Fixed failing tests because of legacy currency codes

allow admins to delete members
fix Dialog cloes on click outside of content

app/Actions/Fortify/CreateNewUser.php

@@ -26,7 +26,7 @@ class CreateNewUser implements CreatesNewUsers
     /**
      * Create a newly registered user.
      *
-     * @param  array<string, string>  $input
+     * @param  array<string, mixed>  $input
      *
      * @throws ValidationException
      */

app/Actions/Fortify/UpdateUserProfileInformation.php

@@ -6,7 +6,6 @@ namespace App\Actions\Fortify;
 
 use App\Enums\Weekday;
 use App\Models\User;
-use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rule;
@@ -59,8 +58,7 @@ class UpdateUserProfileInformation implements UpdatesUserProfileInformation
             $user->updateProfilePhoto($input['photo']);
         }
 
-        if ($input['email'] !== $user->email &&
-            $user instanceof MustVerifyEmail) {
+        if ($input['email'] !== $user->email) {
             $user->forceFill([
                 'name' => $input['name'],
                 'email' => $input['email'],

app/Actions/Jetstream/AddOrganizationMember.php

@@ -57,7 +57,7 @@ class AddOrganizationMember implements AddsTeamMembers
      */
     protected function rules(): array
     {
-        return array_filter([
+        return [
             'email' => [
                 'required',
                 'email',
@@ -75,7 +75,7 @@ class AddOrganizationMember implements AddsTeamMembers
                     Role::Employee->value,
                 ]),
             ],
-        ]);
+        ];
     }
 
     /**

app/Console/Commands/Auth/AuthSendReminderForExpiringApiTokensCommand.php

@@ -0,0 +1,108 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Console\Commands\Auth;
+
+use App\Mail\AuthApiTokenExpirationReminderMail;
+use App\Mail\AuthApiTokenExpiredMail;
+use App\Models\Passport\Token;
+use App\Models\User;
+use Illuminate\Console\Command;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Mail;
+
+class AuthSendReminderForExpiringApiTokensCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'auth:send-mails-expiring-api-tokens '.
+        ' { --dry-run : Do not actually send emails or save anything to the database, just output what would happen }';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Sends emails about expiring API tokens, one week before and when they expired.';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $dryRun = (bool) $this->option('dry-run');
+        if ($dryRun) {
+            $this->comment('Running in dry-run mode. No emails will be sent and nothing will be saved to the database.');
+        }
+
+        $this->comment('Sending reminder emails about expiring API tokens...');
+        $sentMails = 0;
+        Token::query()
+            ->where('expires_at', '<=', Carbon::now()->addDays(7))
+            ->whereNull('reminder_sent_at')
+            ->with([
+                'client',
+                'user',
+            ])
+            ->whereHas('user', function (Builder $query): void {
+                /** @var Builder<User> $query */
+                $query->where('is_placeholder', '=', false);
+            })
+            ->isApiToken(true)
+            ->orderBy('created_at', 'asc')
+            ->chunk(500, function (Collection $tokens) use ($dryRun, &$sentMails): void {
+                /** @var Collection<int, Token> $tokens */
+                foreach ($tokens as $token) {
+                    $user = $token->user;
+                    $this->info('Start sending email to user "'.$user->email.'" ('.$user->getKey().') reminding about API token '.$token->getKey());
+                    $sentMails++;
+                    if (! $dryRun) {
+                        Mail::to($user->email)
+                            ->queue(new AuthApiTokenExpirationReminderMail($token, $user));
+                        $token->reminder_sent_at = Carbon::now();
+                        $token->save();
+                    }
+                }
+            });
+        $this->comment('Finished sending '.$sentMails.' expiring API token emails...');
+
+        $this->comment('Sent emails about expired API tokens');
+        $sentMails = 0;
+        Token::query()
+            ->where('expires_at', '<=', Carbon::now())
+            ->whereNull('expired_info_sent_at')
+            ->with([
+                'client',
+                'user',
+            ])
+            ->whereHas('user', function (Builder $query): void {
+                /** @var Builder<User> $query */
+                $query->where('is_placeholder', '=', false);
+            })
+            ->isApiToken(true)
+            ->orderBy('created_at', 'asc')
+            ->chunk(500, function (Collection $tokens) use ($dryRun, &$sentMails): void {
+                /** @var Collection<int, Token> $tokens */
+                foreach ($tokens as $token) {
+                    $user = $token->user;
+                    $this->info('Start sending email to user "'.$user->email.'" ('.$user->getKey().') about expired API token '.$token->getKey());
+                    $sentMails++;
+                    if (! $dryRun) {
+                        Mail::to($user->email)
+                            ->queue(new AuthApiTokenExpiredMail($token, $user));
+                        $token->expired_info_sent_at = Carbon::now();
+                        $token->save();
+                    }
+                }
+            });
+        $this->comment('Finished sending '.$sentMails.' expired API token emails...');
+
+        return self::SUCCESS;
+    }
+}

app/Console/Kernel.php

@@ -18,6 +18,10 @@ class Kernel extends ConsoleKernel
             ->when(fn (): bool => config('scheduling.tasks.time_entry_send_still_running_mails'))
             ->everyTenMinutes();
 
+        $schedule->command('auth:send-mails-expiring-api-tokens')
+            ->when(fn (): bool => config('scheduling.tasks.auth_send_mails_expiring_api_tokens'))
+            ->everyTenMinutes();
+
         $schedule->command('self-host:check-for-update')
             ->when(fn (): bool => config('scheduling.tasks.self_hosting_check_for_update'))
             ->twiceDaily();
@@ -28,7 +32,7 @@ class Kernel extends ConsoleKernel
 
         $schedule->command('self-host:database-consistency')
             ->when(fn (): bool => config('scheduling.tasks.self_hosting_database_consistency'))
-            ->twiceDaily();
+            ->everySixHours();
     }
 
     /**

app/Exceptions/Api/InvitationForTheEmailAlreadyExistsApiException.php

@@ -0,0 +1,10 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Exceptions\Api;
+
+class InvitationForTheEmailAlreadyExistsApiException extends ApiException
+{
+    public const string KEY = 'invitation_for_the_email_already_exists';
+}

app/Extensions/Scramble/PaginatedResourceCollectionTypeToSchema.php

@@ -41,9 +41,7 @@ class PaginatedResourceCollectionTypeToSchema extends TypeToSchemaExtension
             return null;
         }
 
-        if (! ($collectingType = $this->openApiTransformer->transform($collectingClassType))) {
-            return null;
-        }
+        $collectingType = $this->openApiTransformer->transform($collectingClassType);
 
         $newType = new OpenApiObjectType;
         $newType->addProperty('data', (new ArrayType)->setItems($collectingType));

app/Filament/Resources/FailedJobResource.php

@@ -15,6 +15,7 @@ use Filament\Resources\Resource;
 use Filament\Tables\Actions\Action;
 use Filament\Tables\Actions\BulkAction;
 use Filament\Tables\Actions\DeleteAction;
+use Filament\Tables\Actions\DeleteBulkAction;
 use Filament\Tables\Actions\ViewAction;
 use Filament\Tables\Columns\TextColumn;
 use Filament\Tables\Table;
@@ -75,7 +76,8 @@ class FailedJobResource extends Resource
             ->filters([])
             ->bulkActions([
                 BulkAction::make('retry')
-                    ->label('Retry')
+                    ->icon('heroicon-o-arrow-path')
+                    ->label('Retry selected')
                     ->requiresConfirmation()
                     ->action(function (Collection $records): void {
                         /** @var FailedJob $record */
@@ -87,11 +89,13 @@ class FailedJobResource extends Resource
                             ->success()
                             ->send();
                     }),
+                DeleteBulkAction::make(),
             ])
             ->actions([
-                DeleteAction::make('Delete'),
-                ViewAction::make('View'),
+                DeleteAction::make(),
+                ViewAction::make(),
                 Action::make('retry')
+                    ->icon('heroicon-o-arrow-path')
                     ->label('Retry')
                     ->requiresConfirmation()
                     ->action(function (FailedJob $record): void {
@@ -109,7 +113,6 @@ class FailedJobResource extends Resource
         return [
             'index' => ListFailedJobs::route('/'),
             'view' => ViewFailedJobs::route('/{record}'),
-
         ];
     }
 }

app/Filament/Resources/FailedJobResource/Pages/ListFailedJobs.php

@@ -6,8 +6,8 @@ namespace App\Filament\Resources\FailedJobResource\Pages;
 
 use App\Filament\Resources\FailedJobResource;
 use App\Models\FailedJob;
+use Filament\Actions\Action;
 use Filament\Notifications\Notification;
-use Filament\Pages\Actions\Action;
 use Filament\Resources\Pages\ListRecords;
 use Illuminate\Support\Facades\Artisan;
 
@@ -19,7 +19,8 @@ class ListFailedJobs extends ListRecords
     {
         return [
             Action::make('retry_all')
-                ->label('Retry all failed Jobs')
+                ->icon('heroicon-o-arrow-path')
+                ->label('Retry all')
                 ->requiresConfirmation()
                 ->action(function (): void {
                     Artisan::call('queue:retry all');
@@ -30,7 +31,8 @@ class ListFailedJobs extends ListRecords
                 }),
 
             Action::make('delete_all')
-                ->label('Delete all failed Jobs')
+                ->icon('heroicon-o-trash')
+                ->label('Delete all')
                 ->requiresConfirmation()
                 ->color('danger')
                 ->action(function (): void {

app/Filament/Resources/TokenResource.php

@@ -5,7 +5,6 @@ declare(strict_types=1);
 namespace App\Filament\Resources;
 
 use App\Filament\Resources\TokenResource\Pages;
-use App\Models\Passport\Client;
 use App\Models\Passport\Token;
 use Filament\Forms;
 use Filament\Forms\Form;
@@ -40,7 +39,7 @@ class TokenResource extends Resource
                     ->label('Name')
                     ->required()
                     ->maxLength(255),
-                Forms\Components\Select::make('user_id')
+                Forms\Components\Select::make('owner_id')
                     ->label('User')
                     ->relationship(name: 'user', titleAttribute: 'name')
                     ->searchable(['name'])
@@ -79,10 +78,12 @@ class TokenResource extends Resource
                 Tables\Columns\TextColumn::make('client.name')
                     ->searchable()
                     ->sortable(),
-                Tables\Columns\IconColumn::make('client.personal_access_client')
+                Tables\Columns\IconColumn::make('personal_access_client')
+                    ->state(function (Token $token): bool {
+                        return in_array('personal_access', $token->client->grant_types ?? [], true);
+                    })
                     ->boolean()
-                    ->label('API token?')
-                    ->sortable(),
+                    ->label('API token?'),
                 Tables\Columns\IconColumn::make('revoked')
                     ->boolean()
                     ->label('Revoked?')
@@ -104,17 +105,11 @@ class TokenResource extends Resource
                     ->queries(
                         true: function (Builder $query) {
                             /** @var Builder<Token> $query */
-                            return $query->whereHas('client', function (Builder $query) {
-                                /** @var Builder<Client> $query */
-                                return $query->where('personal_access_client', true);
-                            });
+                            return $query->isApiToken();
                         },
                         false: function (Builder $query) {
                             /** @var Builder<Token> $query */
-                            return $query->whereHas('client', function (Builder $query) {
-                                /** @var Builder<Client> $query */
-                                return $query->where('personal_access_client', false);
-                            });
+                            return $query->isApiToken(false);
                         },
                         blank: function (Builder $query) {
                             /** @var Builder<Token> $query */

app/Http/Controllers/Api/V1/ApiTokenController.php

@@ -8,9 +8,12 @@ use App\Exceptions\Api\PersonalAccessClientIsNotConfiguredException;
 use App\Http\Requests\V1\ApiToken\ApiTokenStoreRequest;
 use App\Http\Resources\V1\ApiToken\ApiTokenCollection;
 use App\Http\Resources\V1\ApiToken\ApiTokenWithAccessTokenResource;
+use App\Models\Passport\Client;
 use App\Models\Passport\Token;
 use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Str;
 
 class ApiTokenController extends Controller
 {
@@ -28,7 +31,10 @@ class ApiTokenController extends Controller
         $user = $this->user();
 
         $tokens = $user->tokens()
-            ->where('client_id', '=', config('passport.personal_access_client.id'))
+            ->whereHas('client', function (Builder $query): void {
+                /** @var Builder<Client> $query */
+                $query->whereJsonContains('grant_types', 'personal_access');
+            })
             ->get();
 
         return new ApiTokenCollection($tokens);
@@ -48,15 +54,21 @@ class ApiTokenController extends Controller
     {
         $user = $this->user();
 
-        if (config('passport.personal_access_client.id') === null || config('passport.personal_access_client.secret') === null) {
-            throw new PersonalAccessClientIsNotConfiguredException;
+        try {
+            $token = $user->createToken($request->getName(), ['*']);
+
+            /** @var Token $tokenModel */
+            $tokenModel = $token->getToken();
+
+            return new ApiTokenWithAccessTokenResource($tokenModel, $token->accessToken);
+        } catch (\RuntimeException $exception) {
+            report($exception);
+            if (Str::contains($exception->getMessage(), ['Personal access client not found'])) {
+                throw new PersonalAccessClientIsNotConfiguredException;
+            }
+
+            throw $exception;
         }
-
-        $token = $user->createToken($request->getName(), ['*']);
-        /** @var Token $tokenModel */
-        $tokenModel = $token->token;
-
-        return new ApiTokenWithAccessTokenResource($tokenModel, $token->accessToken);
     }
 
     /**
@@ -71,13 +83,10 @@ class ApiTokenController extends Controller
     {
         $user = $this->user();
 
-        if (config('passport.personal_access_client.id') === null || config('passport.personal_access_client.secret') === null) {
-            throw new PersonalAccessClientIsNotConfiguredException;
-        }
         if ($apiToken->user_id !== $user->getKey()) {
             throw new AuthorizationException('API token does not belong to user');
         }
-        if ($apiToken->client_id !== config('passport.personal_access_client.id')) {
+        if (! ($apiToken->client?->hasGrantType('personal_access') ?? false)) {
             throw new AuthorizationException('API token is not a personal access token');
         }
 
@@ -97,13 +106,10 @@ class ApiTokenController extends Controller
     {
         $user = $this->user();
 
-        if (config('passport.personal_access_client.id') === null || config('passport.personal_access_client.secret') === null) {
-            throw new PersonalAccessClientIsNotConfiguredException;
-        }
         if ($apiToken->user_id !== $user->getKey()) {
             throw new AuthorizationException('API token does not belong to user');
         }
-        if ($apiToken->client_id !== config('passport.personal_access_client.id')) {
+        if (! ($apiToken->client?->hasGrantType('personal_access') ?? false)) {
             throw new AuthorizationException('API token is not a personal access token');
         }
 

app/Http/Controllers/Api/V1/InvitationController.php

@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace App\Http\Controllers\Api\V1;
 
+use App\Exceptions\Api\InvitationForTheEmailAlreadyExistsApiException;
 use App\Exceptions\Api\UserIsAlreadyMemberOfOrganizationApiException;
 use App\Http\Requests\V1\Invitation\InvitationIndexRequest;
 use App\Http\Requests\V1\Invitation\InvitationStoreRequest;
@@ -50,6 +51,7 @@ class InvitationController extends Controller
      *
      * @throws AuthorizationException
      * @throws UserIsAlreadyMemberOfOrganizationApiException
+     * @throws InvitationForTheEmailAlreadyExistsApiException
      *
      * @operationId invite
      */

app/Http/Controllers/Api/V1/MemberController.php

@@ -10,12 +10,14 @@ use App\Exceptions\Api\CanNotRemoveOwnerFromOrganization;
 use App\Exceptions\Api\ChangingRoleOfPlaceholderIsNotAllowed;
 use App\Exceptions\Api\ChangingRoleToPlaceholderIsNotAllowed;
 use App\Exceptions\Api\EntityStillInUseApiException;
+use App\Exceptions\Api\InvitationForTheEmailAlreadyExistsApiException;
 use App\Exceptions\Api\OnlyOwnerCanChangeOwnership;
 use App\Exceptions\Api\OnlyPlaceholdersCanBeMergedIntoAnotherMember;
 use App\Exceptions\Api\OrganizationNeedsAtLeastOneOwner;
 use App\Exceptions\Api\ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException;
 use App\Exceptions\Api\UserIsAlreadyMemberOfOrganizationApiException;
 use App\Exceptions\Api\UserNotPlaceholderApiException;
+use App\Http\Requests\V1\Member\MemberDestroyRequest;
 use App\Http\Requests\V1\Member\MemberIndexRequest;
 use App\Http\Requests\V1\Member\MemberMergeIntoRequest;
 use App\Http\Requests\V1\Member\MemberUpdateRequest;
@@ -100,11 +102,13 @@ class MemberController extends Controller
      *
      * @operationId removeMember
      */
-    public function destroy(Organization $organization, Member $member, MemberService $memberService): JsonResponse
+    public function destroy(MemberDestroyRequest $request, Organization $organization, Member $member, MemberService $memberService): JsonResponse
     {
         $this->checkPermission($organization, 'members:delete', $member);
 
-        $memberService->removeMember($member, $organization);
+        $deleteRelated = $request->getDeleteRelated();
+
+        $memberService->removeMember($member, $organization, $deleteRelated);
 
         return response()
             ->json(null, 204);
@@ -170,6 +174,7 @@ class MemberController extends Controller
      * @throws UserNotPlaceholderApiException
      * @throws UserIsAlreadyMemberOfOrganizationApiException
      * @throws ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException
+     * @throws InvitationForTheEmailAlreadyExistsApiException
      *
      * @operationId invitePlaceholder
      */

app/Http/Controllers/Controller.php

@@ -43,7 +43,10 @@ class Controller extends BaseController
         /** @var Member|null $member */
         $member = Member::query()->whereBelongsTo($organization, 'organization')->whereBelongsTo($user, 'user')->first();
         if ($member === null) {
-            Log::error('This function should only be called in authenticated context after checking the user is a member of the organization');
+            Log::error('This function should only be called in authenticated context after checking the user is a member of the organization', [
+                'user' => $user->getKey(),
+                'organization' => $organization->getKey(),
+            ]);
             throw new AuthorizationException;
         }
 

app/Http/Middleware/EnsureEmailIsVerified.php

@@ -5,7 +5,6 @@ declare(strict_types=1);
 namespace App\Http\Middleware;
 
 use Closure;
-use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\URL;
@@ -20,8 +19,7 @@ class EnsureEmailIsVerified
     {
         if (! app()->isLocal()) {
             if ($request->user() === null ||
-                ($request->user() instanceof MustVerifyEmail &&
-                    ! $request->user()->hasVerifiedEmail())) {
+                (! $request->user()->hasVerifiedEmail())) {
                 return $request->expectsJson()
                     ? abort(403, 'Your email address is not verified.')
                     : Redirect::guest(URL::route($redirectToRoute ?: 'verification.notice'));

app/Http/Middleware/HandleInertiaRequests.php

@@ -50,7 +50,7 @@ class HandleInertiaRequests extends Middleware
         return array_merge(parent::share($request), [
             'has_billing_extension' => $hasBilling,
             'has_invoicing_extension' => $hasInvoicing,
-            'billing' => $billing !== null && $currentOrganization !== null ? [
+            'billing' => $currentOrganization !== null ? [
                 'has_subscription' => $billing->hasSubscription($currentOrganization),
                 'has_trial' => $billing->hasTrial($currentOrganization),
                 'trial_until' => $billing->getTrialUntil($currentOrganization)?->toIso8601ZuluString(),

app/Http/Middleware/ShareInertiaData.php

@@ -26,7 +26,7 @@ class ShareInertiaData
     {
         /** @var PermissionStore $permissions */
         $permissions = app(PermissionStore::class);
-        Inertia::share(array_filter([
+        Inertia::share([
             'jetstream' => function () use ($request) {
                 /** @var User|null $user */
                 $user = $request->user();
@@ -101,7 +101,7 @@ class ShareInertiaData
                     return [$key => $bag->messages()];
                 })->all();
             },
-        ]));
+        ]);
 
         return $next($request);
     }

app/Http/Requests/V1/Invitation/InvitationStoreRequest.php

@@ -7,11 +7,8 @@ namespace App\Http\Requests\V1\Invitation;
 use App\Enums\Role;
 use App\Http\Requests\V1\BaseFormRequest;
 use App\Models\Organization;
-use App\Models\OrganizationInvitation;
 use Illuminate\Contracts\Validation\ValidationRule;
-use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Validation\Rule;
-use Korridor\LaravelModelValidationRules\Rules\UniqueEloquent;
 
