Change runner to ubuntu-latest for build job

.github/workflows/build-and-push-images.yml

@@ -8,7 +8,8 @@ on:
 
 jobs:
   build:
-    runs-on: self-hosted
+    # runs-on: self-hosted
+    runs-on: ubuntu-latest
     steps:
       - name: Login to Docker Hub
         uses: docker/login-action@v3

app/Actions/EnsureDailyChangeIsSynced.php

@@ -26,7 +26,7 @@ class EnsureDailyChangeIsSynced
             ) {
                 defer(fn () => $model->portfolio->syncDailyChanges());
 
-                Cache::put($cacheKey, now(), now()->addMinutes(5));
+                Cache::put($cacheKey, true, now()->addMinutes(5));
             }
         }
 

composer.json

@@ -22,10 +22,10 @@
         "investbrainapp/frankfurter-client": "dev-main",
         "laravel/ai": "^0.2.5",
         "laravel/fortify": "^1.30.0",
-        "laravel/framework": "^12.0",
+        "laravel/framework": "^13.0",
         "laravel/sanctum": "^4.0",
         "laravel/socialite": "^5.16",
-        "laravel/tinker": "^2.9",
+        "laravel/tinker": "^3.0",
         "league/flysystem-aws-s3-v3": "^3.0",
         "livewire/livewire": "^4.0",
         "livewire/volt": "^1.6",
@@ -39,11 +39,11 @@
     },
     "require-dev": {
         "fakerphp/faker": "^1.23",
-        "laravel/boost": "^1.8",
+        "laravel/boost": "^2.0",
         "laravel/pint": "^1.25",
         "mockery/mockery": "^1.6",
         "nunomaduro/collision": "^8.0",
-        "phpunit/phpunit": "^11.0"
+        "phpunit/phpunit": "^12.0"
     },
     "repositories": [
         {

config/cache.php

@@ -107,4 +107,17 @@ return [
 
     'prefix' => env('CACHE_PREFIX', Str::slug(env('APP_NAME', 'laravel'), '_').'_cache_'),
 
+    /*
+    |--------------------------------------------------------------------------
+    | Cache Serializable Classes
+    |--------------------------------------------------------------------------
+    |
+    | For security, unserialization of cached PHP objects is restricted. Set
+    | this to false to disallow all object unserialization, or list the
+    | specific classes your application intentionally caches as objects.
+    |
+    */
+
+    'serializable_classes' => false,
+
 ];

config/sanctum.php

@@ -2,6 +2,9 @@
 
 declare(strict_types=1);
 
+use Illuminate\Cookie\Middleware\EncryptCookies;
+use Illuminate\Foundation\Http\Middleware\PreventRequestForgery;
+use Laravel\Sanctum\Http\Middleware\AuthenticateSession;
 use Laravel\Sanctum\Sanctum;
 
 return [
@@ -77,9 +80,9 @@ return [
     */
 
     'middleware' => [
-        'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
-        'encrypt_cookies' => Illuminate\Cookie\Middleware\EncryptCookies::class,
-        'validate_csrf_token' => Illuminate\Foundation\Http\Middleware\ValidateCsrfToken::class,
+        'authenticate_session' => AuthenticateSession::class,
+        'encrypt_cookies' => EncryptCookies::class,
+        'validate_csrf_token' => PreventRequestForgery::class,
     ],
 
 ];

tests/Api/MarketDataTest.php

@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Api;
+
+use App\Models\MarketData;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class MarketDataTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = User::factory()->create();
+    }
+
+    public function test_can_get_market_data_for_symbol(): void
+    {
+        MarketData::getMarketData('AAPL');
+
+        $this->actingAs($this->user)
+            ->getJson(route('api.market-data.show', ['symbol' => 'AAPL']))
+            ->assertOk()
+            ->assertJsonStructure([
+                'symbol',
+                'name',
+                'market_value',
+                'fifty_two_week_low',
+                'fifty_two_week_high',
+                'last_dividend_date',
+                'last_dividend_amount',
+                'dividend_yield',
+                'market_cap',
+                'trailing_pe',
+                'forward_pe',
+                'book_value',
+                'created_at',
+                'updated_at',
+            ]);
+    }
+
+    public function test_market_data_returns_correct_symbol(): void
+    {
+        $this->actingAs($this->user)
+            ->getJson(route('api.market-data.show', ['symbol' => 'ACME']))
+            ->assertSuccessful()
+            ->assertJsonFragment([
+                'symbol' => 'ACME',
+            ]);
+    }
+
+    public function test_market_data_response_has_expected_fields(): void
+    {
+        MarketData::getMarketData('MSFT');
+
+        $this->actingAs($this->user)
+            ->getJson(route('api.market-data.show', ['symbol' => 'MSFT']))
+            ->assertOk()
+            ->assertJsonPath('symbol', 'MSFT')
+            ->assertJsonPath('market_value', 230.19);
+    }
+
+    public function test_cannot_access_market_data_when_unauthenticated(): void
+    {
+        $this->getJson(route('api.market-data.show', ['symbol' => 'AAPL']))->assertUnauthorized();
+    }
+}

tests/Api/UserTest.php

@@ -0,0 +1,74 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Api;
+
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class UserTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = User::factory()->create();
+    }
+
+    public function test_can_get_authenticated_user_profile(): void
+    {
+        $this->actingAs($this->user)
+            ->getJson(route('api.me'))
+            ->assertOk()
+            ->assertJsonStructure([
+                'id',
+                'name',
+                'email',
+                'profile_photo_url',
+                'options' => ['display_currency', 'locale'],
+                'created_at',
+                'updated_at',
+            ]);
+    }
+
+    public function test_profile_returns_correct_user_data(): void
+    {
+        $this->actingAs($this->user)
+            ->getJson(route('api.me'))
+            ->assertOk()
+            ->assertJsonFragment([
+                'id' => $this->user->id,
+                'name' => $this->user->name,
+                'email' => $this->user->email,
+            ]);
+    }
+
+    public function test_profile_returns_correct_options(): void
+    {
+        $this->actingAs($this->user)
+            ->getJson(route('api.me'))
+            ->assertOk()
+            ->assertJsonPath('options.display_currency', $this->user->getCurrency())
+            ->assertJsonPath('options.locale', $this->user->getLocale());
+    }
+
+    public function test_cannot_access_profile_when_unauthenticated(): void
+    {
+        $this->getJson(route('api.me'))->assertUnauthorized();
+    }
+
+    public function test_profile_does_not_expose_password(): void
+    {
+        $response = $this->actingAs($this->user)
+            ->getJson(route('api.me'))
+            ->assertOk();
+
+        $this->assertArrayNotHasKey('password', $response->json());
+    }
+}