biiproject-kit-v2/app/Http/Controllers/SettingsController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Inertia\Inertia;
use Illuminate\Support\Facades\Redirect;

class SettingsController extends Controller
{
    /**
     * Display the consolidated account settings page.
     */
    public function index(Request $request)
    {
        $user = $request->user();
        $twoFactorEnabled = !is_null($user->two_factor_confirmed_at);

        $qrCode = null;
        $secret = null;

        if (!$twoFactorEnabled) {
            if (!$user->two_factor_secret) {
                $g2fa = new \PragmaRX\Google2FA\Google2FA();
                $user->update(['two_factor_secret' => $g2fa->generateSecretKey()]);
            }
            $secret = $user->fresh()->two_factor_secret;
            $g2fa = new \PragmaRX\Google2FA\Google2FA();
            $otpUrl = $g2fa->getQRCodeUrl(config('app.name'), $user->email, $secret);
            $renderer = new \BaconQrCode\Renderer\ImageRenderer(
                new \BaconQrCode\Renderer\RendererStyle\RendererStyle(200),
                new \BaconQrCode\Renderer\Image\SvgImageBackEnd()
            );
            $qrCode = 'data:image/svg+xml;base64,' . base64_encode((new \BaconQrCode\Writer($renderer))->writeString($otpUrl));
        }

        $mailDriver = config('mail.default');
        $mailHost = \App\Models\Setting::where('key', 'mail_host')->first()?->value ?: config('mail.mailers.smtp.host');
        
        $smtpConfigured = false;
        if ($mailDriver === 'log') {
            $smtpConfigured = true;
        } elseif ($mailHost === 'mailpit') {
            $smtpConfigured = true;
        } else {
            $mailUsername = \App\Models\Setting::where('key', 'mail_username')->first()?->value ?: config('mail.mailers.smtp.username');
            $mailPassword = \App\Models\Setting::where('key', 'mail_password')->first()?->value ?: config('mail.mailers.smtp.password');
            $smtpConfigured = !empty($mailHost) && !empty($mailUsername) && !empty($mailPassword);
        }

        $totpAllowed = true;
        $emailAllowed = true;
        try {
            $systemSettings = \Illuminate\Support\Facades\Cache::rememberForever('system_settings', function () {
                return \App\Models\Setting::all()->pluck('value', 'key')->toArray();
            });
            if (isset($systemSettings['two_factor_totp_enabled'])) {
                $totpAllowed = $systemSettings['two_factor_totp_enabled'] === '1' || $systemSettings['two_factor_totp_enabled'] === true;
            }
            if (isset($systemSettings['two_factor_email_enabled'])) {
                $emailAllowed = $systemSettings['two_factor_email_enabled'] === '1' || $systemSettings['two_factor_email_enabled'] === true;
            }
        } catch (\Exception $e) {
            // DB not ready or migrated
        }

        return Inertia::render('Settings/Index', [
            'mustVerifyEmail'   => $user instanceof \Illuminate\Contracts\Auth\MustVerifyEmail,
            'status'            => session('status'),
            'twoFactorSettings' => [
                'totp_allowed'  => $totpAllowed,
                'email_allowed' => $emailAllowed,
            ],
            'twoFactor'         => [
                'enabled'         => $twoFactorEnabled,
                'qr_code'         => $qrCode,
                'secret'          => $secret,
                'email_enabled'   => (bool)$user->email_2fa_enabled,
                'smtp_configured' => $smtpConfigured,
                'recovery_codes'  => $user->two_factor_recovery_codes
                    ? json_decode($user->two_factor_recovery_codes, true)
                    : [],
            ],
        ]);
    }
}