 /**
  * @property Organization $organization
@@ -29,10 +26,6 @@ class InvitationStoreRequest extends BaseFormRequest
             'email' => [
                 'required',
                 'email',
-                UniqueEloquent::make(OrganizationInvitation::class, 'email', function (Builder $builder): Builder {
-                    /** @var Builder<OrganizationInvitation> $builder */
-                    return $builder->whereBelongsTo($this->organization, 'organization');
-                })->withCustomTranslation('validation.invitation_already_exists'),
             ],
             'role' => [
                 'required',

app/Http/Requests/V1/Member/MemberDestroyRequest.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Requests\V1\Member;
+
+use App\Http\Requests\V1\BaseFormRequest;
+use App\Models\Organization;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+/**
+ * @property Organization $organization
+ */
+class MemberDestroyRequest extends BaseFormRequest
+{
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<string|ValidationRule>>
+     */
+    public function rules(): array
+    {
+        return [
+            'delete_related' => [
+                'string',
+                'in:true,false',
+            ],
+        ];
+    }
+
+    public function getDeleteRelated(): bool
+    {
+        return $this->input('delete_related', 'false') === 'true';
+    }
+}

app/Http/Resources/V1/Project/ProjectCollection.php

@@ -8,15 +8,11 @@ use App\Http\Resources\PaginatedResourceCollection;
 use App\Models\Project;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\ResourceCollection;
-use Illuminate\Pagination\LengthAwarePaginator;
 
 class ProjectCollection extends ResourceCollection implements PaginatedResourceCollection
 {
     private bool $showBillableRates;
 
-    /**
-     * @param  LengthAwarePaginator<Project>  $resource
-     */
     public function __construct($resource, bool $showBillableRates)
     {
         parent::__construct($resource);

app/Mail/AuthApiTokenExpirationReminderMail.php

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Mail;
+
+use App\Models\Passport\Token;
+use App\Models\User;
+use Illuminate\Bus\Queueable;
+use Illuminate\Mail\Mailable;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Facades\URL;
+
+class AuthApiTokenExpirationReminderMail extends Mailable
+{
+    use Queueable, SerializesModels;
+
+    public Token $token;
+
+    public User $user;
+
+    /**
+     * Create a new message instance.
+     *
+     * @return void
+     */
+    public function __construct(Token $token, User $user)
+    {
+        $this->token = $token;
+        $this->user = $user;
+    }
+
+    /**
+     * Build the message.
+     */
+    public function build(): self
+    {
+        return $this->markdown('emails.auth-api-expiration-reminder', [
+            'profileUrl' => URL::to('user/profile'),
+            'tokenName' => $this->token->name,
+        ])
+            ->subject(__('Your API token will expire in 7 days!'));
+    }
+}

app/Mail/AuthApiTokenExpiredMail.php

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Mail;
+
+use App\Models\Passport\Token;
+use App\Models\User;
+use Illuminate\Bus\Queueable;
+use Illuminate\Mail\Mailable;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Support\Facades\URL;
+
+class AuthApiTokenExpiredMail extends Mailable
+{
+    use Queueable, SerializesModels;
+
+    public Token $token;
+
+    public User $user;
+
+    /**
+     * Create a new message instance.
+     *
+     * @return void
+     */
+    public function __construct(Token $token, User $user)
+    {
+        $this->token = $token;
+        $this->user = $user;
+    }
+
+    /**
+     * Build the message.
+     */
+    public function build(): self
+    {
+        return $this->markdown('emails.auth-api-token-expired', [
+            'profileUrl' => URL::to('user/profile'),
+            'tokenName' => $this->token->name,
+        ])
+            ->subject(__('Your API token has expired!'));
+    }
+}

app/Models/Audit.php

@@ -16,8 +16,8 @@ use OwenIt\Auditing\Models\Audit as PackageAuditModel;
  * @property string $event
  * @property string $auditable_type
  * @property string $auditable_id
- * @property array|null $old_values
- * @property array|null $new_values
+ * @property array<string, mixed>|null $old_values
+ * @property array<string, mixed>|null $new_values
  * @property string|null $url
  * @property string|null $ip_address
  * @property string|null $user_agent

app/Models/Client.php

@@ -47,7 +47,7 @@ class Client extends Model implements AuditableContract
     ];
 
     /**
-     * @return BelongsTo<Organization, Client>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {
@@ -55,7 +55,7 @@ class Client extends Model implements AuditableContract
     }
 
     /**
-     * @return HasMany<Project>
+     * @return HasMany<Project, $this>
      */
     public function projects(): HasMany
     {

app/Models/Member.php

@@ -25,8 +25,8 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
  * @property Carbon|null $updated_at
  * @property-read Organization $organization
  * @property-read User $user
- * @property-read Collection<ProjectMember> $projectMembers
- * @property-read Collection<TimeEntry> $timeEntries
+ * @property-read Collection<int, ProjectMember> $projectMembers
+ * @property-read Collection<int, TimeEntry> $timeEntries
  *
  * @method static MemberFactory factory()
  */
@@ -47,7 +47,7 @@ class Member extends JetstreamMembership implements AuditableContract
     protected $table = 'members';
 
     /**
-     * @return BelongsTo<User, Member>
+     * @return BelongsTo<User, $this>
      */
     public function user(): BelongsTo
     {
@@ -55,7 +55,7 @@ class Member extends JetstreamMembership implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Organization, Member>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {
@@ -63,7 +63,7 @@ class Member extends JetstreamMembership implements AuditableContract
     }
 
     /**
-     * @return HasMany<TimeEntry>
+     * @return HasMany<TimeEntry, $this>
      */
     public function timeEntries(): HasMany
     {
@@ -71,7 +71,7 @@ class Member extends JetstreamMembership implements AuditableContract
     }
 
     /**
-     * @return HasMany<ProjectMember>
+     * @return HasMany<ProjectMember, $this>
      */
     public function projectMembers(): HasMany
     {

app/Models/Organization.php

@@ -18,6 +18,7 @@ use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\Relations\Pivot;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Str;
 use Laravel\Jetstream\Events\TeamCreated;
@@ -47,7 +48,7 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
  * @property IntervalFormat $interval_format
  * @property TimeFormat $time_format
  *
- * @method HasMany<OrganizationInvitation> teamInvitations()
+ * @method HasMany<OrganizationInvitation, $this> teamInvitations()
  * @method static OrganizationFactory factory()
  */
 class Organization extends JetstreamTeam implements AuditableContract
@@ -79,7 +80,7 @@ class Organization extends JetstreamTeam implements AuditableContract
     /**
      * The attributes that are mass assignable.
      *
-     * @var array<int, string>
+     * @var list<string>
      */
     protected $fillable = [
         'name',
@@ -125,7 +126,7 @@ class Organization extends JetstreamTeam implements AuditableContract
     /**
      * Get all the users that belong to the team.
      *
-     * @return BelongsToMany<User>
+     * @return BelongsToMany<User, $this, Pivot, 'membership'>
      */
     public function users(): BelongsToMany
     {
@@ -142,7 +143,7 @@ class Organization extends JetstreamTeam implements AuditableContract
     /**
      * Get the owner of the team.
      *
-     * @return BelongsTo<User, Organization>
+     * @return BelongsTo<User, $this>
      */
     public function owner(): BelongsTo
     {
@@ -150,7 +151,7 @@ class Organization extends JetstreamTeam implements AuditableContract
     }
 
     /**
-     * @return HasMany<Member>
+     * @return HasMany<Member, $this>
      */
     public function members(): HasMany
     {
@@ -158,7 +159,7 @@ class Organization extends JetstreamTeam implements AuditableContract
     }
 
     /**
-     * @return BelongsToMany<User>
+     * @return BelongsToMany<User, $this, Pivot, 'membership'>
      */
     public function realUsers(): BelongsToMany
     {

app/Models/OrganizationInvitation.php

@@ -53,7 +53,7 @@ class OrganizationInvitation extends JetstreamTeamInvitation implements Auditabl
     /**
      * Get the organization that the invitation belongs to.
      *
-     * @return BelongsTo<Organization, OrganizationInvitation>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {
@@ -63,7 +63,7 @@ class OrganizationInvitation extends JetstreamTeamInvitation implements Auditabl
     /**
      * Get the organization that the invitation belongs to.
      *
-     * @return BelongsTo<Organization, OrganizationInvitation>
+     * @return BelongsTo<Organization, $this>
      */
     public function team(): BelongsTo
     {

app/Models/Passport/AuthCode.php

@@ -4,6 +4,26 @@ declare(strict_types=1);
 
 namespace App\Models\Passport;
 
+use App\Models\User;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Support\Carbon;
 use Laravel\Passport\AuthCode as PassportAuthCode;
 
-class AuthCode extends PassportAuthCode {}
+/**
+ * @property string $id
+ * @property string $user_id
+ * @property string $client_id
+ * @property string|null $scopes
+ * @property bool $revoked
+ * @property Carbon $expires_at
+ */
+class AuthCode extends PassportAuthCode
+{
+    /**
+     * @return BelongsTo<User, $this>
+     */
+    public function user(): BelongsTo
+    {
+        return $this->belongsTo(User::class, 'user_id');
+    }
+}

app/Models/Passport/Client.php

@@ -5,22 +5,36 @@ declare(strict_types=1);
 namespace App\Models\Passport;
 
 use Database\Factories\Passport\ClientFactory;
+use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Support\Carbon;
 use Laravel\Passport\Client as PassportClient;
 
 /**
  * @property string $id
- * @property string|null $user_id
+ * @property string|null $owner_id
+ * @property string|null $owner_type
  * @property string $name
  * @property string|null $secret
  * @property string|null $provider
- * @property string $redirect
- * @property bool $personal_access_client
- * @property bool $password_client
+ * @property array<string> $grant_types
+ * @property array<string> $redirect_uris
+ * @property Carbon|null $created_at
+ * @property Carbon|null $updated_at
  * @property bool $revoked
  */
 class Client extends PassportClient
 {
     /** @use HasFactory<ClientFactory> */
     use HasFactory;
+
+    /**
+     * Create a new factory instance for the model.
+     *
+     * @return ClientFactory
+     */
+    protected static function newFactory(): Factory
+    {
+        return ClientFactory::new();
+    }
 }

app/Models/Passport/PersonalAccessClient.php

@@ -1,9 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Models\Passport;
-
-use Laravel\Passport\PersonalAccessClient as PassportPersonalAccessClient;
-
-class PersonalAccessClient extends PassportPersonalAccessClient {}

app/Models/Passport/Token.php

@@ -4,7 +4,9 @@ declare(strict_types=1);
 
 namespace App\Models\Passport;
 
+use App\Models\User;
 use Database\Factories\Passport\TokenFactory;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Support\Carbon;
@@ -17,9 +19,15 @@ use Laravel\Passport\Token as PassportToken;
  * @property null|string $name
  * @property array<string> $scopes
  * @property bool $revoked
+ * @property Carbon|null $reminder_sent_at
+ * @property Carbon|null $expired_info_sent_at
  * @property Carbon|null $created_at
  * @property Carbon|null $updated_at
  * @property Carbon|null $expires_at
+ * @property-read Client|null $client
+ * @property-read User|null $user
+ *
+ * @method Builder<Token> isApiToken(bool $isApiToken = true)
  */
 class Token extends PassportToken
 {
@@ -29,10 +37,60 @@ class Token extends PassportToken
     /**
      * Get the client that the token belongs to.
      *
-     * @return BelongsTo<Client, Token>
+     * @return BelongsTo<Client, $this>
      */
+    // @phpstan-ignore method.childReturnType
     public function client(): BelongsTo
     {
         return $this->belongsTo(Client::class, 'client_id', 'id');
     }
+
+    /**
+     * Get the user that the token belongs to.
+     *
+     * @deprecated Will be removed in a future Laravel version.
+     *
+     * @return BelongsTo<User, $this>
+     */
+    // @phpstan-ignore method.childReturnType
+    public function user(): BelongsTo
+    {
+        return $this->belongsTo(User::class, 'user_id');
+    }
+
+    /**
+     * Get the attributes that should be cast.
+     *
+     * @return array<string, string>
+     */
+    protected function casts(): array
+    {
+        return [
+            'scopes' => 'array',
+            'revoked' => 'bool',
+            'expires_at' => 'datetime',
+            'reminder_sent_at' => 'datetime',
+            'expired_info_sent_at' => 'datetime',
+        ];
+    }
+
+    /**
+     * @param  Builder<static>  $query
+     * @return Builder<static>
+     */
+    public function scopeIsApiToken(Builder $query, bool $isApiToken = true): Builder
+    {
+        if ($isApiToken) {
+            return $query->whereHas('client', function (Builder $query): void {
+                /** @var Builder<Client> $query */
+                $query->whereJsonContains('grant_types', 'personal_access');
+            });
+        } else {
+            return $query->whereHas('client', function (Builder $query): void {
+                /** @var Builder<Client> $query */
+                $query->whereJsonDoesntContain('grant_types', 'personal_access');
+            });
+        }
+
+    }
 }

app/Models/Project.php

@@ -137,7 +137,7 @@ class Project extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Organization, Project>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {
@@ -145,7 +145,7 @@ class Project extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Client, Project>
+     * @return BelongsTo<Client, $this>
      */
     public function client(): BelongsTo
     {
@@ -153,7 +153,7 @@ class Project extends Model implements AuditableContract
     }
 
     /**
-     * @return HasMany<ProjectMember>
+     * @return HasMany<ProjectMember, $this>
      */
     public function members(): HasMany
     {
@@ -161,7 +161,7 @@ class Project extends Model implements AuditableContract
     }
 
     /**
-     * @return HasMany<Task>
+     * @return HasMany<Task, $this>
      */
     public function tasks(): HasMany
     {
@@ -169,7 +169,7 @@ class Project extends Model implements AuditableContract
     }
 
     /**
-     * @return HasMany<TimeEntry>
+     * @return HasMany<TimeEntry, $this>
      */
     public function timeEntries(): HasMany
     {

app/Models/ProjectMember.php

@@ -48,7 +48,7 @@ class ProjectMember extends Model implements AuditableContract
     ];
 
     /**
-     * @return BelongsTo<Project, ProjectMember>
+     * @return BelongsTo<Project, $this>
      */
     public function project(): BelongsTo
     {
@@ -58,7 +58,7 @@ class ProjectMember extends Model implements AuditableContract
     /**
      * @deprecated Use member relationship instead
      *
-     * @return BelongsTo<User, ProjectMember>
+     * @return BelongsTo<User, $this>
      */
     public function user(): BelongsTo
     {
@@ -66,7 +66,7 @@ class ProjectMember extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Member, ProjectMember>
+     * @return BelongsTo<Member, $this>
      */
     public function member(): BelongsTo
     {

app/Models/Report.php

@@ -55,7 +55,7 @@ class Report extends Model
     }
 
     /**
-     * @return BelongsTo<Organization, Report>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {

app/Models/Tag.php

@@ -22,7 +22,7 @@ use Staudenmeir\EloquentJsonRelations\Relations\HasManyJson;
  * @property string $organization_id
  * @property Carbon|null $created_at
  * @property Carbon|null $updated_at
- * @property-read Collection<TimeEntry> $timeEntries
+ * @property-read Collection<int, TimeEntry> $timeEntries
  * @property-read Organization $organization
  *
  * @method static TagFactory factory()
@@ -47,7 +47,7 @@ class Tag extends Model implements AuditableContract
     ];
 
     /**
-     * @return BelongsTo<Organization, Tag>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {

app/Models/Task.php

@@ -120,7 +120,7 @@ class Task extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Project, Task>
+     * @return BelongsTo<Project, $this>
      */
     public function project(): BelongsTo
     {
@@ -128,7 +128,7 @@ class Task extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Organization, Task>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {
@@ -136,7 +136,7 @@ class Task extends Model implements AuditableContract
     }
 
     /**
-     * @return HasMany<TimeEntry>
+     * @return HasMany<TimeEntry, $this>
      */
     public function timeEntries(): HasMany
     {

app/Models/TimeEntry.php

@@ -28,7 +28,7 @@ use Staudenmeir\EloquentJsonRelations\Relations\BelongsToJson;
  * @property Carbon|null $end
  * @property int|null $billable_rate Billable rate per hour in cents
  * @property bool $billable
- * @property array $tags
+ * @property array<string> $tags
  * @property string $user_id
  * @property string $member_id
  * @property bool $is_imported
@@ -45,7 +45,7 @@ use Staudenmeir\EloquentJsonRelations\Relations\BelongsToJson;
  * @property-read Client|null $client
  * @property string|null $task_id
  * @property-read Task|null $task
- * @property-read Collection<Tag> $tagsRelation
+ * @property-read Collection<int, Tag> $tagsRelation
  *
  * @method Builder<TimeEntry> hasTag(Tag $tag)
  * @method static TimeEntryFactory factory()
@@ -154,7 +154,7 @@ class TimeEntry extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<User, TimeEntry>
+     * @return BelongsTo<User, $this>
      */
     public function user(): BelongsTo
     {
@@ -162,7 +162,7 @@ class TimeEntry extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Member, TimeEntry>
+     * @return BelongsTo<Member, $this>
      */
     public function member(): BelongsTo
     {
@@ -170,7 +170,7 @@ class TimeEntry extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Organization, TimeEntry>
+     * @return BelongsTo<Organization, $this>
      */
     public function organization(): BelongsTo
     {
@@ -178,7 +178,7 @@ class TimeEntry extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Project, TimeEntry>
+     * @return BelongsTo<Project, $this>
      */
     public function project(): BelongsTo
     {
@@ -186,7 +186,7 @@ class TimeEntry extends Model implements AuditableContract
     }
 
