gitmedia/mivita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
mivita/dev/subdomain-optimization/current-issues-analysis.md
Kevin Adametz 480fdc65ed commit 08-2025
2025-08-12 18:01:59 +02:00

300 lines
No EOL
8 KiB
Markdown
Raw Blame History

# Current Implementation Issues Analysis
## Executive Summary
The current multi-domain and subdomain implementation in the Mivita application has several architectural issues that impact maintainability, performance, and scalability. This document provides a detailed analysis of these issues and their implications.
## 1. Middleware Issues
### 1.1 Subdomain Middleware (`app/Http/Middleware/Subdomain.php`)
#### Critical Issues:
**Hard-coded Fallback Logic**
```php
// Line 47: Hard-coded shop selection
$user_shop = UserShop::where('slug', 'aloevera')->first();
```
- **Impact**: Inflexible fallback mechanism
- **Risk**: Cannot easily change default shop
- **Maintainability**: Low - requires code changes for configuration
**Mixed Responsibilities**
```php
// Lines 24-43: Dynamic subdomain handling
// Lines 44-57: Main domain handling
```
- **Issue**: Single middleware handles multiple domain types
- **Impact**: Complex conditional logic
- **Maintainability**: Difficult to test and modify
**Direct Session Manipulation**
```php
// Lines 39-41: Direct session writes
\Session::put('user_shop', $user_shop);
\Session::put('user_shop_domain', config('app.protocol').$user_shop->slug.".".config('app.domain').config('app.tld_care'));
Config::set('app.url', $user_shop->slug.".".config('app.domain').config('app.tld_care'));
```
- **Issue**: Middleware directly modifies global state
- **Risk**: Side effects and testing difficulties
- **Best Practice**: Middleware should be stateless
**No Error Handling**
- **Issue**: No validation of user shop status
- **Risk**: Invalid shops can cause 503 errors
- **Missing**: Graceful degradation
### 1.2 Missing Validation
**User Shop Validation Issues**:
```php
// Lines 30-38: Validation logic
if(!$user_shop->active){
abort(503);
}
if(!$user_shop->user){
abort(503);
}
if(!$user_shop->user->isActiveShop()){
abort(503);
}
```
- **Issue**: Returns 503 (Service Unavailable) for invalid shops
- **Better**: Should return 404 or redirect to main domain
- **SEO Impact**: 503 errors can negatively affect search rankings
## 2. Routing Architecture Issues
### 2.1 Route File Organization
Current structure:
```
routes/
├── web.php (mostly empty)
├── main.php
├── subdomain.php
├── crm.php
├── portal.php
├── checkout.php
├── api.php
└── utility.php
```
#### Issues:
**Route Duplication**
- Legal routes (`/datenschutz`, `/impressum`, `/agb`) duplicated across multiple files
- Contact routes duplicated
- Registration routes duplicated
**Inconsistent Middleware Application**
```php
// crm.php - Line 12: Domain-based grouping
Route::domain(config('app.pre_url_crm') . config('app.domain') . config('app.tld_care'))->group(function () {
// subdomain.php - Line 10: Middleware-based grouping
Route::group(['middleware' => ['subdomain']], function () {
```
**Complex Domain Logic in Routes**
- Domain configuration scattered across route files
- Hard to understand which routes belong to which domain
- Difficult to add new domain types
### 2.2 Route Registration Issues
**Missing Route Prefixes**
- No clear namespacing for different domain types
- Route name conflicts possible
- Difficult to generate domain-specific URLs
**Inefficient Route Loading**
- All routes loaded regardless of current domain
- Impacts performance for large applications
- Unnecessary route compilation
## 3. Configuration Management Issues
### 3.1 Environment Configuration (`.env`)
Current configuration:
```env
APP_DOMAIN=mivita
APP_TLD_CARE=.test
APP_TLD_SHOP=.lshop
APP_URL_CHECKOUT=checkout.
APP_URL_CRM=my.
APP_URL_PORTAL=in.
