gitmedia/mivita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mivita/dev/routes-optimization/current-issues-analysis.md
Kevin Adametz a939cd51ef update 20.10.2025
2025-10-20 17:42:08 +02:00

8 KiB
Raw Permalink Blame History

Current Implementation Issues Analysis

Executive Summary

The current multi-domain and subdomain implementation in the Mivita application has several architectural issues that impact maintainability, performance, and scalability. This document provides a detailed analysis of these issues and their implications.

1. Middleware Issues

1.1 Subdomain Middleware (app/Http/Middleware/Subdomain.php)

Critical Issues:

Hard-coded Fallback Logic

// Line 47: Hard-coded shop selection
$user_shop = UserShop::where('slug', 'aloevera')->first();
  • Impact: Inflexible fallback mechanism
  • Risk: Cannot easily change default shop
  • Maintainability: Low - requires code changes for configuration

Mixed Responsibilities

// Lines 24-43: Dynamic subdomain handling
// Lines 44-57: Main domain handling
  • Issue: Single middleware handles multiple domain types
  • Impact: Complex conditional logic
  • Maintainability: Difficult to test and modify

Direct Session Manipulation

// Lines 39-41: Direct session writes
\Session::put('user_shop', $user_shop);
\Session::put('user_shop_domain', config('app.protocol').$user_shop->slug.".".config('app.domain').config('app.tld_care'));
Config::set('app.url', $user_shop->slug.".".config('app.domain').config('app.tld_care'));
  • Issue: Middleware directly modifies global state
  • Risk: Side effects and testing difficulties
  • Best Practice: Middleware should be stateless

No Error Handling

  • Issue: No validation of user shop status
  • Risk: Invalid shops can cause 503 errors
  • Missing: Graceful degradation

1.2 Missing Validation

User Shop Validation Issues:

// Lines 30-38: Validation logic
if(!$user_shop->active){
    abort(503);
}
if(!$user_shop->user){
    abort(503);
}
if(!$user_shop->user->isActiveShop()){
    abort(503);
}
  • Issue: Returns 503 (Service Unavailable) for invalid shops
  • Better: Should return 404 or redirect to main domain
  • SEO Impact: 503 errors can negatively affect search rankings

2. Routing Architecture Issues

2.1 Route File Organization

Current structure:

routes/
├── web.php (mostly empty)
├── main.php
├── subdomain.php
├── crm.php
├── portal.php
├── checkout.php
├── api.php
└── utility.php

Issues:

Route Duplication

  • Legal routes (/datenschutz, /impressum, /agb) duplicated across multiple files
  • Contact routes duplicated
  • Registration routes duplicated

Inconsistent Middleware Application

// crm.php - Line 12: Domain-based grouping
Route::domain(config('app.pre_url_crm') . config('app.domain') . config('app.tld_care'))->group(function () {

// subdomain.php - Line 10: Middleware-based grouping  
Route::group(['middleware' => ['subdomain']], function () {

Complex Domain Logic in Routes

  • Domain configuration scattered across route files
  • Hard to understand which routes belong to which domain
  • Difficult to add new domain types

2.2 Route Registration Issues

Missing Route Prefixes

  • No clear namespacing for different domain types
  • Route name conflicts possible
  • Difficult to generate domain-specific URLs

Inefficient Route Loading

  • All routes loaded regardless of current domain
  • Impacts performance for large applications
  • Unnecessary route compilation

3. Configuration Management Issues

3.1 Environment Configuration (.env)

Current configuration:

APP_DOMAIN=mivita
APP_TLD_CARE=.test
APP_TLD_SHOP=.lshop
APP_URL_CHECKOUT=checkout.
APP_URL_CRM=my.
APP_URL_PORTAL=in.