     /**
-     * @return BelongsTo<Task, TimeEntry>
+     * @return BelongsTo<Task, $this>
      */
     public function task(): BelongsTo
     {
@@ -196,7 +196,7 @@ class TimeEntry extends Model implements AuditableContract
     /**
      * This relation can be reconstructed via the task relation. It is only here for performance reasons.
      *
-     * @return BelongsTo<Client, TimeEntry>
+     * @return BelongsTo<Client, $this>
      */
     public function client(): BelongsTo
     {

app/Models/User.php

@@ -19,6 +19,7 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Database\Eloquent\Relations\Pivot;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Carbon;
@@ -27,6 +28,7 @@ use Laravel\Fortify\TwoFactorAuthenticatable;
 use Laravel\Jetstream\HasProfilePhoto;
 use Laravel\Jetstream\HasTeams;
 use Laravel\Passport\AuthCode;
+use Laravel\Passport\Contracts\OAuthenticatable;
 use Laravel\Passport\HasApiTokens;
 use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 
@@ -52,13 +54,13 @@ use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
  * @property Collection<int, TimeEntry> $timeEntries
  * @property Member $membership
  *
- * @method HasMany<Organization> ownedTeams()
+ * @method HasMany<Organization, $this> ownedTeams()
  * @method static UserFactory factory()
  * @method static Builder<User> query()
  * @method Builder<User> belongsToOrganization(Organization $organization)
  * @method Builder<User> active()
  */
-class User extends Authenticatable implements AuditableContract, FilamentUser, MustVerifyEmail
+class User extends Authenticatable implements AuditableContract, FilamentUser, MustVerifyEmail, OAuthenticatable
 {
     use CustomAuditable;
     use HasApiTokens;
@@ -75,7 +77,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     /**
      * The attributes that are mass assignable.
      *
-     * @var array<int, string>
+     * @var list<string>
      */
     protected $fillable = [
         'name',
@@ -86,7 +88,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     /**
      * The attributes that should be hidden for serialization.
      *
-     * @var array<int, string>
+     * @var list<string>
      */
     protected $hidden = [
         'password',
@@ -143,7 +145,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     }
 
     /**
-     * @return BelongsToMany<Organization>
+     * @return BelongsToMany<Organization, $this, Pivot, 'membership'>
      */
     public function organizations(): BelongsToMany
     {
@@ -158,7 +160,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     }
 
     /**
-     * @return HasMany<TimeEntry>
+     * @return HasMany<TimeEntry, $this>
      */
     public function timeEntries(): HasMany
     {
@@ -166,7 +168,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     }
 
     /**
-     * @return BelongsTo<Organization, User>
+     * @return BelongsTo<Organization, $this>
      */
     public function currentOrganization(): BelongsTo
     {
@@ -174,7 +176,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     }
 
     /**
-     * @return HasMany<ProjectMember>
+     * @return HasMany<ProjectMember, $this>
      */
     public function projectMembers(): HasMany
     {
@@ -182,7 +184,7 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     }
 
     /**
-     * @return HasMany<Token>
+     * @return HasMany<Token, $this>
      */
     public function accessTokens(): HasMany
     {
@@ -190,24 +192,13 @@ class User extends Authenticatable implements AuditableContract, FilamentUser, M
     }
 
     /**
-     * @return HasMany<AuthCode>
+     * @return HasMany<AuthCode, $this>
      */
     public function authCodes(): HasMany
     {
         return $this->hasMany(AuthCode::class);
     }
 
-    /**
-     * Get the access tokens for the user.
-     *
-     * @return HasMany<Token>
-     */
-    public function tokens(): HasMany
-    {
-        return $this->hasMany(Token::class, 'user_id')
-            ->orderBy('created_at', 'desc');
-    }
-
     /**
      * @param  Builder<User>  $builder
      */

app/Providers/AuthServiceProvider.php

@@ -7,7 +7,6 @@ namespace App\Providers;
 use App\Models\Organization;
 use App\Models\Passport\AuthCode;
 use App\Models\Passport\Client;
-use App\Models\Passport\PersonalAccessClient;
 use App\Models\Passport\RefreshToken;
 use App\Models\Passport\Token;
 use App\Policies\OrganizationPolicy;
@@ -51,7 +50,8 @@ class AuthServiceProvider extends ServiceProvider
         Passport::useRefreshTokenModel(RefreshToken::class);
         Passport::useAuthCodeModel(AuthCode::class);
         Passport::useClientModel(Client::class);
-        Passport::usePersonalAccessClientModel(PersonalAccessClient::class);
+
+        Passport::authorizationView('auth.oauth.authorize');
 
         // Passport::tokensExpireIn(now()->addDays(15));
         // Passport::refreshTokensExpireIn(now()->addDays(30));

app/Providers/JetstreamServiceProvider.php

@@ -187,6 +187,7 @@ class JetstreamServiceProvider extends ServiceProvider
             'members:invite-placeholder',
             'members:make-placeholder',
             'members:merge-into',
+            'members:delete',
             'members:update',
             'reports:view',
             'reports:create',

app/Service/CurrencyService.php

@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace App\Service;
 
+use Brick\Money\ISOCurrencyProvider;
 use Brick\Money\Money;
 
 class CurrencyService
@@ -374,4 +375,12 @@ class CurrencyService
 
         return $currencyCode;
     }
+
+    public function getRandomCurrencyCode(): string
+    {
+        $currencies = ISOCurrencyProvider::getInstance()->getAvailableCurrencies();
+        $currencyCodes = array_keys($currencies);
+
+        return $currencyCodes[array_rand($currencyCodes)];
+    }
 }

app/Service/Dto/ReportPropertiesDto.php

@@ -119,9 +119,6 @@ class ReportPropertiesDto implements Castable
                 return $dto;
             }
 
-            /**
-             * @param  ReportPropertiesDto  $value
-             */
             public function set(Model $model, string $key, mixed $value, array $attributes): string
             {
                 if (! ($value instanceof ReportPropertiesDto)) {

app/Service/InvitationService.php

@@ -5,6 +5,7 @@ declare(strict_types=1);
 namespace App\Service;
 
 use App\Enums\Role;
+use App\Exceptions\Api\InvitationForTheEmailAlreadyExistsApiException;
 use App\Exceptions\Api\UserIsAlreadyMemberOfOrganizationApiException;
 use App\Mail\OrganizationInvitationMail;
 use App\Models\Member;
@@ -16,7 +17,7 @@ use Laravel\Jetstream\Events\InvitingTeamMember;
 class InvitationService
 {
     /**
-     * @throws UserIsAlreadyMemberOfOrganizationApiException
+     * @throws UserIsAlreadyMemberOfOrganizationApiException|InvitationForTheEmailAlreadyExistsApiException
      */
     public function inviteUser(Organization $organization, string $email, Role $role): OrganizationInvitation
     {
@@ -28,6 +29,13 @@ class InvitationService
             throw new UserIsAlreadyMemberOfOrganizationApiException;
         }
 
+        if (OrganizationInvitation::query()
+            ->where('email', $email)
+            ->whereBelongsTo($organization, 'organization')
+            ->exists()) {
+            throw new InvitationForTheEmailAlreadyExistsApiException;
+        }
+
         InvitingTeamMember::dispatch($organization, $email, $role->value);
 
         $invitation = new OrganizationInvitation;

app/Service/MemberService.php

@@ -45,6 +45,9 @@ class MemberService
             $member->organization()->associate($organization);
             $member->role = $role->value;
             $member->save();
+
+            $user->currentOrganization()->associate($organization);
+            $user->save();
         });
 
         if (! $asSuperAdmin) {
@@ -58,19 +61,41 @@ class MemberService
      * @throws CanNotRemoveOwnerFromOrganization
      * @throws EntityStillInUseApiException
      */
-    public function removeMember(Member $member, Organization $organization): void
+    public function removeMember(Member $member, Organization $organization, bool $withRelations = false): void
     {
-        if (TimeEntry::query()->where('user_id', $member->user_id)->whereBelongsTo($organization, 'organization')->exists()) {
-            throw new EntityStillInUseApiException('member', 'time_entry');
-        }
-        if (ProjectMember::query()->whereBelongsToOrganization($organization)->where('user_id', $member->user_id)->exists()) {
-            throw new EntityStillInUseApiException('member', 'project_member');
-        }
         if ($member->role === Role::Owner->value) {
             throw new CanNotRemoveOwnerFromOrganization;
         }
 
+        $user = $member->user;
+        $isPlaceholder = $user->is_placeholder;
+
+        if (! $isPlaceholder && $user->current_team_id === $member->organization_id) {
+            $user->currentTeam()->disassociate();
+            $user->save();
+        }
+
+        if ($withRelations) {
+            TimeEntry::query()->where('user_id', $member->user_id)->whereBelongsTo($organization, 'organization')->delete();
+            ProjectMember::query()->whereBelongsToOrganization($organization)->where('user_id', $member->user_id)->delete();
+        } else {
+            if (TimeEntry::query()->where('user_id', $member->user_id)->whereBelongsTo($organization, 'organization')->exists()) {
+                throw new EntityStillInUseApiException('member', 'time_entry');
+            }
+            if (ProjectMember::query()->whereBelongsToOrganization($organization)->where('user_id', $member->user_id)->exists()) {
+                throw new EntityStillInUseApiException('member', 'project_member');
+            }
+        }
+
         $member->delete();
+
+        if ($isPlaceholder) {
+            $user->delete();
+        } else {
+            $this->userService->makeSureUserHasAtLeastOneOrganization($user);
+            $this->userService->makeSureUserHasCurrentOrganization($user);
+        }
+
         MemberRemoved::dispatch($member, $organization);
     }
 

app/Service/PermissionStore.php

@@ -71,7 +71,7 @@ class PermissionStore
         /** @var Role|null $roleObj */
         $roleObj = Jetstream::findRole($role);
 
-        return $roleObj?->permissions ?? [];
+        return $roleObj->permissions ?? [];
     }
 
     /**

composer.json

@@ -11,31 +11,31 @@
         "datomatic/laravel-enum-helper": "^2.0.0",
         "dedoc/scramble": "^0.12.2",
         "filament/filament": "^3.2",
-        "flowframe/laravel-trend": "^0.3.0",
+        "flowframe/laravel-trend": "^0.4.0",
         "gotenberg/gotenberg-php": "^2.8",
         "guzzlehttp/guzzle": "^7.2",
-        "inertiajs/inertia-laravel": "^1.0",
+        "inertiajs/inertia-laravel": "^2.0.3",
         "korridor/laravel-computed-attributes": "^3.1",
         "korridor/laravel-has-many-sync": "^3.1",
         "korridor/laravel-model-validation-rules": "^3.0",
-        "laravel/framework": "^11.16.0",
+        "laravel/framework": "^12.19.3",
         "laravel/jetstream": "^5.0",
         "laravel/octane": "^2.3",
-        "laravel/passport": "^12.0",
+        "laravel/passport": "^13.0.5",
         "laravel/tinker": "^2.8",
         "league/csv": "^9.16.0",
         "league/flysystem-aws-s3-v3": "^3.0",
         "league/iso3166": "^4.3",
         "maatwebsite/excel": "^3.1",
         "novadaemon/filament-pretty-json": "^2.2",
-        "nwidart/laravel-modules": "^11.0.11",
-        "owen-it/laravel-auditing": "^13.6",
-        "pxlrbt/filament-environment-indicator": "^2.0",
+        "nwidart/laravel-modules": "^12.0.4",
+        "owen-it/laravel-auditing": "^14.0.0",
+        "pxlrbt/filament-environment-indicator": "^2.1.0",
         "spatie/temporary-directory": "^2.2",
         "staudenmeir/eloquent-json-relations": "^1.1",
         "stechstudio/filament-impersonate": "^3.8",
         "tightenco/ziggy": "^2.1.0",
-        "tpetry/laravel-postgresql-enhanced": "^2.0.0",
+        "tpetry/laravel-postgresql-enhanced": "^3.0.0",
         "wikimedia/composer-merge-plugin": "^2.1.0"
     },
     "require-dev": {
@@ -43,14 +43,13 @@
         "brianium/paratest": "^7.3",
         "fakerphp/faker": "^1.9.1",
         "fumeapp/modeltyper": "^3.0",
-        "phpstan/phpstan": "1.12.0",
-        "larastan/larastan": "^2.0",
+        "larastan/larastan": "^3.5.0",
         "laravel/pint": "^1.0",
         "laravel/sail": "^1.18",
         "laravel/telescope": "^5.0",
         "mockery/mockery": "^1.4.4",
         "nunomaduro/collision": "^8.1",
-        "phpunit/phpunit": "^11",
+        "phpunit/phpunit": "^12",
         "spatie/laravel-ignition": "^2.0",
         "timacdonald/log-fake": "^2.1"
     },

config/passport.php

@@ -34,31 +34,15 @@ return [
 
     /*
     |--------------------------------------------------------------------------
-    | Client UUIDs
+    | Passport Database Connection
     |--------------------------------------------------------------------------
     |
-    | By default, Passport uses auto-incrementing primary keys when assigning
-    | IDs to clients. However, if Passport is installed using the provided
-    | --uuids switch, this will be set to "true" and UUIDs will be used.
+    | By default, Passport's models will utilize your application's default
+    | database connection. If you wish to use a different connection you
+    | may specify the configured name of the database connection here.
     |
     */
 
-    'client_uuids' => true,
-
-    /*
-    |--------------------------------------------------------------------------
-    | Personal Access Client
-    |--------------------------------------------------------------------------
-    |
-    | If you enable client hashing, you should set the personal access client
-    | ID and unhashed secret within your environment file. The values will
-    | get used while issuing fresh personal access tokens to your users.
-    |
-    */
-
-    'personal_access_client' => [
-        'id' => env('PASSPORT_PERSONAL_ACCESS_CLIENT_ID'),
-        'secret' => env('PASSPORT_PERSONAL_ACCESS_CLIENT_SECRET'),
-    ],
+    'connection' => env('PASSPORT_CONNECTION'),
 
 ];

config/scheduling.php

@@ -6,6 +6,7 @@ return [
 
     'tasks' => [
         'time_entry_send_still_running_mails' => (bool) env('SCHEDULING_TASK_TIME_ENTRY_SEND_STILL_RUNNING_MAILS', true),
+        'auth_send_mails_expiring_api_tokens' => (bool) env('SCHEDULING_TASK_AUTH_SEND_MAILS_EXPIRING_API_TOKENS', true),
         'self_hosting_check_for_update' => (bool) env('SCHEDULING_TASK_SELF_HOSTING_CHECK_FOR_UPDATE', true),
         'self_hosting_telemetry' => (bool) env('SCHEDULING_TASK_SELF_HOSTING_TELEMETRY', true),
         'self_hosting_database_consistency' => (bool) env('SCHEDULING_TASK_SELF_HOSTING_DATABASE_CONSISTENCY', false),

database/factories/OrganizationFactory.php

@@ -11,6 +11,7 @@ use App\Enums\NumberFormat;
 use App\Enums\TimeFormat;
 use App\Models\Organization;
 use App\Models\User;
+use App\Service\CurrencyService;
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 /**
@@ -27,7 +28,7 @@ class OrganizationFactory extends Factory
     {
         return [
             'name' => $this->faker->unique()->company(),
-            'currency' => $this->faker->currencyCode(),
+            'currency' => app(CurrencyService::class)->getRandomCurrencyCode(),
             'billable_rate' => null,
             'user_id' => User::factory(),
             'personal_team' => true,

database/factories/Passport/ClientFactory.php

@@ -7,11 +7,12 @@ namespace Database\Factories\Passport;
 use App\Models\Passport\Client;
 use App\Models\User;
 use Illuminate\Database\Eloquent\Factories\Factory;
+use Laravel\Passport\Database\Factories\ClientFactory as BaseClientFactory;
 
 /**
  * @extends Factory<Client>
  */
-class ClientFactory extends Factory
+class ClientFactory extends BaseClientFactory
 {
     /**
      * Define the model's default state.
@@ -22,24 +23,40 @@ class ClientFactory extends Factory
     {
         return [
             'id' => $this->faker->uuid,
-            'user_id' => null,
+            'owner_id' => null,
+            'owner_type' => null,
             'name' => $this->faker->company(),
             'secret' => $this->faker->regexify('[A-Za-z]{40}'),
             'provider' => 'users',
-            'redirect' => $this->faker->url(),
-            'personal_access_client' => false,
-            'password_client' => false,
+            'redirect_uris' => [$this->faker->url()],
+            'grant_types' => [],
             'revoked' => false,
             'created_at' => $this->faker->dateTime(),
             'updated_at' => $this->faker->dateTime(),
         ];
     }
 
+    public function desktopClient(): self
+    {
+        return $this->state(fn (array $attributes) => [
+            'name' => 'Desktop',
+            'grant_types' => ['urn:ietf:params:oauth:grant-type:device_code', 'refresh_token', 'authorization_code', 'implicit'],
+        ]);
+    }
+
+    public function apiClient(): self
+    {
+        return $this->state(fn (array $attributes) => [
+            'name' => 'API',
+            'grant_types' => ['urn:ietf:params:oauth:grant-type:device_code', 'refresh_token', 'client_credentials', 'personal_access'],
+        ]);
+    }
+
     public function personalAccessClient(): self
     {
         return $this->state(function (array $attributes) {
             return [
-                'personal_access_client' => true,
+                'grant_types' => ['personal_access'],
             ];
         });
     }
@@ -48,7 +65,8 @@ class ClientFactory extends Factory
     {
         return $this->state(function (array $attributes) use ($user): array {
             return [
-                'user_id' => $user->getKey(),
+                'owner_id' => $user->getKey(),
+                'owner_type' => (new User)->getMorphClass(),
             ];
         });
     }

database/factories/Passport/TokenFactory.php

@@ -31,6 +31,8 @@ class TokenFactory extends Factory
             'created_at' => $this->faker->dateTime,
             'updated_at' => $this->faker->dateTime,
             'expires_at' => $this->faker->dateTime,
+            'reminder_sent_at' => null,
+            'expired_info_sent_at' => null,
         ];
     }
 

database/migrations/2024_06_01_000001_create_oauth_device_codes_table.php

@@ -0,0 +1,44 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('oauth_device_codes', function (Blueprint $table): void {
+            $table->char('id', 80)->primary();
+            $table->foreignId('user_id')->nullable()->index();
+            $table->foreignUuid('client_id')->index();
+            $table->char('user_code', 8)->unique();
+            $table->text('scopes');
+            $table->boolean('revoked');
+            $table->dateTime('user_approved_at')->nullable();
+            $table->dateTime('last_polled_at')->nullable();
+            $table->dateTime('expires_at')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('oauth_device_codes');
+    }
+
+    /**
+     * Get the migration connection name.
+     */
+    public function getConnection(): ?string
+    {
+        return $this->connection ?? config('passport.connection');
+    }
+};

database/migrations/2025_06_30_095942_remove_oauth_personal_access_clients_table.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::drop('oauth_personal_access_clients');
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::create('oauth_personal_access_clients', function (Blueprint $table): void {
+            $table->bigIncrements('id');
+            $table->uuid('client_id');
+            $table->foreign('client_id')
+                ->references('id')
+                ->on('oauth_clients')
+                ->onDelete('restrict')
+                ->onUpdate('cascade');
+            $table->timestamps();
+        });
+    }
+};