```
#### Issues:
**Inconsistent Naming**
- `APP_TLD_CARE` vs `APP_TLD_SHOP` - inconsistent naming pattern
- `APP_URL_*` contains trailing dots - configuration inconsistency
**Missing Validation**
- No validation of domain configuration
- Invalid configurations can cause runtime errors
- No documentation of required format
**Environment Dependency**
- Different TLDs for different environments
- Configuration changes required for different deployments
- No centralized domain management
### 3.2 Runtime Configuration Issues
**Dynamic URL Setting**
```php
// Subdomain.php - Line 41
Config::set('app.url', $user_shop->slug.".".config('app.domain').config('app.tld_care'));
```
- **Issue**: Runtime modification of application URL
- **Risk**: Affects URL generation throughout application
- **Problem**: Can cause inconsistent URLs in different parts of application
## 4. Performance Issues
### 4.1 Database Queries
**No Caching**
```php
// Line 26: Database query on every request
$user_shop = UserShop::where('slug', $request->route('subdomain'))->first();
```
- **Impact**: Database query for every subdomain request
- **Scale**: Significant load with many user shops
- **Solution**: Implement caching strategy
**N+1 Query Potential**
```php
// Lines 33-37: Potential additional queries
if(!$user_shop->user){
abort(503);
}
if(!$user_shop->user->isActiveShop()){
abort(503);
}
```
- **Issue**: Multiple database queries per request
- **Impact**: Poor performance with many concurrent requests
### 4.2 Route Compilation
**All Routes Loaded**
- Every request loads all route files
- No domain-specific route caching
- Impacts application bootstrap time
## 5. Security Issues
### 5.1 Session Management
**Inconsistent Session Domains**
```php
// .env - Line 26
SESSION_DOMAIN=.mivita.test
```
- **Issue**: Fixed session domain across all subdomains
- **Risk**: Session sharing between unrelated domains
- **Security**: Potential session hijacking between user shops
### 5.2 CSRF Protection
**Missing Domain-Specific CSRF**
- No domain-specific CSRF token handling
- Potential cross-domain CSRF issues
- Missing validation for domain-specific requests
## 6. Maintainability Issues
### 6.1 Code Organization
**Scattered Domain Logic**
- Domain handling logic in multiple files
- No single source of truth for domain configuration
- Difficult to understand complete domain architecture
**Missing Abstractions**
- No domain context object
- Direct use of request/session data
- Tight coupling between components
### 6.2 Testing Challenges
**Difficult to Test**
- Middleware has side effects
- Global state modifications
- Complex conditional logic
**Missing Test Coverage**
- No unit tests for domain logic
- Integration tests difficult to write
- Manual testing required for each domain type
## 7. Scalability Issues
### 7.1 Adding New Domains
**Hard to Extend**
- Adding new subdomain types requires multiple file changes
- No consistent pattern for new domain types
- Complex configuration requirements
### 7.2 Multi-tenant Considerations
**Poor Tenant Isolation**
- User shops not properly isolated
- Shared configuration between tenants
- Potential data leakage between shops
## 8. Documentation Issues
### 8.1 Missing Documentation
**No Architecture Documentation**
- Domain structure not documented
- Routing logic not explained
- Configuration options not documented
**No Deployment Guide**
- Missing deployment instructions
- No environment-specific guidance
- No troubleshooting documentation
## Impact Assessment
### High Impact Issues
1. **Performance**: Database queries on every request
2. **Security**: Session domain configuration issues
3. **Maintainability**: Scattered domain logic
### Medium Impact Issues
1. **Route duplication**: Maintenance overhead
2. **Configuration management**: Deployment complexity
3. **Error handling**: Poor user experience
### Low Impact Issues
1. **Code organization**: Developer productivity
2. **Documentation**: Onboarding difficulty
3. **Testing**: Quality assurance challenges
## Recommendations Priority
### Priority 1 (Critical)
1. Implement caching for user shop lookups
2. Fix session domain configuration
3. Improve error handling for invalid shops
### Priority 2 (High)
1. Refactor middleware architecture
2. Reorganize route structure
3. Centralize domain configuration
### Priority 3 (Medium)
1. Add comprehensive testing
2. Create documentation
3. Implement monitoring
This analysis provides the foundation for the optimization proposal detailed in the main README.md file.
Reference in a new issue View git blame Copy permalink