shops can cause 503 errors
+- **Missing**: Graceful degradation
+
+### 1.2 Missing Validation
+
+**User Shop Validation Issues**:
+```php
+// Lines 30-38: Validation logic
+if(!$user_shop->active){
+    abort(503);
+}
+if(!$user_shop->user){
+    abort(503);
+}
+if(!$user_shop->user->isActiveShop()){
+    abort(503);
+}
+```
+- **Issue**: Returns 503 (Service Unavailable) for invalid shops
+- **Better**: Should return 404 or redirect to main domain
+- **SEO Impact**: 503 errors can negatively affect search rankings
+
+## 2. Routing Architecture Issues
+
+### 2.1 Route File Organization
+
+Current structure:
+```
+routes/
+├── web.php (mostly empty)
+├── main.php
+├── subdomain.php
+├── crm.php
+├── portal.php
+├── checkout.php
+├── api.php
+└── utility.php
+```
+
+#### Issues:
+
+**Route Duplication**
+- Legal routes (`/datenschutz`, `/impressum`, `/agb`) duplicated across multiple files
+- Contact routes duplicated
+- Registration routes duplicated
+
+**Inconsistent Middleware Application**
+```php
+// crm.php - Line 12: Domain-based grouping
+Route::domain(config('app.pre_url_crm') . config('app.domain') . config('app.tld_care'))->group(function () {
+
+// subdomain.php - Line 10: Middleware-based grouping  
+Route::group(['middleware' => ['subdomain']], function () {
+```
+
+**Complex Domain Logic in Routes**
+- Domain configuration scattered across route files
+- Hard to understand which routes belong to which domain
+- Difficult to add new domain types
+
+### 2.2 Route Registration Issues
+
+**Missing Route Prefixes**
+- No clear namespacing for different domain types
+- Route name conflicts possible
+- Difficult to generate domain-specific URLs
+
+**Inefficient Route Loading**
+- All routes loaded regardless of current domain
+- Impacts performance for large applications
+- Unnecessary route compilation
+
+## 3. Configuration Management Issues
+
+### 3.1 Environment Configuration (`.env`)
+
+Current configuration:
+```env
+APP_DOMAIN=mivita
+APP_TLD_CARE=.test
+APP_TLD_SHOP=.lshop
+APP_URL_CHECKOUT=checkout.
+APP_URL_CRM=my.
+APP_URL_PORTAL=in.
+```
+
+#### Issues:
+
+**Inconsistent Naming**
+- `APP_TLD_CARE` vs `APP_TLD_SHOP` - inconsistent naming pattern
+- `APP_URL_*` contains trailing dots - configuration inconsistency
+
+**Missing Validation**
+- No validation of domain configuration
+- Invalid configurations can cause runtime errors
+- No documentation of required format
+
+**Environment Dependency**
+- Different TLDs for different environments
+- Configuration changes required for different deployments
+- No centralized domain management
+
+### 3.2 Runtime Configuration Issues
+
+**Dynamic URL Setting**
+```php
+// Subdomain.php - Line 41
+Config::set('app.url', $user_shop->slug.".".config('app.domain').config('app.tld_care'));
+```
+- **Issue**: Runtime modification of application URL
+- **Risk**: Affects URL generation throughout application
+- **Problem**: Can cause inconsistent URLs in different parts of application
+
+## 4. Performance Issues
+
+### 4.1 Database Queries
+
+**No Caching**
+```php
+// Line 26: Database query on every request
+$user_shop = UserShop::where('slug', $request->route('subdomain'))->first();
+```
+- **Impact**: Database query for every subdomain request
+- **Scale**: Significant load with many user shops
+- **Solution**: Implement caching strategy
+
+**N+1 Query Potential**
+```php
+// Lines 33-37: Potential additional queries
+if(!$user_shop->user){
+    abort(503);
+}
+if(!$user_shop->user->isActiveShop()){
+    abort(503);
+}
+```
+- **Issue**: Multiple database queries per request
+- **Impact**: Poor performance with many concurrent requests
+
+### 4.2 Route Compilation
+
+**All Routes Loaded**
+- Every request loads all route files
+- No domain-specific route caching
+- Impacts application bootstrap time
+
+## 5. Security Issues
+
+### 5.1 Session Management
+
+**Inconsistent Session Domains**
+```php
+// .env - Line 26
+SESSION_DOMAIN=.mivita.test
+```
+- **Issue**: Fixed session domain across all subdomains
+- **Risk**: Session sharing between unrelated domains
+- **Security**: Potential session hijacking between user shops
+
+### 5.2 CSRF Protection
+
+**Missing Domain-Specific CSRF**
+- No domain-specific CSRF token handling
+- Potential cross-domain CSRF issues
+- Missing validation for domain-specific requests
+
+## 6. Maintainability Issues
+
+### 6.1 Code Organization
+
+**Scattered Domain Logic**
+- Domain handling logic in multiple files
+- No single source of truth for domain configuration
+- Difficult to understand complete domain architecture
+
+**Missing Abstractions**
+- No domain context object
+- Direct use of request/session data
+- Tight coupling between components
+
+### 6.2 Testing Challenges
+
+**Difficult to Test**
+- Middleware has side effects
+- Global state modifications
+- Complex conditional logic
+
+**Missing Test Coverage**
+- No unit tests for domain logic
+- Integration tests difficult to write
+- Manual testing required for each domain type
+
+## 7. Scalability Issues
+
+### 7.1 Adding New Domains
+
+**Hard to Extend**
+- Adding new subdomain types requires multiple file changes
+- No consistent pattern for new domain types
+- Complex configuration requirements
+
+### 7.2 Multi-tenant Considerations
+
+**Poor Tenant Isolation**
+- User shops not properly isolated
+- Shared configuration between tenants
+- Potential data leakage between shops
+
+## 8. Documentation Issues
+
+### 8.1 Missing Documentation
+
+**No Architecture Documentation**
+- Domain structure not documented
+- Routing logic not explained
+- Configuration options not documented
+
+**No Deployment Guide**
+- Missing deployment instructions
+- No environment-specific guidance
+- No troubleshooting documentation
+
+## Impact Assessment
+
+### High Impact Issues
+1. **Performance**: Database queries on every request
+2. **Security**: Session domain configuration issues
+3. **Maintainability**: Scattered domain logic
+
+### Medium Impact Issues
+1. **Route duplication**: Maintenance overhead
+2. **Configuration management**: Deployment complexity
+3. **Error handling**: Poor user experience
+
+### Low Impact Issues
+1. **Code organization**: Developer productivity
+2. **Documentation**: Onboarding difficulty
+3. **Testing**: Quality assurance challenges
+
+## Recommendations Priority
+
+### Priority 1 (Critical)
+1. Implement caching for user shop lookups
+2. Fix session domain configuration
+3. Improve error handling for invalid shops
+
+### Priority 2 (High)
+1. Refactor middleware architecture
+2. Reorganize route structure
+3. Centralize domain configuration
+
+### Priority 3 (Medium)
+1. Add comprehensive testing
+2. Create documentation
+3. Implement monitoring
+
+This analysis provides the foundation for the optimization proposal detailed in the main README.md file.