Issues:

Inconsistent Naming

  • APP_TLD_CARE vs APP_TLD_SHOP - inconsistent naming pattern
  • APP_URL_* contains trailing dots - configuration inconsistency

Missing Validation

  • No validation of domain configuration
  • Invalid configurations can cause runtime errors
  • No documentation of required format

Environment Dependency

  • Different TLDs for different environments
  • Configuration changes required for different deployments
  • No centralized domain management

3.2 Runtime Configuration Issues

Dynamic URL Setting

// Subdomain.php - Line 41
Config::set('app.url', $user_shop->slug.".".config('app.domain').config('app.tld_care'));
  • Issue: Runtime modification of application URL
  • Risk: Affects URL generation throughout application
  • Problem: Can cause inconsistent URLs in different parts of application

4. Performance Issues

4.1 Database Queries

No Caching

// Line 26: Database query on every request
$user_shop = UserShop::where('slug', $request->route('subdomain'))->first();
  • Impact: Database query for every subdomain request
  • Scale: Significant load with many user shops
  • Solution: Implement caching strategy

N+1 Query Potential

// Lines 33-37: Potential additional queries
if(!$user_shop->user){
    abort(503);
}
if(!$user_shop->user->isActiveShop()){
    abort(503);
}
  • Issue: Multiple database queries per request
  • Impact: Poor performance with many concurrent requests

4.2 Route Compilation

All Routes Loaded

  • Every request loads all route files
  • No domain-specific route caching
  • Impacts application bootstrap time

5. Security Issues

5.1 Session Management

Inconsistent Session Domains

// .env - Line 26
SESSION_DOMAIN=.mivita.test
  • Issue: Fixed session domain across all subdomains
  • Risk: Session sharing between unrelated domains
  • Security: Potential session hijacking between user shops

5.2 CSRF Protection

Missing Domain-Specific CSRF

  • No domain-specific CSRF token handling
  • Potential cross-domain CSRF issues
  • Missing validation for domain-specific requests

6. Maintainability Issues

6.1 Code Organization

Scattered Domain Logic

  • Domain handling logic in multiple files
  • No single source of truth for domain configuration
  • Difficult to understand complete domain architecture

Missing Abstractions

  • No domain context object
  • Direct use of request/session data
  • Tight coupling between components

6.2 Testing Challenges

Difficult to Test

  • Middleware has side effects
  • Global state modifications
  • Complex conditional logic

Missing Test Coverage

  • No unit tests for domain logic
  • Integration tests difficult to write
  • Manual testing required for each domain type

7. Scalability Issues

7.1 Adding New Domains

Hard to Extend

  • Adding new subdomain types requires multiple file changes
  • No consistent pattern for new domain types
  • Complex configuration requirements

7.2 Multi-tenant Considerations

Poor Tenant Isolation

  • User shops not properly isolated
  • Shared configuration between tenants
  • Potential data leakage between shops

8. Documentation Issues

8.1 Missing Documentation

No Architecture Documentation

  • Domain structure not documented
  • Routing logic not explained
  • Configuration options not documented

No Deployment Guide

  • Missing deployment instructions
  • No environment-specific guidance
  • No troubleshooting documentation

Impact Assessment

High Impact Issues

  1. Performance: Database queries on every request
  2. Security: Session domain configuration issues
  3. Maintainability: Scattered domain logic

Medium Impact Issues

  1. Route duplication: Maintenance overhead
  2. Configuration management: Deployment complexity
  3. Error handling: Poor user experience

Low Impact Issues

  1. Code organization: Developer productivity
  2. Documentation: Onboarding difficulty
  3. Testing: Quality assurance challenges

Recommendations Priority

Priority 1 (Critical)

  1. Implement caching for user shop lookups
  2. Fix session domain configuration
  3. Improve error handling for invalid shops

Priority 2 (High)

  1. Refactor middleware architecture
  2. Reorganize route structure
  3. Centralize domain configuration

Priority 3 (Medium)

  1. Add comprehensive testing
  2. Create documentation
  3. Implement monitoring

This analysis provides the foundation for the optimization proposal detailed in the main README.md file.