database/migrations/2025_06_30_132538_update_oauth_clients_table.php

@@ -0,0 +1,115 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        DB::table('oauth_clients')->update(['provider' => 'users']); // Change default provider if necessary
+
+        Schema::table('oauth_clients', function (Blueprint $table): void {
+            $table->text('grant_types')->default('[]')->after('provider');
+            $table->text('redirect_uris')->default('[]');
+            $table->renameColumn('user_id', 'owner_id');
+            $table->string('owner_type')->after('owner_id')->nullable();
+        });
+
+        DB::table('oauth_clients')
+            ->where('redirect', '=', 'http://localhost')
+            ->where('personal_access_client', '=', true)
+            ->update(['redirect' => '']);
+
+        DB::table('oauth_clients')
+            ->whereNotNull('owner_id')
+            ->update(['owner_type' => 'user']); // Value might be class name of the owner model, depends on if you use "enforceMorphMap"
+
+        DB::table('oauth_clients')->eachById(function ($client): void {
+            $grantTypes = ['urn:ietf:params:oauth:grant-type:device_code', 'refresh_token'];
+            $confidential = ! empty($client->secret);
+            $noRedirect = empty($client->redirect);
+            $redirectUris = $noRedirect ? [] : [$client->redirect];
+            $firstParty = empty($client->owner_id);
+
+            if (! $noRedirect) {
+                $grantTypes[] = 'authorization_code';
+                $grantTypes[] = 'implicit';
+            }
+
+            if ($confidential && $firstParty) {
+                $grantTypes[] = 'client_credentials';
+            }
+
+            if ($client->personal_access_client && $confidential) {
+                $grantTypes[] = 'personal_access';
+            }
+
+            if ($client->password_client) {
+                $grantTypes[] = 'password';
+            }
+
+            DB::table('oauth_clients')
+                ->where('id', $client->id)
+                ->update([
+                    'redirect_uris' => $redirectUris,
+                    'grant_types' => $grantTypes,
+                ]);
+        });
+
+        Schema::table('oauth_clients', function (Blueprint $table): void {
+            $table->dropForeign(['user_id']);
+            $table->index(['owner_id', 'owner_type']);
+            $table->dropColumn('redirect');
+            $table->dropColumn('personal_access_client');
+            $table->dropColumn('password_client');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('oauth_clients', function (Blueprint $table): void {
+            $table->dropIndex(['owner_id', 'owner_type']);
+            $table->renameColumn('owner_id', 'user_id');
+            $table->foreign('user_id')
+                ->on('users')
+                ->references('id')
+                ->onDelete('cascade')
+                ->onUpdate('cascade');
+            $table->string('redirect')->nullable();
+            $table->boolean('personal_access_client')->default(false);
+            $table->boolean('password_client')->default(false);
+        });
+
+        DB::table('oauth_clients')->eachById(function ($client): void {
+            $redirectUris = json_decode($client->redirect_uris);
+            $grantTypes = json_decode($client->grant_types);
+
+            DB::table('oauth_clients')
+                ->where('id', $client->id)
+                ->update([
+                    'redirect' => $redirectUris[0] ?? '', // redirect not nullable
+                    'password_client' => in_array('password', $grantTypes, true)
+                        && in_array('refresh_token', $grantTypes, true),
+                    'personal_access_client' => in_array('personal_access', $grantTypes, true),
+                ]);
+        });
+
+        Schema::table('oauth_clients', function (Blueprint $table): void {
+            $table->dropColumn(['grant_types', 'redirect_uris', 'owner_type']);
+            $table->string('redirect')->nullable(false)->change();
+            $table->boolean('personal_access_client')->default(null)->change();
+            $table->boolean('password_client')->default(null)->change();
+        });
+
+    }
+};

database/migrations/2025_07_15_105949_hash_oauth_clients.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        // This could be optimized to run all the updates in the eachById
+        DB::table('oauth_clients')->whereNotNull('secret')->eachById(function ($client): void {
+            $secret = $client->secret;
+            if (Hash::isHashed($secret) && ! Hash::needsRehash($secret)) {
+                return; // Already hashed and not needing rehash
+            }
+            DB::table('oauth_clients')
+                ->where('id', $client->id)
+                ->update([
+                    'secret' => Hash::make($secret),
+                ]);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        // This can not be reversed without a backup of the original secrets, for security reasons.
+    }
+};

database/migrations/2025_07_17_104903_add_reminder_sent_at_to_oauth_access_tokens_table.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('oauth_access_tokens', function (Blueprint $table): void {
+            $table->dateTime('reminder_sent_at')->nullable();
+            $table->dateTime('expired_info_sent_at')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('oauth_access_tokens', function (Blueprint $table): void {
+            $table->dropColumn('reminder_sent_at');
+            $table->dropColumn('expired_info_sent_at');
+        });
+    }
+};

database/seeders/DatabaseSeeder.php

@@ -24,7 +24,6 @@ use Illuminate\Support\Facades\DB;
 use Laravel\Passport\AuthCode;
 use Laravel\Passport\Client as PassportClient;
 use Laravel\Passport\ClientRepository;
-use Laravel\Passport\PersonalAccessClient;
 use Laravel\Passport\RefreshToken;
 use Laravel\Passport\Token;
 
@@ -37,6 +36,18 @@ class DatabaseSeeder extends Seeder
     {
         $this->deleteAll();
 
+        app(ClientRepository::class)->createAuthorizationCodeGrantClient(
+            name: 'Desktop App',
+            redirectUris: ['solidtime://oauth/callback'],
+            confidential: false, // TODO: ?
+            enableDeviceFlow: false, // TODO: ?
+        );
+
+        // TODO: grant_types ? migration?
+
+        // app(ClientRepository::class)->createPersonalAccessGrantClient('API');
+
+        /*
         app(ClientRepository::class)->create(
             null,
             'desktop',
@@ -46,17 +57,16 @@ class DatabaseSeeder extends Seeder
             false,
             false
         );
+        */
 
         $personalAccessClient = new PassportClient;
         $personalAccessClient->id = config('passport.personal_access_client.id');
         $personalAccessClient->secret = config('passport.personal_access_client.secret');
         $personalAccessClient->name = 'API';
-        $personalAccessClient->redirect = 'http://localhost';
-        $personalAccessClient->user_id = null;
+        $personalAccessClient->redirect_uris = ['http://localhost'];
         $personalAccessClient->revoked = false;
-        $personalAccessClient->provider = null;
-        $personalAccessClient->personal_access_client = true;
-        $personalAccessClient->password_client = false;
+        $personalAccessClient->provider = 'users';
+        $personalAccessClient->grant_types = ['personal_access'];
         $personalAccessClient->save();
 
         $userWithMultipleOrganizations = User::factory()->withPersonalOrganization()->create([
@@ -197,7 +207,6 @@ class DatabaseSeeder extends Seeder
         DB::table((new RefreshToken)->getTable())->delete();
         DB::table((new Token)->getTable())->delete();
         DB::table((new AuthCode)->getTable())->delete();
-        DB::table((new PersonalAccessClient)->getTable())->delete();
         DB::table((new PassportClient)->getTable())->delete();
 
         // Internal tables

docker/prod/Dockerfile

@@ -1,47 +1,30 @@
-# Accepted values: 8.3 - 8.2
 ARG PHP_VERSION=8.3
-
-ARG FRANKENPHP_VERSION=latest
-
-ARG COMPOSER_VERSION=latest
-
+ARG FRANKENPHP_VERSION=1.8
+ARG COMPOSER_VERSION=2.8
+ARG BUN_VERSION="latest"
+ARG APP_ENV
 ARG DOCKER_FILES_BASE_PATH="docker/prod/"
 
-###########################################
-# Build frontend assets with NPM
-###########################################
-
-#ARG NODE_VERSION=20-alpine
-#
-#FROM node:${NODE_VERSION} AS build
-#
-#ENV ROOT=/var/www/html
-#
-#WORKDIR ${ROOT}
-#
-#RUN npm config set update-notifier false && npm set progress=false
-#
-#COPY package*.json ./
-#
-#RUN if [ -f $ROOT/package-lock.json ]; \
-#    then \
-#    npm ci --loglevel=error --no-audit; \
-#    else \
-#    npm install --loglevel=error --no-audit; \
-#    fi
-#
-#COPY . .
-#
-#RUN npm run build
-
-###########################################
-
 FROM composer:${COMPOSER_VERSION} AS vendor
 
-FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION}
+FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-builder-php${PHP_VERSION} AS upstream
 
-ARG DOCKER_FILES_BASE_PATH
-ARG TARGETPLATFORM
+COPY --from=caddy:builder /usr/bin/xcaddy /usr/bin/xcaddy
+
+RUN CGO_ENABLED=1 \
+    XCADDY_SETCAP=1 \
+    XCADDY_GO_BUILD_FLAGS="-ldflags='-w -s' -tags=nobadger,nomysql,nopgx" \
+    CGO_CFLAGS=$(php-config --includes) \
+    CGO_LDFLAGS="$(php-config --ldflags) $(php-config --libs)" \
+    xcaddy build \
+        --output /usr/local/bin/frankenphp \
+        --with github.com/dunglas/frankenphp=./ \
+        --with github.com/dunglas/frankenphp/caddy=./caddy/ \
+        --with github.com/dunglas/caddy-cbrotli
+
+FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION} AS base
+
+COPY --from=upstream /usr/local/bin/frankenphp /usr/local/bin/frankenphp
 
 LABEL maintainer="solidtime <hello@solidtime.io>"
 LABEL org.opencontainers.image.title="solidtime"
@@ -53,18 +36,22 @@ ARG WWWUSER=1000
 ARG WWWGROUP=1000
 ARG TZ=UTC
 ARG APP_DIR=/var/www/html
+ARG APP_ENV
+ARG APP_HOST
+ARG DOCKER_FILES_BASE_PATH
 
 ENV DEBIAN_FRONTEND=noninteractive \
     TERM=xterm-color \
-    WITH_HORIZON=false \
-    WITH_SCHEDULER=false \
     OCTANE_SERVER=frankenphp \
+    TZ=${TZ} \
     USER=octane \
     ROOT=${APP_DIR} \
+    APP_ENV=${APP_ENV} \
     COMPOSER_FUND=0 \
     COMPOSER_MAX_PARALLEL_HTTP=24 \
     XDG_CONFIG_HOME=${APP_DIR}/.config \
-    XDG_DATA_HOME=${APP_DIR}/.data
+    XDG_DATA_HOME=${APP_DIR}/.data \
+    SERVER_NAME=${APP_HOST}
 
 WORKDIR ${ROOT}
 
@@ -78,14 +65,16 @@ RUN apt-get update; \
     apt-get install -yqq --no-install-recommends --show-progress \
     apt-utils \
     curl \
-    gcc \
     wget \
-    nano \
+    vim \
+    git \
     ncdu \
     procps \
+    unzip \
     ca-certificates \
     supervisor \
     libsodium-dev \
+    libbrotli-dev \
     # Install PHP extensions (included with dunglas/frankenphp)
     && install-php-extensions \
     bz2 \
@@ -99,6 +88,8 @@ RUN apt-get update; \
     exif \
     pdo_mysql \
     zip \
+    uv \
+    vips \
     intl \
     gd \
     redis \
@@ -128,27 +119,34 @@ RUN arch="$(uname -m)" \
 
 RUN userdel --remove --force www-data \
     && groupadd --force -g ${WWWGROUP} ${USER} \
-    && useradd -ms /bin/bash --no-log-init --no-user-group -g ${WWWGROUP} -u ${WWWUSER} ${USER}
+    && useradd -ms /bin/bash --no-log-init --no-user-group -g ${WWWGROUP} -u ${WWWUSER} ${USER} \
+    && setcap -r /usr/local/bin/frankenphp
 
 RUN chown -R ${USER}:${USER} ${ROOT} /var/{log,run} \
     && chmod -R a+rw ${ROOT} /var/{log,run}
 
 RUN cp ${PHP_INI_DIR}/php.ini-production ${PHP_INI_DIR}/php.ini
 
-COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/php.ini ${PHP_INI_DIR}/conf.d/99-octane-default.ini
-COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/php-arm.ini ${PHP_INI_DIR}/conf.d/99-octane-arm.ini
-
-RUN echo "TARGETPLATFORM is equal to ${TARGETPLATFORM}"
-RUN if [ "${TARGETPLATFORM}" = "linux/arm64" ]; then \
-    rm ${PHP_INI_DIR}/conf.d/99-octane-default.ini; \
-    else \
-    rm ${PHP_INI_DIR}/conf.d/99-octane-arm.ini; \
-    fi
-
 USER ${USER}
 
-COPY --chown=${USER}:${USER} --from=vendor /usr/bin/composer /usr/bin/composer
-#COPY --chown=${USER}:${USER} composer.json composer.lock ./
+COPY --link --chown=${WWWUSER}:${WWWUSER} --from=vendor /usr/bin/composer /usr/bin/composer
+
+COPY --link --chown=${WWWUSER}:${WWWUSER} ${DOCKER_FILES_BASE_PATH}deployment/supervisord.conf /etc/
+COPY --link --chown=${WWWUSER}:${WWWUSER} ${DOCKER_FILES_BASE_PATH}deployment/octane/FrankenPHP/supervisord.frankenphp.conf /etc/supervisor/conf.d/
+COPY --link --chown=${WWWUSER}:${WWWUSER} ${DOCKER_FILES_BASE_PATH}deployment/supervisord.*.conf /etc/supervisor/conf.d/
+COPY --link --chown=${WWWUSER}:${WWWUSER} ${DOCKER_FILES_BASE_PATH}deployment/start-container /usr/local/bin/start-container
+COPY --link --chown=${WWWUSER}:${WWWUSER} ${DOCKER_FILES_BASE_PATH}deployment/healthcheck /usr/local/bin/healthcheck
+COPY --link --chown=${WWWUSER}:${WWWUSER} ${DOCKER_FILES_BASE_PATH}deployment/php.ini ${PHP_INI_DIR}/conf.d/99-octane.ini
+
+RUN chmod +x /usr/local/bin/start-container /usr/local/bin/healthcheck
+
+###########################################
+
+#FROM base AS common
+#
+#USER ${USER}
+#
+#COPY --link --chown=${WWWUSER}:${WWWUSER} . .
 #
 #RUN composer install \
 #    --no-dev \
@@ -158,22 +156,47 @@ COPY --chown=${USER}:${USER} --from=vendor /usr/bin/composer /usr/bin/composer
 #    --no-scripts \
 #    --audit
 
-COPY --chown=${USER}:${USER} . .
-#COPY --chown=${USER}:${USER} --from=build ${ROOT}/public public
+###########################################
+# Build frontend assets with Bun
+###########################################
+
+#FROM oven/bun:${BUN_VERSION} AS build
+#
+#ARG APP_ENV
+#
+#ENV ROOT=/var/www/html \
+#    APP_ENV=${APP_ENV} \
+#    NODE_ENV=${APP_ENV:-production}
+#
+#WORKDIR ${ROOT}
+#
+#COPY --link package.json bun.lock* ./
+#
+#RUN bun install --frozen-lockfile
+#
+#COPY --link . .
+#COPY --link --from=common ${ROOT}/vendor vendor
+#
+#RUN bun run build
+
+###########################################
+
+#FROM common AS runner
+
+USER ${USER}
+
+ENV WITH_HORIZON=false \
+    WITH_SCHEDULER=false \
+    WITH_REVERB=false
+
+COPY --link --chown=${WWWUSER}:${WWWUSER} . .
+#COPY --link --chown=${WWWUSER}:${WWWUSER} --from=build ${ROOT}/public public
 
 RUN mkdir -p \
     storage/framework/{sessions,views,cache,testing} \
     storage/logs \
     bootstrap/cache && chmod -R a+rw storage
 
-COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/supervisord.conf /etc/supervisor/
-COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/octane/FrankenPHP/supervisord.frankenphp.conf /etc/supervisor/conf.d/
-COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/supervisord.*.conf /etc/supervisor/conf.d/
-COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/start-container /usr/local/bin/start-container
-
-# FrankenPHP embedded PHP configuration
-COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/php.ini /lib/php.ini
-
 #RUN composer install \
 #    --classmap-authoritative \
 #    --no-interaction \
@@ -183,12 +206,9 @@ COPY --chown=${USER}:${USER} ${DOCKER_FILES_BASE_PATH}deployment/php.ini /lib/ph
 
 RUN cat .env
 #RUN php artisan env
-RUN php artisan storage:link
-
-RUN chmod +x /usr/local/bin/start-container
-
-RUN cat ${DOCKER_FILES_BASE_PATH}deployment/utilities.sh >> ~/.bashrc
 
 EXPOSE 8000
 
 ENTRYPOINT ["start-container"]
+
+#HEALTHCHECK --start-period=5s --interval=2s --timeout=5s --retries=8 CMD healthcheck || exit 1

docker/prod/deployment/healthcheck

@@ -0,0 +1,35 @@
+#!/usr/bin/env sh
+
+set -e
+
+container_mode=${CONTAINER_MODE:-"http"}
+
+if [ "${container_mode}" = "http" ]; then
+    php "${ROOT}/artisan" octane:status
+elif [ "${container_mode}" = "horizon" ]; then
+    php "${ROOT}/artisan" horizon:status
+elif [ "${container_mode}" = "scheduler" ]; then
+    if [ "$(supervisorctl status scheduler:scheduler_0 | awk '{print tolower($2)}')" = "running" ]; then
+        exit 0
+    else
+        echo "Healthcheck failed."
+        exit 1
+    fi
+elif [ "${container_mode}" = "reverb" ]; then
+    if [ "$(supervisorctl status reverb:reverb_0 | awk '{print tolower($2)}')" = "running" ]; then
+        exit 0
+    else
+        echo "Healthcheck failed."
+        exit 1
+    fi
+elif [ "${container_mode}" = "worker" ]; then
+    if [ "$(supervisorctl status worker:worker_0 | awk '{print tolower($2)}')" = "running" ]; then
+        exit 0
+    else
+        echo "Healthcheck failed."
+        exit 1
+    fi
+else
+    echo "Container mode mismatched."
+    exit 1
+fi

docker/prod/deployment/octane/FrankenPHP/Caddyfile

@@ -0,0 +1,68 @@
+{
+	{$CADDY_GLOBAL_OPTIONS}
+
+	admin {$CADDY_SERVER_ADMIN_HOST}:{$CADDY_SERVER_ADMIN_PORT}
+
+	frankenphp {
+		worker "{$APP_PUBLIC_PATH}/frankenphp-worker.php" {$CADDY_SERVER_WORKER_COUNT}
+	}
+
+	metrics {
+		per_host
+	}
+
+	servers {
+		protocols h1
+	}
+}
+
+{$CADDY_EXTRA_CONFIG}
+
+{$CADDY_SERVER_SERVER_NAME} {
+	log {
+		level WARN
+
+		format filter {
+			wrap {$CADDY_SERVER_LOGGER}
+			fields {
+				uri query {
+					replace authorization REDACTED
+				}
+			}
+		}
+	}
+
+	route {
+		root * "{$APP_PUBLIC_PATH}"
+		encode zstd br gzip
+
+		{$CADDY_SERVER_EXTRA_DIRECTIVES}
+
+		request_body {
+			max_size 500MB
+		}
+
+		@static {
+			file
+			path *.js *.css *.jpg *.jpeg *.webp *.weba *.webm *.gif *.png *.ico *.cur *.gz *.svg *.svgz *.mp4 *.mp3 *.ogg *.ogv *.htc *.woff2 *.woff
+		}
+
+		@staticshort {
+			file
+			path *.json *.xml *.rss
+		}
+
+		header @static Cache-Control "public, immutable, stale-while-revalidate, max-age=31536000"
+
+		header @staticshort Cache-Control "no-cache, max-age=3600"
+
+		@rejected `path('*.bak', '*.conf', '*.dist', '*.fla', '*.ini', '*.inc', '*.inci', '*.log', '*.orig', '*.psd', '*.sh', '*.sql', '*.swo', '*.swp', '*.swop', '*/.*') && !path('*/.well-known/*')`
+		error @rejected 401
+
+		php_server {
+			index frankenphp-worker.php
+			try_files {path} frankenphp-worker.php
+			resolve_root_symlink
+		}
+	}
+}

docker/prod/deployment/octane/FrankenPHP/supervisord.frankenphp.conf

@@ -1,51 +1,65 @@
 [program:octane]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan octane:start --server=frankenphp --host=0.0.0.0 --port=8000 --admin-port=2019
-; command=php %(ENV_ROOT)s/artisan octane:start --server=frankenphp --host=localhost --port=443 --admin-port=2019 --https --http-redirect
-user=%(ENV_USER)s
-autostart=true
-autorestart=true
-environment=LARAVEL_OCTANE="1"
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+process_name = %(program_name)s_%(process_num)s
+command = php %(ENV_ROOT)s/artisan octane:frankenphp --host=0.0.0.0 --port=8000 --admin-port=2019 --caddyfile=%(ENV_ROOT)s/docker/prod/deployment/octane/FrankenPHP/Caddyfile
+user = %(ENV_USER)s
+priority = 1
+autostart = true
+autorestart = true
+environment = LARAVEL_OCTANE = "1"
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
 
 [program:horizon]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan horizon
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_HORIZON)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/storage/logs/horizon.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/horizon.log
-stderr_logfile_maxbytes=200MB
-stopwaitsecs=3600
+process_name = %(program_name)s_%(process_num)s
+command = php %(ENV_ROOT)s/artisan horizon
+user = %(ENV_USER)s
+priority = 3
+autostart = %(ENV_WITH_HORIZON)s
+autorestart = true
+stdout_logfile = %(ENV_ROOT)s/storage/logs/horizon.log
+stdout_logfile_maxbytes = 200MB
+stderr_logfile = %(ENV_ROOT)s/storage/logs/horizon.log
+stderr_logfile_maxbytes = 200MB
+stopwaitsecs = 3600
 
 [program:scheduler]
-process_name=%(program_name)s_%(process_num)02d
-command=supercronic -overlapping /etc/supercronic/laravel
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stderr_logfile_maxbytes=200MB
+process_name = %(program_name)s_%(process_num)s
+command = supercronic -overlapping /etc/supercronic/laravel
+user = %(ENV_USER)s
+autostart = %(ENV_WITH_SCHEDULER)s
+autorestart = true
+stdout_logfile = %(ENV_ROOT)s/storage/logs/scheduler.log
+stdout_logfile_maxbytes = 200MB
+stderr_logfile = %(ENV_ROOT)s/storage/logs/scheduler.log
+stderr_logfile_maxbytes = 200MB
 
 [program:clear-scheduler-cache]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan schedule:clear-cache
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=false
-startsecs=0
-startretries=1
-stdout_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stderr_logfile_maxbytes=200MB
+process_name = %(program_name)s_%(process_num)s
+command = php %(ENV_ROOT)s/artisan schedule:clear-cache
+user = %(ENV_USER)s
+autostart = %(ENV_WITH_SCHEDULER)s
+autorestart = false
+startsecs = 0
+startretries = 1
+stdout_logfile = %(ENV_ROOT)s/storage/logs/scheduler.log
+stdout_logfile_maxbytes = 200MB
+stderr_logfile = %(ENV_ROOT)s/storage/logs/scheduler.log
+stderr_logfile_maxbytes = 200MB
+
+[program:reverb]
+process_name = %(program_name)s_%(process_num)s
+command = php %(ENV_ROOT)s/artisan reverb:start
+user = %(ENV_USER)s
+priority = 2
+autostart = %(ENV_WITH_REVERB)s
+autorestart = true
+stdout_logfile = %(ENV_ROOT)s/storage/logs/reverb.log
+stdout_logfile_maxbytes = 200MB
+stderr_logfile = %(ENV_ROOT)s/storage/logs/reverb.log
+stderr_logfile_maxbytes = 200MB
+minfds = 10000
 
 [include]
-files=/etc/supervisor/supervisord.conf
+files = /etc/supervisord.conf

docker/prod/deployment/octane/RoadRunner/.rr.prod.yaml

@@ -1,25 +0,0 @@
-version: '2.7'
-rpc:
-  listen: 'tcp://127.0.0.1:6001'
-server:
-  relay: pipes
-http:
-  middleware: [ "static", "gzip", "headers" ]
-  max_request_size: 20
-  static:
-    dir: "public"
-    forbid: [ ".php", ".htaccess" ]
-  uploads:
-    forbid: [".php", ".exe", ".bat", ".sh"]
-  pool:
-    allocate_timeout: 10s
-    destroy_timeout: 10s
-    supervisor:
-      max_worker_memory: 128
-      exec_ttl: 60s
-logs:
-  mode: production
-  level: debug
-  encoding: json
-status:
-    address: localhost:2114

docker/prod/deployment/octane/RoadRunner/supervisord.roadrunner.conf

@@ -1,50 +0,0 @@
-[program:octane]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan octane:start --server=roadrunner --host=0.0.0.0 --port=8000 --rpc-port=6001 --rr-config=%(ENV_ROOT)s/.rr.yaml
-user=%(ENV_USER)s
-autostart=true
-autorestart=true
-environment=LARAVEL_OCTANE="1"
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-
-[program:horizon]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan horizon
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_HORIZON)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/storage/logs/horizon.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/horizon.log
-stderr_logfile_maxbytes=200MB
-stopwaitsecs=3600
-
-[program:scheduler]
-process_name=%(program_name)s_%(process_num)02d
-command=supercronic -overlapping /etc/supercronic/laravel
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stderr_logfile_maxbytes=200MB
-
-[program:clear-scheduler-cache]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan schedule:clear-cache
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=false
-startsecs=0
-startretries=1
-stdout_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stderr_logfile_maxbytes=200MB
-
-[include]
-files=/etc/supervisor/supervisord.conf

docker/prod/deployment/octane/Swoole/supervisord.swoole.conf

@@ -1,50 +0,0 @@
-[program:octane]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan octane:start --server=swoole --host=0.0.0.0 --port=8000
-user=%(ENV_USER)s
-autostart=true
-autorestart=true
-environment=LARAVEL_OCTANE="1"
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-
-[program:horizon]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan horizon
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_HORIZON)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/storage/logs/horizon.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/horizon.log
-stderr_logfile_maxbytes=200MB
-stopwaitsecs=3600
-
-[program:scheduler]
-process_name=%(program_name)s_%(process_num)02d
-command=supercronic -overlapping /etc/supercronic/laravel
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stderr_logfile_maxbytes=200MB
-
-[program:clear-scheduler-cache]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan schedule:clear-cache
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=false
-startsecs=0
-startretries=1
-stdout_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stdout_logfile_maxbytes=200MB
-stderr_logfile=%(ENV_ROOT)s/storage/logs/scheduler.log
-stderr_logfile_maxbytes=200MB
-
-[include]
-files=/etc/supervisor/supervisord.conf

docker/prod/deployment/php-arm.ini

@@ -1,30 +0,0 @@
-[PHP]
-post_max_size = 100M
-upload_max_filesize = 100M
-expose_php = 0
-realpath_cache_size = 16M
-realpath_cache_ttl = 360
-max_input_time = 5
-
-[Opcache]
-opcache.enable = 1
-opcache.enable_cli = 1
-opcache.memory_consumption = 256M
-opcache.use_cwd = 0
-opcache.max_file_size = 0
-opcache.max_accelerated_files = 32531
-opcache.validate_timestamps = 0
-opcache.file_update_protection = 0
-opcache.interned_strings_buffer = 16
-opcache.file_cache = 60
-
-[JIT]
-opcache.jit_buffer_size = 128M
-opcache.jit = disable
-opcache.jit_prof_threshold = 0.001
-opcache.jit_max_root_traces = 2048
-opcache.jit_max_side_traces = 256
-
-[zlib]
-zlib.output_compression = On
-zlib.output_compression_level = 9

docker/prod/deployment/php.ini

@@ -5,6 +5,8 @@ expose_php = 0
 realpath_cache_size = 16M
 realpath_cache_ttl = 360
 max_input_time = 5
+register_argc_argv = 0
+date.timezone = ${TZ:-UTC}
 
 [Opcache]
 opcache.enable = 1
@@ -16,7 +18,6 @@ opcache.max_accelerated_files = 32531
 opcache.validate_timestamps = 0
 opcache.file_update_protection = 0
 opcache.interned_strings_buffer = 16
-opcache.file_cache = 60
 
 [JIT]
 opcache.jit_buffer_size = 128M

docker/prod/deployment/start-container

@@ -4,41 +4,49 @@ set -e
 container_mode=${CONTAINER_MODE:-"http"}
 octane_server=${OCTANE_SERVER}
 auto_db_migrate=${AUTO_DB_MIGRATE:-false}
-echo "Container mode: $container_mode"
 
 initialStuff() {
+    echo "Container mode: $container_mode"
+
     if [ ${auto_db_migrate} = "true" ]; then
         echo "Auto database migration enabled."
         php artisan migrate --isolated --force
     fi
+
+    php artisan storage:link; \
     php artisan optimize:clear; \
-    php artisan event:cache; \
-    php artisan config:cache; \
-    php artisan route:cache;
+    php artisan optimize;
 }
 
 if [ "$1" != "" ]; then
     exec "$@"
-elif [ ${container_mode} = "http" ]; then
-    echo "Octane Server: $octane_server"
+elif [ "${container_mode}" = "http" ]; then
     initialStuff
-    if [ ${octane_server}  = "frankenphp" ]; then
+    echo "Octane Server: $octane_server"
+    if [ "${octane_server}"  = "frankenphp" ]; then
         exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.frankenphp.conf
-    elif [ ${octane_server}  = "swoole" ]; then
+    elif [ "${octane_server}"  = "swoole" ]; then
         exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.swoole.conf
-    elif [ ${octane_server}  = "roadrunner" ]; then
+    elif [ "${octane_server}"  = "roadrunner" ]; then
         exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.roadrunner.conf
     else
         echo "Invalid Octane server supplied."
         exit 1
     fi
-elif [ ${container_mode} = "horizon" ]; then
+elif [ "${container_mode}" = "horizon" ]; then
     initialStuff
     exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.horizon.conf
-elif [ ${container_mode} = "scheduler" ]; then
+elif [ "${container_mode}" = "reverb" ]; then
+    initialStuff
+    exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.reverb.conf
+elif [ "${container_mode}" = "scheduler" ]; then
     initialStuff
     exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.scheduler.conf
-elif [ ${container_mode} = "worker" ]; then
+elif [ "${container_mode}" = "worker" ]; then
+    if [ -z "${WORKER_COMMAND}" ]; then
+        echo "WORKER_COMMAND is undefined."
+        exit 1
+    fi
     initialStuff
     exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.worker.conf
 else

docker/prod/deployment/supervisord.conf

@@ -1,14 +1,13 @@
 [supervisord]
-nodaemon=true
-user=%(ENV_USER)s
-logfile=/var/log/supervisor/supervisord.log
-pidfile=/var/run/supervisord.pid
-
-[unix_http_server]
-file=/var/run/supervisor.sock
+nodaemon = true
+user = %(ENV_USER)s
+logfile = /var/log/supervisor/supervisord.log
+pidfile = /var/run/supervisord.pid
 
 [supervisorctl]
-serverurl=unix:///var/run/supervisor.sock
+
+[inet_http_server]
+port = 127.0.0.1:9001
 
 [rpcinterface:supervisor]
-supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface

docker/prod/deployment/supervisord.horizon.conf

@@ -1,14 +1,14 @@
 [program:horizon]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan horizon
-user=%(ENV_USER)s
-autostart=true
-autorestart=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-stopwaitsecs=3600
+process_name = %(program_name)s_%(process_num)s
+command = php %(ENV_ROOT)s/artisan horizon
+user = %(ENV_USER)s
+autostart = true
+autorestart = true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
+stopwaitsecs = 3600
 
 [include]
-files=/etc/supervisor/supervisord.conf
+files = /etc/supervisord.conf

docker/prod/deployment/supervisord.reverb.conf

@@ -0,0 +1,14 @@
+[program:reverb]
+process_name = %(program_name)s_%(process_num)s
+command = php %(ENV_ROOT)s/artisan reverb:start
+user = %(ENV_USER)s
+autostart = true
+autorestart = true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
+minfds = 10000
+
+[include]
+files = /etc/supervisord.conf

docker/prod/deployment/supervisord.scheduler.conf

@@ -1,26 +1,26 @@
 [program:scheduler]
-process_name=%(program_name)s_%(process_num)02d
-command=supercronic -overlapping /etc/supercronic/laravel
-user=%(ENV_USER)s
-autostart=true
-autorestart=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+process_name = %(program_name)s_%(process_num)s
+command = supercronic -overlapping /etc/supercronic/laravel
+user = %(ENV_USER)s
+autostart = true
+autorestart = true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
 
 [program:clear-scheduler-cache]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan schedule:clear-cache
-user=%(ENV_USER)s
-autostart=true
-autorestart=false
-startsecs=0
-startretries=1
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+process_name = %(program_name)s_%(process_num)s
+command = php %(ENV_ROOT)s/artisan schedule:clear-cache
+user = %(ENV_USER)s
+autostart = true
+autorestart = false
+startsecs = 0
+startretries = 1
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
 
 [include]
-files=/etc/supervisor/supervisord.conf
+files = /etc/supervisord.conf

docker/prod/deployment/supervisord.swoole.conf

@@ -1,42 +0,0 @@
-[supervisord]
-nodaemon=true
-user=%(ENV_USER)s
-logfile=/var/log/supervisor/supervisord.log
-pidfile=/var/run/supervisord.pid
-
-[program:octane]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan octane:start --server=swoole --host=0.0.0.0 --port=8000
-user=%(ENV_USER)s
-autostart=true
-autorestart=true
-environment=LARAVEL_OCTANE="1"
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-
-[program:horizon]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan horizon
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_HORIZON)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/horizon.log
-stopwaitsecs=3600
-
-[program:scheduler]
-process_name=%(program_name)s_%(process_num)02d
-command=supercronic -overlapping /etc/supercronic/laravel
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=true
-stdout_logfile=%(ENV_ROOT)s/scheduler.log
-
-[program:clear-scheduler-cache]
-process_name=%(program_name)s_%(process_num)02d
-command=php %(ENV_ROOT)s/artisan schedule:clear-cache
-user=%(ENV_USER)s
-autostart=%(ENV_WITH_SCHEDULER)s
-autorestart=false
-stdout_logfile=%(ENV_ROOT)s/scheduler.log

docker/prod/deployment/supervisord.worker.conf

@@ -1,13 +1,13 @@
 [program:worker]
-process_name=%(program_name)s_%(process_num)02d
-command=%(ENV_WORKER_COMMAND)s
-user=%(ENV_USER)s
-autostart=true
-autorestart=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+process_name = %(program_name)s_%(process_num)s
+command = %(ENV_WORKER_COMMAND)s
+user = %(ENV_USER)s
+autostart = true
+autorestart = true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
 
 [include]
-files=/etc/supervisor/supervisord.conf
+files = /etc/supervisord.conf

docker/prod/deployment/utilities.sh

@@ -1,12 +0,0 @@
-tinker() {
-  if [ -z "$1" ]; then
-    php artisan tinker
-  else
-    php artisan tinker --execute="\"dd($1);\""
-  fi
-}
-
-# Commonly used aliases
-alias ..="cd .."
-alias ...="cd ../.."
-alias art="php artisan"

e2e/projects.spec.ts

@@ -102,7 +102,7 @@ test('test that updating billable rate works with existing time entries', async
 
     await page.getByRole('row').first().getByRole('button').click();
     await page.getByRole('menuitem').getByText('Edit').first().click();
-        await page.getByText('Non-Billable').click();
+    await page.getByText('Non-Billable').click();
     await page.getByText('Custom Rate').click();
     await page
         .getByPlaceholder('Billable Rate')
@@ -111,8 +111,8 @@ test('test that updating billable rate works with existing time entries', async
 
     await Promise.all([
         page
-            .getByRole('button', { name: 'Yes, update existing time entries' })
-            .click(),
+        .locator('button').filter({ hasText: 'Yes, update existing time' })
+        .click(),    
         page.waitForRequest(
             async (request) =>
                 request.url().includes('/projects/') &&

lang/en/exceptions.php

@@ -9,6 +9,7 @@ use App\Exceptions\Api\ChangingRoleToPlaceholderIsNotAllowed;
 use App\Exceptions\Api\EntityStillInUseApiException;
 use App\Exceptions\Api\FeatureIsNotAvailableInFreePlanApiException;
 use App\Exceptions\Api\InactiveUserCanNotBeUsedApiException;
+use App\Exceptions\Api\InvitationForTheEmailAlreadyExistsApiException;
 use App\Exceptions\Api\OnlyOwnerCanChangeOwnership;
 use App\Exceptions\Api\OnlyPlaceholdersCanBeMergedIntoAnotherMember;
 use App\Exceptions\Api\OrganizationHasNoSubscriptionButMultipleMembersException;
@@ -45,6 +46,7 @@ return [
         ChangingRoleOfPlaceholderIsNotAllowed::KEY => 'Changing role of placeholder is not allowed',
         OnlyPlaceholdersCanBeMergedIntoAnotherMember::KEY => 'Only placeholders can be merged into another member',
         ThisPlaceholderCanNotBeInvitedUseTheMergeToolInsteadException::KEY => 'This placeholder can not be invited use the merge tool instead',
+        InvitationForTheEmailAlreadyExistsApiException::KEY => 'The email has already been invited to the organization. Please wait for the user to accept the invitation or resend the invitation email.',
     ],
     'unknown_error_in_admin_panel' => 'An unknown error occurred. Please check the logs.',
 ];

phpstan.neon

@@ -12,3 +12,7 @@ parameters:
     checkOctaneCompatibility: true
     checkModelProperties: true
     noEnvCallsOutsideOfConfig: true
+
+    ignoreErrors:
+        - '# is not subtype of native type Illuminate\\Database\\Eloquent\\Builder#'
+        - '# is not subtype of native type Illuminate\\Database\\Eloquent\\Relations\\Relation#'

resources/js/Components/Common/Member/MemberDeleteModal.vue

@@ -0,0 +1,151 @@
+<script setup lang="ts">
+import type { Member } from '@/packages/api/src';
+import { api } from '@/packages/api/src';
+import { useForm } from '@tanstack/vue-form';
+import { useMutation } from '@tanstack/vue-query';
+import Modal from '@/packages/ui/src/Modal.vue';
+import DangerButton from '@/packages/ui/src/Buttons/DangerButton.vue';
+import SecondaryButton from '@/packages/ui/src/Buttons/SecondaryButton.vue';
+import Checkbox from '@/packages/ui/src/Input/Checkbox.vue';
+import { useNotificationsStore } from '@/utils/notification';
+import { getCurrentOrganizationId } from '@/utils/useUser';
+import InputLabel from '@/packages/ui/src/Input/InputLabel.vue';    
+import InputError from '@/packages/ui/src/Input/InputError.vue';
+import { useMembersStore } from '@/utils/useMembers';
+
+const props = defineProps<{
+    show: boolean;
+    member: Member;
+}>();
+
+const emit = defineEmits<{
+    'update:show': [value: boolean];
+}>();
+
+const { handleApiRequestNotifications } = useNotificationsStore();
+
+const deleteMutation = useMutation({
+    mutationFn: async () => {
+        const organizationId = getCurrentOrganizationId();
+        if (!organizationId) {
+            throw new Error('No organization ID found');
+        }
+        
+        return api.removeMember(undefined, {
+            params: {
+                member: props.member.id,
+                organization: organizationId,
+            },
+            queries: {
+                delete_related: 'true',
+            },
+        });
+    },
+    onSuccess: () => {
+        close();
+        useMembersStore().fetchMembers();
+    }
+});
+
+const form = useForm({
+    canSubmitWhenInvalid: true,
+    defaultValues: {
+        confirmDelete: false,
+    },
+    onSubmit: async () => {
+        await handleApiRequestNotifications(
+            () => deleteMutation.mutateAsync(),
+            'Member deleted successfully',
+            'Error deleting member'
+        );
+    },
+});
+
+const close = () => {
+    emit('update:show', false);
+    form.reset();
+};
+</script>
+
+<template>
+    <Modal :show="show" max-width="md" @close="close">
+        <div class="p-6">
+            <h2 class="text-lg font-medium text-text-primary">
+                Delete Member
+            </h2>
+
+            <div class="mt-4 text-sm text-text-secondary">
+                <p class="mb-4">
+                    Are you sure you want to delete {{ member.name }}? This action cannot be undone.
+                </p>
+                <p class="mb-4">
+                    This will permanently delete:
+                </p>
+
+                    <ul class="list-disc ml-6 mt-2">
+                        <li>All time entries created by this member</li>
+                        <li>Their project assignments</li>
+                        <li>Their organization membership</li>
+                    </ul>
+                <p class="pt-4">
+                    <strong>Note:</strong> Deleting time entries will affect all reports and statistics.
+                    If you want to keep the time entries but remove the member from your organization, you can convert them to a placeholder user instead. Placeholder users are not charged and their time entries remain intact for reporting purposes.
+                </p>
+            </div>
+
+            <form
+class="mt-6" @submit="
+      (e) => {
+        e.preventDefault();
+        e.stopPropagation();
+        form.handleSubmit();
+      }
+    ">
+                <div class="flex items-start">
+                        <form.Field
+                            name="confirmDelete"
+                            :validators="{
+                                onSubmit: ({value}) => {
+                                    if (!value) {
+                                        return 'You must confirm that you understand the consequences of this action';
+                                    }
+                                    return '';
+                                }
+                            }"
+                        >
+                        <template #default="{ field }">
+                            <div class="flex flex-col">
+                            <div class="flex items-center space-x-3 text-sm">
+                                <Checkbox
+                                    :id="field.name"
+                                    :name="field.name"
+                                    :checked="field.state.value"
+                                    @update:checked="field.handleChange"
+                                    @blur="field.handleBlur"
+                                />
+                                <InputLabel :for="field.name" class="font-medium text-text-primary">
+                                I understand that this will permanently delete all data related to this member
+                                </InputLabel>
+                            </div>
+                            <InputError class="pl-7 pt-2" :message="field.state.meta.errors[0]" />
+                            </div>
+                        </template>
+                        </form.Field>
+                </div>
+                <div class="mt-6 flex justify-end space-x-3">
+                    <SecondaryButton @click="close">Cancel</SecondaryButton>
+                    <form.Subscribe>
+                        <template #default="{ canSubmit, isSubmitting }">
+                            <DangerButton
+                                type="submit"
+                                :disabled="!canSubmit"
+                            >
+                                {{ isSubmitting  ? 'Deleting...' : 'Delete Member' }}
+                            </DangerButton>
+                        </template>
+                    </form.Subscribe>
+                </div>
+            </form>
+        </div>
+    </Modal>
+</template> 

resources/js/Components/Common/Member/MemberMoreOptionsDropdown.vue

@@ -49,15 +49,6 @@ const props = defineProps<{
                 <PencilSquareIcon class="w-5 text-icon-active" />
                 <span>Edit</span>
             </DropdownMenuItem>
-            <DropdownMenuItem
-                v-if="canDeleteMembers()"
-                :aria-label="'Delete Member ' + props.member.name"
-                data-testid="member_delete"
-                class="flex items-center space-x-3 cursor-pointer text-destructive focus:text-destructive"
-                @click="emit('delete')">
-                <TrashIcon class="w-5" />
-                <span>Delete</span>
-            </DropdownMenuItem>
             <DropdownMenuItem
                 v-if="props.member.role === 'placeholder' && canMergeMembers()"
                 :aria-label="'Merge Member ' + props.member.name"
@@ -75,6 +66,15 @@ const props = defineProps<{
                 <UserCircleIcon class="w-5 text-icon-active" />
                 <span>Deactivate</span>
             </DropdownMenuItem>
+            <DropdownMenuItem
+                v-if="canDeleteMembers()"
+                :aria-label="'Delete Member ' + props.member.name"
+                data-testid="member_delete"
+                class="flex items-center space-x-3 cursor-pointer text-destructive focus:text-destructive"
+                @click="emit('delete')">
+                <TrashIcon class="w-5" />
+                <span>Delete</span>
+            </DropdownMenuItem>
         </DropdownMenuContent>
     </DropdownMenu>
 </template>

resources/js/Components/Common/Member/MemberTableRow.vue

@@ -8,26 +8,30 @@ import SecondaryButton from '@/packages/ui/src/Buttons/SecondaryButton.vue';
 import { getCurrentOrganizationId } from '@/utils/useUser';
 import { useNotificationsStore } from '@/utils/notification';
 import { canInvitePlaceholderMembers } from '@/utils/permissions';
-import { useMembersStore } from '@/utils/useMembers';
 import { computed, type ComputedRef, inject, ref } from 'vue';
 import MemberEditModal from '@/Components/Common/Member/MemberEditModal.vue';
 import MemberMergeModal from '@/Components/Common/Member/MemberMergeModal.vue';
 import MemberMakePlaceholderModal from '@/Components/Common/Member/MemberMakePlaceholderModal.vue';
+import MemberDeleteModal from '@/Components/Common/Member/MemberDeleteModal.vue';
 import { capitalizeFirstLetter } from '../../../utils/format';
 import { formatCents } from '../../../packages/ui/src/utils/money';
+import { useMembersStore } from '@/utils/useMembers';
 
 const props = defineProps<{
     member: Member;
 }>();
 
 const organization = inject<ComputedRef<Organization>>('organization');
+const memberStore = useMembersStore();
 
 const showEditMemberModal = ref(false);
 const showMergeMemberModal = ref(false);
 const showMakeMemberPlaceholderModal = ref(false);
+const showDeleteMemberModal = ref(false);
 
 function removeMember() {
-    useMembersStore().removeMember(props.member.id);
+    showDeleteMemberModal.value = true;
+    memberStore.fetchMembers();
 }
 
 async function invitePlaceholder(id: string) {
@@ -121,6 +125,9 @@ const userHasValidMailAddress = computed(() => {
         <MemberMakePlaceholderModal
             v-model:show="showMakeMemberPlaceholderModal"
             :member="member"></MemberMakePlaceholderModal>
+        <MemberDeleteModal
+            v-model:show="showDeleteMemberModal"
+            :member="member"></MemberDeleteModal>
     </TableRow>
 </template>
 

resources/js/Components/Common/Reporting/ReportingChart.vue

@@ -17,7 +17,7 @@ import {
     TooltipComponent,
 } from 'echarts/components';
 import type { AggregatedTimeEntries, Organization } from '@/packages/api/src';
-import { useCssVar } from '@vueuse/core';
+import { useCssVariable } from '@/utils/useCssVariable';
 
 use([
     CanvasRenderer,
@@ -47,8 +47,10 @@ const xAxisLabels = computed(() => {
         formatDate(el.key ?? '', organization?.value?.date_format)
     );
 });
-const accentColor = useCssVar('--theme-color-chart', null, { observe: true });
-const labelColor = useCssVar('--color-text-secondary', null, { observe: true });
+const accentColor = useCssVariable('--theme-color-chart');
+const labelColor = useCssVariable('--color-text-secondary');
+const markLineColor = useCssVariable('--color-border-secondary');
+const splitLineColor = useCssVariable('--color-border-tertiary');
 
 const seriesData = computed(() => {
     return props?.groupedData?.map((el) => {
@@ -111,7 +113,7 @@ const option = computed(() => ({
         data: xAxisLabels.value,
         markLine: {
             lineStyle: {
-                color: 'rgba(125,156,188,0.1)',
+                color: markLineColor.value,
                 type: 'dashed',
             },
         },
@@ -135,9 +137,13 @@ const option = computed(() => ({
     },
     yAxis: {
         type: 'value',
+        axisLabel: {
+            color: labelColor.value,
+            fontFamily: 'Outfit, sans-serif',
+        },
         splitLine: {
             lineStyle: {
-                color: 'rgba(125,156,188,0.2)', // Set desired color here
+                color: splitLineColor.value,
             },
         },
     },

resources/js/Components/Common/Reporting/ReportingPieChart.vue

@@ -11,7 +11,7 @@ import {
     TooltipComponent,
 } from 'echarts/components';
 import { formatHumanReadableDuration } from '@/packages/ui/src/utils/time';
-import { useCssVar } from '@vueuse/core';
+import { useCssVariable } from '@/utils/useCssVariable';
 import type { Organization } from '@/packages/api/src';
 
 use([
@@ -36,7 +36,7 @@ type ReportingChartDataEntry = {
 const props = defineProps<{
     data: ReportingChartDataEntry | null;
 }>();
-const labelColor = useCssVar('--color-text-secondary', null, { observe: true });
+const labelColor = useCssVariable('--color-text-secondary');
 
 const seriesData = computed(() => {
     return props.data?.map((el) => {

resources/js/Components/Dashboard/ActivityGraphCard.vue

@@ -19,7 +19,7 @@ import {
     formatHumanReadableDuration,
     getDayJsInstance,
 } from '@/packages/ui/src/utils/time';
-import { useCssVar } from '@vueuse/core';
+import { useCssVariable } from '@/utils/useCssVariable';
 import { useQuery } from '@tanstack/vue-query';
 import { getCurrentOrganizationId } from '@/utils/useUser';
 import { api, type Organization } from '@/packages/api/src';
@@ -64,12 +64,9 @@ const max = computed(() => {
     }
 });
 
-const backgroundColor = useCssVar('--color-card-background', null, {
-    observe: true,
-});
-const itemBackgroundColor = useCssVar('--color-bg-tertiary', null, {
-    observe: true,
-});
+const backgroundColor = useCssVariable('--theme-color-card-background');
+const itemBackgroundColor = useCssVariable('--color-bg-tertiary');
+const borderColor = useCssVariable('--color-border');
 
 const option = computed(() => {
     return {
@@ -120,7 +117,7 @@ const option = computed(() => {
                 [],
             itemStyle: {
                 borderRadius: 5,
-                borderColor: 'rgba(255,255,255,0.05)',
+                borderColor: borderColor.value,
                 borderWidth: 1,
             },
             tooltip: {

resources/js/Components/Dashboard/DayOverviewCardChart.vue

@@ -1,13 +1,14 @@
 <script setup lang="ts">
 import VChart from 'vue-echarts';
-import { computed, ref } from 'vue';
-import { useCssVar } from '@vueuse/core';
+import { computed } from 'vue';
+import { useCssVariable } from '@/utils/useCssVariable';
 
 const props = defineProps<{
     history: number[];
 }>();
 
-const accentColor = useCssVar('--theme-color-chart', null, { observe: true });
+const accentColor = useCssVariable('--theme-color-chart');
+const markLineColor = useCssVariable('--color-border-secondary');
 
 const seriesData = computed(() => props.history.map((el) => {
     return {
@@ -22,7 +23,7 @@ const seriesData = computed(() => props.history.map((el) => {
         },
     };
 }));
-const option = ref({
+const option = computed(() => ({
     grid: {
         top: 0,
         right: 0,
@@ -35,7 +36,7 @@ const option = ref({
         data: ['Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun'],
         markLine: {
             lineStyle: {
-                color: 'rgba(125,156,188,0.1)',
+                color: markLineColor.value,
                 type: 'dashed',
             },
         },
@@ -66,11 +67,11 @@ const option = ref({
     },
     series: [
         {
-            data: seriesData,
+            data: seriesData.value,
             type: 'bar',
         },
     ],
-});
+}));
 </script>
 
 <template>

resources/js/Components/Dashboard/ProjectsChartCard.vue

@@ -11,7 +11,7 @@ import {
     TooltipComponent,
 } from 'echarts/components';
 import { formatHumanReadableDuration } from '@/packages/ui/src/utils/time';
-import { useCssVar } from "@vueuse/core";
+import { useCssVariable } from '@/utils/useCssVariable';
 import type { Organization } from "@/packages/api/src";
 
 use([
@@ -24,7 +24,7 @@ use([
 ]);
 
 provide(THEME_KEY, 'dark');
-const labelColor = useCssVar('--color-text-secondary', null, { observe: true });
+const labelColor = useCssVariable('--color-text-secondary');
 
 const props = defineProps<{
     weeklyProjectOverview: {

resources/js/Components/Dashboard/ThisWeekOverview.vue

@@ -18,7 +18,7 @@ import ProjectsChartCard from '@/Components/Dashboard/ProjectsChartCard.vue';
 import { formatHumanReadableDuration } from '@/packages/ui/src/utils/time';
 import { formatCents } from '@/packages/ui/src/utils/money';
 import { getWeekStart } from '@/packages/ui/src/utils/settings';
-import { useCssVar } from '@vueuse/core';
+import { useCssVariable } from '@/utils/useCssVariable';
 import { getOrganizationCurrencyString } from '@/utils/money';
 import { useQuery } from '@tanstack/vue-query';
 import { getCurrentOrganizationId } from '@/utils/useUser';
@@ -60,7 +60,7 @@ const weekdays = computed(() => {
     }
 });
 
-const accentColor = useCssVar('--theme-color-chart', null, { observe: true });
+const accentColor = useCssVariable('--theme-color-chart');
 
 // Get the organization ID using the utility function
 const organizationId = computed(() => getCurrentOrganizationId());
@@ -176,10 +176,8 @@ const seriesData = computed(() => {
     });
 });
 
-const markLineColor = useCssVar('--color-border-secondary', null, {
-    observe: true,
-});
-const labelColor = useCssVar('--color-text-secondary', null, { observe: true });
+const markLineColor = useCssVariable('--color-border-secondary');
+const labelColor = useCssVariable('--color-text-secondary');
 const option = computed(() => {
     return {
         tooltip: {
@@ -215,6 +213,10 @@ const option = computed(() => {
         },
         yAxis: {
             type: 'value',
+            axisLabel: {
+                color: labelColor.value,
+                fontFamily: 'Outfit, sans-serif',
+            },
             splitLine: {
                 lineStyle: {
                     color: markLineColor.value,

resources/js/Components/ui/calendar/CalendarDateInput.vue

@@ -6,8 +6,8 @@ import {
 } from '@/Components/ui/popover';
 import { Button } from '@/Components/ui/button';
 import { Calendar } from '@/Components/ui/calendar';
-import { CalendarIcon } from 'lucide-vue-next';
-import { formatDateLocalized } from '@/packages/ui/src/utils/time';
+import { CalendarIcon, XIcon } from 'lucide-vue-next';
+import { formatDate } from '@/packages/ui/src/utils/time';
 import { parseDate } from '@internationalized/date';
 import { computed, inject, type ComputedRef } from 'vue';
 import { type Organization } from '@/packages/api/src';
@@ -17,6 +17,10 @@ const emit = defineEmits<{
     blur: [];
 }>();
 
+defineProps<{
+    clearable?: boolean;
+}>();
+
 const handleChange = (date: string) => {
     model.value = date;
 };
@@ -25,6 +29,11 @@ const handleBlur = () => {
     emit('blur');
 };
 
+const handleClear = (event: Event) => {
+    event.stopPropagation();
+    model.value = null;
+};
+
 const date = computed(() => {
     return model.value ? parseDate(model.value) : undefined;
 });
@@ -44,7 +53,17 @@ const organization = inject<ComputedRef<Organization>>('organization');
                 ]"
             >
                 <CalendarIcon class="mr-2 h-4 w-4" />
-                {{ model ? formatDateLocalized(model, organization?.date_format) : 'Pick a date' }}
+                <span class="flex-1">
+                    {{ model ? formatDate(model, organization?.date_format) : 'Pick a date' }}
+                </span>
+                <button
+                    v-if="clearable && model"
+                    class="ml-2 hover:bg-muted rounded p-1 transition-colors"
+                    type="button"
+                    @click="handleClear"
+                >
+                    <XIcon class="h-4 w-4" />
+                </button>
             </Button>
         </PopoverTrigger>
         <PopoverContent class="w-auto p-0">

resources/js/Components/ui/dialog/DialogContent.vue

@@ -30,22 +30,21 @@ const forwarded = useForwardPropsEmits(delegatedProps, emits)
     <div
                             class="absolute inset-0 bg-default-background opacity-30" />
 </DialogOverlay>
-    <DialogContent
-      v-bind="forwarded"
+    <div
       :class="
         cn(
-          'fixed top-0 left-0 z-50 w-screen h-screen flex items-start pt-6 md:pt-20 xl:pt-32 justify-center overflow-auto data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95',
-          
+          'fixed top-0 left-0 z-50 pointer-events-none w-screen h-screen flex items-start pt-6 md:pt-20 xl:pt-32 justify-center overflow-auto',
         )"
     >
-    <div
+    <DialogContent
+    v-bind="forwarded"
 :class="cn(
-          'bg-default-background grid w-full max-w-lg border shadow-lg duration-200 sm:rounded-lg',
+          'bg-default-background grid w-full max-w-lg border border-border-tertiary shadow-lg duration-200 sm:rounded-lg data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95',
           props.class,
         )"
       >
         <slot />
+      </DialogContent>
     </div>
-    </DialogContent>
   </DialogPortal>
 </template>

resources/js/packages/api/src/openapi.json.client.ts

@@ -67,6 +67,7 @@ const InvoiceResource = z
         status: z.string(),
         date: z.string(),
         due_at: z.string(),
+        paid_date: z.string(),
         created_at: z.union([z.string(), z.null()]),
         updated_at: z.union([z.string(), z.null()]),
     })
@@ -76,7 +77,7 @@ const InvoiceDiscountType = z.enum(['percentage', 'fixed']);
 const InvoiceStoreRequest = z
     .object({
         due_at: z.union([z.string(), z.null()]).optional(),
-        paid_at: z.union([z.string(), z.null()]).optional(),
+        paid_date: z.union([z.string(), z.null()]).optional(),
         seller_name: z.string(),
         seller_vatin: z.union([z.string(), z.null()]).optional(),
         seller_address_line_1: z.union([z.string(), z.null()]).optional(),
@@ -102,8 +103,13 @@ const InvoiceStoreRequest = z
         billing_period_end: z.union([z.string(), z.null()]).optional(),
         reference: z.string(),
         currency: z.string(),
-        tax_rate: z.number().int().optional(),
-        discount_amount: z.number().int().optional(),
+        tax_rate: z.number().int().gte(0).lte(2147483647).optional(),
+        discount_amount: z
+            .number()
+            .int()
+            .gte(0)
+            .lte(9223372036854776000)
+            .optional(),
         discount_type: InvoiceDiscountType.optional(),
         footer: z.union([z.string(), z.null()]).optional(),
         notes: z.union([z.string(), z.null()]).optional(),
@@ -115,8 +121,12 @@ const InvoiceStoreRequest = z
                     .object({
                         name: z.string(),
                         description: z.union([z.string(), z.null()]).optional(),
-                        unit_price: z.number().int().gte(0).lte(99999999),
-                        quantity: z.number().gte(0),
+                        unit_price: z
+                            .number()
+                            .int()
+                            .gte(0)
+                            .lte(9223372036854776000),
+                        quantity: z.number().gte(0).lte(99999999),
                     })
                     .passthrough()
             )
@@ -161,7 +171,7 @@ const DetailedInvoiceResource = z
         buyer_address_country: z.string(),
         buyer_phone: z.string(),
         buyer_email: z.string(),
-        paid_at: z.union([z.string(), z.null()]),
+        paid_date: z.string(),
         due_at: z.string(),
         discount_type: z.string(),
         discount_amount: z.number().int(),
@@ -185,7 +195,7 @@ const InvoiceUpdateRequest = z
     .object({
         status: InvoiceStatus,
         due_at: z.union([z.string(), z.null()]),
-        paid_at: z.union([z.string(), z.null()]),
+        paid_date: z.union([z.string(), z.null()]),
         seller_name: z.string(),
         seller_vatin: z.union([z.string(), z.null()]),
         seller_address_line_1: z.union([z.string(), z.null()]),
@@ -211,8 +221,8 @@ const InvoiceUpdateRequest = z
         billing_period_end: z.union([z.string(), z.null()]),
         reference: z.string(),
         currency: z.string(),
-        tax_rate: z.number().int(),
-        discount_amount: z.number().int(),
+        tax_rate: z.number().int().gte(0).lte(2147483647),
+        discount_amount: z.number().int().gte(0).lte(9223372036854776000),
         discount_type: InvoiceDiscountType,
         footer: z.union([z.string(), z.null()]),
         notes: z.union([z.string(), z.null()]),
@@ -224,8 +234,12 @@ const InvoiceUpdateRequest = z
                     id: z.union([z.string(), z.null()]).optional(),
                     name: z.string(),
                     description: z.union([z.string(), z.null()]).optional(),
-                    unit_price: z.number().int().gte(0).lte(99999999),
-                    quantity: z.number().gte(0),
+                    unit_price: z
+                        .number()
+                        .int()
+                        .gte(0)
+                        .lte(9223372036854776000),
+                    quantity: z.number().gte(0).lte(99999999),
                 })
                 .passthrough()
         ),
@@ -2407,6 +2421,11 @@ const endpoints = makeApi([
                 type: 'Path',
                 schema: z.string(),
             },
+            {
+                name: 'delete_related',
+                type: 'Query',
+                schema: z.enum(['true', 'false']).optional(),
+            },
         ],
         response: z.void(),
         errors: [
@@ -2436,6 +2455,16 @@ const endpoints = makeApi([
                 description: `Not found`,
                 schema: z.object({ message: z.string() }).passthrough(),
             },
+            {
+                status: 422,
+                description: `Validation error`,
+                schema: z
+                    .object({
+                        message: z.string(),
+                        errors: z.record(z.array(z.string())),
+                    })
+                    .passthrough(),
+            },
         ],
     },
     {

resources/js/packages/ui/src/Input/DateRangePicker.vue

@@ -73,18 +73,18 @@ const open = ref(false);
 function setToday() {
     emit(
         'update:start',
-        getLocalizedDayJs().startOf('day').format('YYYY-MM-DD')
+        getLocalizedDayJs().startOf('day').format()
     );
-    emit('update:end', getLocalizedDayJs().endOf('day').format('YYYY-MM-DD'));
+    emit('update:end', getLocalizedDayJs().endOf('day').format());
     open.value = false;
 }
 
 function setThisWeek() {
     emit(
         'update:start',
-        getLocalizedDayJs().startOf('week').format('YYYY-MM-DD')
+        getLocalizedDayJs().startOf('week').format()
     );
-    emit('update:end', getLocalizedDayJs().endOf('week').format('YYYY-MM-DD'));
+    emit('update:end', getLocalizedDayJs().endOf('week').format());
     open.value = false;
 }
 
@@ -94,14 +94,14 @@ function setLastWeek() {
         getLocalizedDayJs()
             .subtract(1, 'week')
             .startOf('week')
-            .format('YYYY-MM-DD')
+            .format()
     );
     emit(
         'update:end',
         getLocalizedDayJs()
             .subtract(1, 'week')
             .endOf('week')
-            .format('YYYY-MM-DD')
+            .format()
     );
     open.value = false;
 }
@@ -109,18 +109,18 @@ function setLastWeek() {
 function setLast14Days() {
     emit(
         'update:start',
-        getLocalizedDayJs().subtract(14, 'days').format('YYYY-MM-DD')
+        getLocalizedDayJs().subtract(14, 'days').format()
     );
-    emit('update:end', getLocalizedDayJs().format('YYYY-MM-DD'));
+    emit('update:end', getLocalizedDayJs().format());
     open.value = false;
 }
 
 function setThisMonth() {
     emit(
         'update:start',
-        getLocalizedDayJs().startOf('month').format('YYYY-MM-DD')
+        getLocalizedDayJs().startOf('month').format()
     );
-    emit('update:end', getLocalizedDayJs().endOf('month').format('YYYY-MM-DD'));
+    emit('update:end', getLocalizedDayJs().endOf('month').format());
     open.value = false;
 }
 
@@ -130,14 +130,14 @@ function setLastMonth() {
         getLocalizedDayJs()
             .subtract(1, 'month')
             .startOf('month')
-            .format('YYYY-MM-DD')
+            .format()
     );
     emit(
         'update:end',
         getLocalizedDayJs()
             .subtract(1, 'month')
             .endOf('month')
-            .format('YYYY-MM-DD')
+            .format()
     );
     open.value = false;
 }
@@ -145,36 +145,36 @@ function setLastMonth() {
 function setLast30Days() {
     emit(
         'update:start',
-        getLocalizedDayJs().subtract(30, 'days').format('YYYY-MM-DD')
+        getLocalizedDayJs().subtract(30, 'days').format()
     );
-    emit('update:end', getLocalizedDayJs().format('YYYY-MM-DD'));
+    emit('update:end', getLocalizedDayJs().format());
     open.value = false;
 }
 
 function setLast90Days() {
     emit(
         'update:start',
-        getDayJsInstance()().subtract(90, 'days').format('YYYY-MM-DD')
+        getDayJsInstance()().subtract(90, 'days').format()
     );
-    emit('update:end', getDayJsInstance()().format('YYYY-MM-DD'));
+    emit('update:end', getDayJsInstance()().format());
     open.value = false;
 }
 
 function setLast12Months() {
     emit(
         'update:start',
-        getLocalizedDayJs().subtract(12, 'months').format('YYYY-MM-DD')
+        getLocalizedDayJs().subtract(12, 'months').format()
     );
-    emit('update:end', getLocalizedDayJs().format('YYYY-MM-DD'));
+    emit('update:end', getLocalizedDayJs().format());
     open.value = false;
 }
 
 function setThisYear() {
     emit(
         'update:start',
-        getLocalizedDayJs().startOf('year').format('YYYY-MM-DD')
+        getLocalizedDayJs().startOf('year').format()
     );
-    emit('update:end', getLocalizedDayJs().endOf('year').format('YYYY-MM-DD'));
+    emit('update:end', getLocalizedDayJs().endOf('year').format());
     open.value = false;
 }
 
@@ -184,14 +184,14 @@ function setLastYear() {
         getLocalizedDayJs()
             .subtract(1, 'year')
             .startOf('year')
-            .format('YYYY-MM-DD')
+            .format()
     );
     emit(
         'update:end',
         getLocalizedDayJs()
             .subtract(1, 'year')
             .endOf('year')
-            .format('YYYY-MM-DD')
+            .format()
     );
     open.value = false;
 }

resources/js/packages/ui/src/TimeEntry/TimeEntryAggregateRow.vue

@@ -154,13 +154,13 @@ function onSelectChange(checked: boolean) {
                         "></BillableToggleButton>
                     <div class="flex-1">
                         <button
-                            :class="twMerge('hidden lg:block text-text-secondary w-[110px] px-1 py-1.5 bg-transparent text-center hover:bg-card-background rounded-lg border border-transparent hover:border-card-border text-sm font-medium focus-visible:outline-none focus:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:bg-tertiary', organization?.time_format === '12-hours' ? 'w-[160px]' : 'w-[110px]')"
+                            :class="twMerge('text-text-secondary w-[110px] px-1 py-1.5 bg-transparent text-center hover:bg-card-background rounded-lg border border-transparent hover:border-card-border text-sm font-medium focus-visible:outline-none focus:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:bg-tertiary', organization?.time_format === '12-hours' ? 'w-[160px]' : 'w-[110px]')"
                             @click="expanded = !expanded">
                             {{ formatStartEnd(timeEntry.start, timeEntry.end, organization?.time_format) }}
                         </button>
                     </div>
                     <button
-                        class="text-text-primary min-w-[90px] px-2.5 py-1.5 bg-transparent text-right hover:bg-card-background rounded-lg border border-transparent hover:border-card-border text-sm font-semibold focus-visible:outline-none focus:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:bg-tertiary"
+                        class="text-text-primary min-w-[90px] px-2.5 py-1.5 bg-transparent text-right hover:bg-card-background rounded-lg border border-transparent hover:border-card-border text-sm font-medium focus-visible:outline-none focus:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:bg-tertiary"
                         @click="expanded = !expanded">
                         {{
                             formatHumanReadableDuration(
@@ -173,7 +173,7 @@ function onSelectChange(checked: boolean) {
 
                     <TimeTrackerStartStop
                         :active="!!(timeEntry.start && !timeEntry.end)"
-                        class="opacity-20 hidden sm:flex group-hover:opacity-100 focus-visible:opacity-100"
+                        class="opacity-20 flex group-hover:opacity-100 focus-visible:opacity-100"
                         @changed="
                             onStartStopClick(timeEntry)
                         "></TimeTrackerStartStop>

resources/js/packages/ui/src/TimeEntry/TimeEntryRow.vue

@@ -144,7 +144,6 @@ function onSelectChange(checked : boolean) {
                         "></BillableToggleButton>
                     <div class="flex-1">
                         <TimeEntryRangeSelector
-                            class="hidden lg:block"
                             :start="timeEntry.start"
                             :end="timeEntry.end"
                             :show-date
@@ -160,7 +159,7 @@ function onSelectChange(checked : boolean) {
                         "></TimeEntryRowDurationInput>
                     <TimeTrackerStartStop
                         :active="!!(timeEntry.start && !timeEntry.end)"
-                        class="opacity-20 hidden sm:flex focus-visible:opacity-100 group-hover:opacity-100"
+                        class="opacity-20 flex focus-visible:opacity-100 group-hover:opacity-100"
                         @changed="onStartStopClick"></TimeTrackerStartStop>
                     <TimeEntryMoreOptionsDropdown
                         @delete="

resources/js/packages/ui/src/TimeEntry/TimeEntryRowDurationInput.vue

@@ -82,7 +82,7 @@ function selectInput(event: Event) {
         v-model="currentTime"
         data-testid="time_entry_duration_input"
         name="Duration"
-        class="text-text-primary w-[90px] px-2.5 py-1.5 bg-transparent text-right hover:bg-card-background rounded-lg border border-transparent hover:border-card-border text-sm font-semibold focus-visible:bg-tertiary focus-visible:border-transparent focus-visible:ring-2 focus-visible:ring-ring"
+        class="text-text-primary w-[90px] px-2.5 py-1.5 bg-transparent text-right hover:bg-card-background rounded-lg border border-transparent hover:border-card-border text-sm font-medium focus-visible:bg-tertiary focus-visible:border-transparent focus-visible:ring-2 focus-visible:ring-ring"
         @focus="selectInput"
         @keydown.tab="open = false"
         @blur="updateTimerAndStartLiveTimerUpdate"

resources/js/packages/ui/src/utils/time.ts

@@ -160,12 +160,29 @@ export function formatWeek(date: string | null): string {
  * @param date - date in the format of 'YYYY-MM-DD'
  */
 export function formatHumanReadableDate(date: string) {
-    if (dayjs(date).isToday()) {
+    const dateObj = dayjs(date);
+    const today = dayjs();
+    
+    if (dateObj.isToday()) {
         return 'Today';
-    } else if (dayjs(date).isYesterday()) {
+    } else if (dateObj.isYesterday()) {
         return 'Yesterday';
     }
-    return dayjs(date).fromNow();
+    
+    // Calculate difference in days
+    const diffInDays = today.diff(dateObj, 'day');
+    
+    if (diffInDays > 0 && diffInDays <= 30) {
+        // For dates in the past (2-30 days ago)
+        return `${diffInDays} ${diffInDays === 1 ? 'day' : 'days'} ago`;
+    } else if (diffInDays < 0 && diffInDays >= -30) {
+        // For dates in the future (within 30 days)
+        const futureDays = Math.abs(diffInDays);
+        return `In ${futureDays} ${futureDays === 1 ? 'day' : 'days'}`;
+    }
+    
+    // For dates older than 30 days, show the actual date
+    return dateObj.format('MMM D, YYYY');
 }
 
 export function formatWeekday(date: string) {

resources/js/utils/theme.ts

@@ -3,13 +3,6 @@ import { computed, watch } from "vue";
 
 type themeOption = "system" | "light" | "dark";
 const themeSetting = useStorage<themeOption>("theme", "system");
-// reload page when themeSettingChanges
-watch(
-    themeSetting,
-    () => {
-        location.reload();
-    }
-)
 const preferredColor = usePreferredColorScheme();
 const theme = computed(() => {
     if(themeSetting.value === "system"){

resources/js/utils/useCssVariable.ts

@@ -0,0 +1,49 @@
+import { ref, onMounted, onUnmounted } from 'vue'
+
+export function useCssVariable(variableName: string) {
+  const value = ref('')
+  let observer: MutationObserver | null = null
+  let mediaQuery: MediaQueryList | null = null
+  
+  const updateValue = () => {
+    const computedStyle = getComputedStyle(document.documentElement)
+    const cssValue = computedStyle.getPropertyValue(variableName).trim()
+    value.value = cssValue
+  }
+  
+  onMounted(() => {
+    // Initialize with current value
+    updateValue()
+    
+    // Watch for class changes on document.documentElement (where theme classes are applied)
+    observer = new MutationObserver((mutations) => {
+      mutations.forEach((mutation) => {
+        if (mutation.type === 'attributes' && mutation.attributeName === 'class') {
+          updateValue()
+        }
+      })
+    })
+    
+    observer.observe(document.documentElement, {
+      attributes: true,
+      attributeFilter: ['class']
+    })
+    
+    // Also watch for system color scheme changes
+    if (window.matchMedia) {
+      mediaQuery = window.matchMedia('(prefers-color-scheme: dark)')
+      mediaQuery.addEventListener('change', updateValue)
+    }
+  })
+  
+  onUnmounted(() => {
+    if (observer) {
+      observer.disconnect()
+    }
+    if (mediaQuery) {
+      mediaQuery.removeEventListener('change', updateValue)
+    }
+  })
+  
+  return value
+} 

resources/views/auth/oauth/authorize.blade.php

@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="en">
+<html lang="en" class="light">
 <head>
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
@@ -7,98 +7,136 @@
 
     <title>{{ config('app.name') }} - Authorization</title>
     @vite('resources/css/app.css')
+    <script>
+        // Theme evaluation script - similar to theme.ts
+        (function() {
+            // Get theme setting from localStorage, default to 'system'
+            const themeSetting = localStorage.getItem('theme') || 'system';
+
+            // Get user's preferred color scheme
+            const preferredColorScheme = window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light';
+
+            // Determine current theme
+            let currentTheme;
+            if (themeSetting === 'system') {
+                // If user has no preference, default to dark (matching theme.ts logic)
+                currentTheme = preferredColorScheme === 'no-preference' ? 'dark' : preferredColorScheme;
+            } else {
+                currentTheme = themeSetting;
+            }
+
+            // Apply theme class to html element
+            document.documentElement.classList.remove('light', 'dark');
+            document.documentElement.classList.add(currentTheme);
+
+            // Listen for changes in color scheme preference
+            window.matchMedia('(prefers-color-scheme: dark)').addEventListener('change', function(e) {
+                if (localStorage.getItem('theme') === 'system') {
+                    const newTheme = e.matches ? 'dark' : 'light';
+                    document.documentElement.classList.remove('light', 'dark');
+                    document.documentElement.classList.add(newTheme);
+                }
+            });
+
+            // Listen for localStorage changes (in case theme is changed in another tab)
+            window.addEventListener('storage', function(e) {
+                if (e.key === 'theme') {
+                    const newThemeSetting = e.newValue || 'system';
+                    let newTheme;
+
+                    if (newThemeSetting === 'system') {
+                        const preferredColorScheme = window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light';
+                        newTheme = preferredColorScheme === 'no-preference' ? 'dark' : preferredColorScheme;
+                    } else {
+                        newTheme = newThemeSetting;
+                    }
+
+                    document.documentElement.classList.remove('light', 'dark');
+                    document.documentElement.classList.add(newTheme);
+                }
+            });
+        })();
+    </script>
 </head>
 <body class="passport-authorize">
 <div
-    class="min-h-screen flex flex-col sm:justify-center items-center pt-6 sm:pt-0 bg-default-background text-white">
+    class="min-h-screen flex flex-col sm:justify-center items-center pt-6 sm:pt-0 bg-default-background">
     <div>
         <svg
-            class="h-12 py-2"
+            class="h-12 py-2 fill-text-primary"
             viewBox="0 0 168 30"
             fill="none"
             xmlns="http://www.w3.org/2000/svg">
             <path
-                d="M54.4081 6.78783C55.0812 7.46093 55.9225 7.79748 56.9322 7.79748C57.9936 7.79748 58.8479 7.46093 59.4951 6.78783C60.1682 6.08885 60.5048 5.22159 60.5048 4.18606C60.5048 3.17642 60.1682 2.3221 59.4951 1.62312C58.8479 0.924138 57.9936 0.574646 56.9322 0.574646C55.9225 0.574646 55.0812 0.924138 54.4081 1.62312C53.735 2.3221 53.3984 3.17642 53.3984 4.18606C53.3984 5.22159 53.735 6.08885 54.4081 6.78783Z"
-                fill="white" />
+                d="M54.4081 6.78783C55.0812 7.46093 55.9225 7.79748 56.9322 7.79748C57.9936 7.79748 58.8479 7.46093 59.4951 6.78783C60.1682 6.08885 60.5048 5.22159 60.5048 4.18606C60.5048 3.17642 60.1682 2.3221 59.4951 1.62312C58.8479 0.924138 57.9936 0.574646 56.9322 0.574646C55.9225 0.574646 55.0812 0.924138 54.4081 1.62312C53.735 2.3221 53.3984 3.17642 53.3984 4.18606C53.3984 5.22159 53.735 6.08885 54.4081 6.78783Z" />
             <path
-                d="M158.028 29.4272C155.905 29.4272 154.028 29.0129 152.397 28.1845C150.766 27.3302 149.485 26.1523 148.553 24.6508C147.621 23.1492 147.155 21.4277 147.155 19.4861C147.155 17.5703 147.608 15.8746 148.514 14.399C149.42 12.8975 150.65 11.7196 152.203 10.8653C153.782 9.98505 155.556 9.54495 157.523 9.54495C159.439 9.54495 161.134 9.95916 162.61 10.7876C164.112 11.5901 165.277 12.7163 166.105 14.166C166.959 15.5899 167.386 17.2208 167.386 19.0589C167.386 19.4472 167.361 19.8485 167.309 20.2627C167.283 20.651 167.205 21.1041 167.076 21.6218L150.339 21.6995V17.3503L164.396 17.2338L161.367 19.1366C161.342 18.0751 161.186 17.2079 160.901 16.5348C160.617 15.8358 160.202 15.3051 159.659 14.9427C159.115 14.5802 158.429 14.399 157.601 14.399C156.746 14.399 156.009 14.6061 155.387 15.0203C154.766 15.4345 154.287 16.017 153.95 16.7678C153.614 17.5185 153.446 18.4246 153.446 19.4861C153.446 20.5734 153.627 21.5053 153.989 22.282C154.352 23.0327 154.869 23.6023 155.543 23.9906C156.216 24.3789 157.044 24.5731 158.028 24.5731C158.96 24.5731 159.775 24.4178 160.474 24.1071C161.199 23.7964 161.846 23.3175 162.416 22.6703L165.95 26.2041C165.018 27.2655 163.879 28.068 162.532 28.6117C161.212 29.1553 159.711 29.4272 158.028 29.4272Z"
-                fill="white" />
+                d="M158.028 29.4272C155.905 29.4272 154.028 29.0129 152.397 28.1845C150.766 27.3302 149.485 26.1523 148.553 24.6508C147.621 23.1492 147.155 21.4277 147.155 19.4861C147.155 17.5703 147.608 15.8746 148.514 14.399C149.42 12.8975 150.65 11.7196 152.203 10.8653C153.782 9.98505 155.556 9.54495 157.523 9.54495C159.439 9.54495 161.134 9.95916 162.61 10.7876C164.112 11.5901 165.277 12.7163 166.105 14.166C166.959 15.5899 167.386 17.2208 167.386 19.0589C167.386 19.4472 167.361 19.8485 167.309 20.2627C167.283 20.651 167.205 21.1041 167.076 21.6218L150.339 21.6995V17.3503L164.396 17.2338L161.367 19.1366C161.342 18.0751 161.186 17.2079 160.901 16.5348C160.617 15.8358 160.202 15.3051 159.659 14.9427C159.115 14.5802 158.429 14.399 157.601 14.399C156.746 14.399 156.009 14.6061 155.387 15.0203C154.766 15.4345 154.287 16.017 153.95 16.7678C153.614 17.5185 153.446 18.4246 153.446 19.4861C153.446 20.5734 153.627 21.5053 153.989 22.282C154.352 23.0327 154.869 23.6023 155.543 23.9906C156.216 24.3789 157.044 24.5731 158.028 24.5731C158.96 24.5731 159.775 24.4178 160.474 24.1071C161.199 23.7964 161.846 23.3175 162.416 22.6703L165.95 26.2041C165.018 27.2655 163.879 28.068 162.532 28.6117C161.212 29.1553 159.711 29.4272 158.028 29.4272Z" />
             <path
-                d="M114.306 29V10.0109H121.063V29H114.306ZM126.228 29V18.0104C126.228 17.2079 125.982 16.5866 125.49 16.1465C124.998 15.6805 124.39 15.4475 123.665 15.4475C123.147 15.4475 122.694 15.551 122.306 15.7581C121.917 15.9652 121.607 16.263 121.374 16.6513C121.167 17.0137 121.063 17.4668 121.063 18.0104L118.422 16.9619C118.422 15.4345 118.759 14.1272 119.432 13.0399C120.105 11.9526 121.011 11.1112 122.15 10.5158C123.289 9.92034 124.584 9.62262 126.034 9.62262C127.328 9.62262 128.493 9.93328 129.528 10.5546C130.59 11.15 131.431 11.9914 132.053 13.0787C132.674 14.166 132.985 15.4475 132.985 16.9231V29H126.228ZM138.149 29V18.0104C138.149 17.2079 137.903 16.5866 137.411 16.1465C136.92 15.6805 136.311 15.4475 135.586 15.4475C135.094 15.4475 134.641 15.551 134.227 15.7581C133.839 15.9652 133.528 16.263 133.295 16.6513C133.088 17.0137 132.985 17.4668 132.985 18.0104L129.024 17.8163C129.075 16.1076 129.451 14.6449 130.15 13.4282C130.849 12.2114 131.807 11.2795 133.023 10.6323C134.266 9.95917 135.664 9.62262 137.217 9.62262C138.693 9.62262 140.013 9.93328 141.178 10.5546C142.343 11.1759 143.249 12.082 143.896 13.2729C144.57 14.4378 144.906 15.8358 144.906 17.4668V29H138.149Z"
-                fill="white" />
-            <path d="M103.573 29V10.011H110.369V29H103.573Z" fill="white" />
+                d="M114.306 29V10.0109H121.063V29H114.306ZM126.228 29V18.0104C126.228 17.2079 125.982 16.5866 125.49 16.1465C124.998 15.6805 124.39 15.4475 123.665 15.4475C123.147 15.4475 122.694 15.551 122.306 15.7581C121.917 15.9652 121.607 16.263 121.374 16.6513C121.167 17.0137 121.063 17.4668 121.063 18.0104L118.422 16.9619C118.422 15.4345 118.759 14.1272 119.432 13.0399C120.105 11.9526 121.011 11.1112 122.15 10.5158C123.289 9.92034 124.584 9.62262 126.034 9.62262C127.328 9.62262 128.493 9.93328 129.528 10.5546C130.59 11.15 131.431 11.9914 132.053 13.0787C132.674 14.166 132.985 15.4475 132.985 16.9231V29H126.228ZM138.149 29V18.0104C138.149 17.2079 137.903 16.5866 137.411 16.1465C136.92 15.6805 136.311 15.4475 135.586 15.4475C135.094 15.4475 134.641 15.551 134.227 15.7581C133.839 15.9652 133.528 16.263 133.295 16.6513C133.088 17.0137 132.985 17.4668 132.985 18.0104L129.024 17.8163C129.075 16.1076 129.451 14.6449 130.15 13.4282C130.849 12.2114 131.807 11.2795 133.023 10.6323C134.266 9.95917 135.664 9.62262 137.217 9.62262C138.693 9.62262 140.013 9.93328 141.178 10.5546C142.343 11.1759 143.249 12.082 143.896 13.2729C144.57 14.4378 144.906 15.8358 144.906 17.4668V29H138.149Z" />
+            <path d="M103.573 29V10.011H110.369V29H103.573Z" />
             <path
-                d="M104.428 6.78783C105.101 7.46093 105.942 7.79748 106.952 7.79748C108.013 7.79748 108.867 7.46093 109.515 6.78783C110.188 6.08885 110.524 5.22159 110.524 4.18606C110.524 3.17642 110.188 2.3221 109.515 1.62312C108.867 0.924138 108.013 0.574646 106.952 0.574646C105.942 0.574646 105.101 0.924138 104.428 1.62312C103.755 2.3221 103.418 3.17642 103.418 4.18606C103.418 5.22159 103.755 6.08885 104.428 6.78783Z"
-                fill="white" />
+                d="M104.428 6.78783C105.101 7.46093 105.942 7.79748 106.952 7.79748C108.013 7.79748 108.867 7.46093 109.515 6.78783C110.188 6.08885 110.524 5.22159 110.524 4.18606C110.524 3.17642 110.188 2.3221 109.515 1.62312C108.867 0.924138 108.013 0.574646 106.952 0.574646C105.942 0.574646 105.101 0.924138 104.428 1.62312C103.755 2.3221 103.418 3.17642 103.418 4.18606C103.418 5.22159 103.755 6.08885 104.428 6.78783Z" />
             <path
-                d="M90.2867 29V2.16681H97.0435V29H90.2867ZM86.0928 15.6417V10.011H101.237V15.6417H86.0928Z"
-                fill="white" />
+                d="M90.2867 29V2.16681H97.0435V29H90.2867ZM86.0928 15.6417V10.011H101.237V15.6417H86.0928Z" />
             <path
-                d="M72.4414 29.3883C70.6033 29.3883 68.9853 28.9612 67.5873 28.1068C66.1893 27.2525 65.0891 26.0876 64.2866 24.6119C63.5099 23.1104 63.1216 21.4147 63.1216 19.5249C63.1216 17.6091 63.5099 15.9005 64.2866 14.399C65.0891 12.8975 66.1764 11.7325 67.5485 10.9041C68.9464 10.0498 70.5774 9.62262 72.4414 9.62262C73.6322 9.62262 74.7454 9.84267 75.781 10.2828C76.8165 10.697 77.6837 11.2924 78.3827 12.0691C79.0817 12.8457 79.4959 13.7259 79.6254 14.7097V23.9906C79.4959 24.9744 79.0817 25.8805 78.3827 26.7089C77.6837 27.5373 76.8165 28.1975 75.781 28.6893C74.7454 29.1553 73.6322 29.3883 72.4414 29.3883ZM73.6452 23.3693C74.3959 23.3693 75.0431 23.214 75.5868 22.9033C76.1304 22.5668 76.5576 22.1137 76.8683 21.5442C77.2048 20.9487 77.3731 20.2627 77.3731 19.4861C77.3731 18.7353 77.2177 18.0751 76.9071 17.5056C76.5964 16.9361 76.1563 16.483 75.5868 16.1465C75.0431 15.8099 74.4089 15.6416 73.684 15.6416C72.9591 15.6416 72.3119 15.8099 71.7424 16.1465C71.1987 16.483 70.7586 16.949 70.4221 17.5444C70.1114 18.114 69.9561 18.7612 69.9561 19.4861C69.9561 20.2368 70.1114 20.9099 70.4221 21.5053C70.7327 22.0749 71.1728 22.5279 71.7424 22.8645C72.3119 23.201 72.9462 23.3693 73.6452 23.3693ZM83.7416 29H77.1012V23.9129L78.0721 19.2531L76.9848 14.6708V0.691162H83.7416V29Z"
-                fill="white" />
-            <path d="M53.5537 29V10.011H60.3494V29H53.5537Z" fill="white" />
-            <path d="M42.8608 29V0.691162H49.6177V29H42.8608Z" fill="white" />
+                d="M72.4414 29.3883C70.6033 29.3883 68.9853 28.9612 67.5873 28.1068C66.1893 27.2525 65.0891 26.0876 64.2866 24.6119C63.5099 23.1104 63.1216 21.4147 63.1216 19.5249C63.1216 17.6091 63.5099 15.9005 64.2866 14.399C65.0891 12.8975 66.1764 11.7325 67.5485 10.9041C68.9464 10.0498 70.5774 9.62262 72.4414 9.62262C73.6322 9.62262 74.7454 9.84267 75.781 10.2828C76.8165 10.697 77.6837 11.2924 78.3827 12.0691C79.0817 12.8457 79.4959 13.7259 79.6254 14.7097V23.9906C79.4959 24.9744 79.0817 25.8805 78.3827 26.7089C77.6837 27.5373 76.8165 28.1975 75.781 28.6893C74.7454 29.1553 73.6322 29.3883 72.4414 29.3883ZM73.6452 23.3693C74.3959 23.3693 75.0431 23.214 75.5868 22.9033C76.1304 22.5668 76.5576 22.1137 76.8683 21.5442C77.2048 20.9487 77.3731 20.2627 77.3731 19.4861C77.3731 18.7353 77.2177 18.0751 76.9071 17.5056C76.5964 16.9361 76.1563 16.483 75.5868 16.1465C75.0431 15.8099 74.4089 15.6416 73.684 15.6416C72.9591 15.6416 72.3119 15.8099 71.7424 16.1465C71.1987 16.483 70.7586 16.949 70.4221 17.5444C70.1114 18.114 69.9561 18.7612 69.9561 19.4861C69.9561 20.2368 70.1114 20.9099 70.4221 21.5053C70.7327 22.0749 71.1728 22.5279 71.7424 22.8645C72.3119 23.201 72.9462 23.3693 73.6452 23.3693ZM83.7416 29H77.1012V23.9129L78.0721 19.2531L76.9848 14.6708V0.691162H83.7416V29Z" />
+            <path d="M53.5537 29V10.011H60.3494V29H53.5537Z" />
+            <path d="M42.8608 29V0.691162H49.6177V29H42.8608Z" />
             <path
-                d="M29.6176 29.4272C27.5724 29.4272 25.7473 29 24.1423 28.1457C22.5631 27.2655 21.3075 26.0746 20.3755 24.5731C19.4435 23.0457 18.9775 21.3371 18.9775 19.4472C18.9775 17.5574 19.4306 15.8746 20.3367 14.399C21.2687 12.8975 22.5372 11.7196 24.1423 10.8653C25.7473 9.98505 27.5595 9.54495 29.5788 9.54495C31.5981 9.54495 33.3973 9.98505 34.9765 10.8653C36.5816 11.7196 37.8501 12.8975 38.7821 14.399C39.714 15.8746 40.18 17.5574 40.18 19.4472C40.18 21.3371 39.714 23.0457 38.7821 24.5731C37.876 26.0746 36.6204 27.2655 35.0153 28.1457C33.4361 29 31.6369 29.4272 29.6176 29.4272ZM29.5788 23.4081C30.3295 23.4081 30.9768 23.2528 31.5204 22.9421C32.09 22.6056 32.5301 22.1396 32.8407 21.5442C33.1514 20.9487 33.3067 20.2627 33.3067 19.4861C33.3067 18.7094 33.1384 18.0363 32.8019 17.4668C32.4912 16.8713 32.0641 16.4183 31.5204 16.1076C30.9768 15.7711 30.3295 15.6028 29.5788 15.6028C28.8539 15.6028 28.2067 15.7711 27.6372 16.1076C27.0676 16.4442 26.6275 16.9102 26.3169 17.5056C26.0062 18.0751 25.8509 18.7482 25.8509 19.5249C25.8509 20.2756 26.0062 20.9487 26.3169 21.5442C26.6275 22.1396 27.0676 22.6056 27.6372 22.9421C28.2067 23.2528 28.8539 23.4081 29.5788 23.4081Z"
-                fill="white" />
+                d="M29.6176 29.4272C27.5724 29.4272 25.7473 29 24.1423 28.1457C22.5631 27.2655 21.3075 26.0746 20.3755 24.5731C19.4435 23.0457 18.9775 21.3371 18.9775 19.4472C18.9775 17.5574 19.4306 15.8746 20.3367 14.399C21.2687 12.8975 22.5372 11.7196 24.1423 10.8653C25.7473 9.98505 27.5595 9.54495 29.5788 9.54495C31.5981 9.54495 33.3973 9.98505 34.9765 10.8653C36.5816 11.7196 37.8501 12.8975 38.7821 14.399C39.714 15.8746 40.18 17.5574 40.18 19.4472C40.18 21.3371 39.714 23.0457 38.7821 24.5731C37.876 26.0746 36.6204 27.2655 35.0153 28.1457C33.4361 29 31.6369 29.4272 29.6176 29.4272ZM29.5788 23.4081C30.3295 23.4081 30.9768 23.2528 31.5204 22.9421C32.09 22.6056 32.5301 22.1396 32.8407 21.5442C33.1514 20.9487 33.3067 20.2627 33.3067 19.4861C33.3067 18.7094 33.1384 18.0363 32.8019 17.4668C32.4912 16.8713 32.0641 16.4183 31.5204 16.1076C30.9768 15.7711 30.3295 15.6028 29.5788 15.6028C28.8539 15.6028 28.2067 15.7711 27.6372 16.1076C27.0676 16.4442 26.6275 16.9102 26.3169 17.5056C26.0062 18.0751 25.8509 18.7482 25.8509 19.5249C25.8509 20.2756 26.0062 20.9487 26.3169 21.5442C26.6275 22.1396 27.0676 22.6056 27.6372 22.9421C28.2067 23.2528 28.8539 23.4081 29.5788 23.4081Z" />
             <path
-                d="M9.20323 29.5437C8.03825 29.5437 6.88622 29.3883 5.74714 29.0777C4.63394 28.767 3.58547 28.3528 2.60172 27.835C1.64385 27.2914 0.828369 26.6701 0.155273 25.9711L3.84435 22.2043C4.46567 22.8515 5.20349 23.3564 6.0578 23.7188C6.938 24.0812 7.86998 24.2624 8.85373 24.2624C9.42328 24.2624 9.85043 24.1848 10.1352 24.0295C10.4459 23.8741 10.6012 23.6541 10.6012 23.3693C10.6012 22.9551 10.3811 22.6444 9.94104 22.4373C9.52683 22.2043 8.97023 22.0102 8.27125 21.8548C7.59815 21.6736 6.88623 21.4665 6.13547 21.2335C5.38471 20.9746 4.65983 20.6381 3.96085 20.2239C3.26187 19.8097 2.69232 19.2272 2.25222 18.4764C1.83801 17.7257 1.63091 16.7678 1.63091 15.6028C1.63091 14.3861 1.95451 13.3247 2.60172 12.4186C3.27481 11.4866 4.20679 10.7617 5.39765 10.2439C6.58851 9.70029 7.98648 9.42847 9.59155 9.42847C11.2225 9.42847 12.7758 9.71324 14.2514 10.2828C15.7271 10.8264 16.9179 11.6549 17.824 12.7681L14.0961 16.5348C13.4748 15.8358 12.7888 15.3569 12.038 15.098C11.2872 14.8132 10.6012 14.6708 9.97987 14.6708C9.38444 14.6708 8.95729 14.7615 8.6984 14.9427C8.43952 15.098 8.31008 15.318 8.31008 15.6028C8.31008 15.9394 8.51719 16.2112 8.9314 16.4183C9.3715 16.6254 9.9281 16.8196 10.6012 17.0008C11.3002 17.1561 12.0121 17.3632 12.737 17.6221C13.4877 17.881 14.1997 18.2434 14.8728 18.7094C15.5717 19.1495 16.1283 19.7449 16.5426 20.4957C16.9827 21.2465 17.2027 22.2173 17.2027 23.4081C17.2027 25.298 16.4778 26.7995 15.0281 27.9127C13.5783 29 11.6367 29.5437 9.20323 29.5437Z"
-                fill="white" />
+                d="M9.20323 29.5437C8.03825 29.5437 6.88622 29.3883 5.74714 29.0777C4.63394 28.767 3.58547 28.3528 2.60172 27.835C1.64385 27.2914 0.828369 26.6701 0.155273 25.9711L3.84435 22.2043C4.46567 22.8515 5.20349 23.3564 6.0578 23.7188C6.938 24.0812 7.86998 24.2624 8.85373 24.2624C9.42328 24.2624 9.85043 24.1848 10.1352 24.0295C10.4459 23.8741 10.6012 23.6541 10.6012 23.3693C10.6012 22.9551 10.3811 22.6444 9.94104 22.4373C9.52683 22.2043 8.97023 22.0102 8.27125 21.8548C7.59815 21.6736 6.88623 21.4665 6.13547 21.2335C5.38471 20.9746 4.65983 20.6381 3.96085 20.2239C3.26187 19.8097 2.69232 19.2272 2.25222 18.4764C1.83801 17.7257 1.63091 16.7678 1.63091 15.6028C1.63091 14.3861 1.95451 13.3247 2.60172 12.4186C3.27481 11.4866 4.20679 10.7617 5.39765 10.2439C6.58851 9.70029 7.98648 9.42847 9.59155 9.42847C11.2225 9.42847 12.7758 9.71324 14.2514 10.2828C15.7271 10.8264 16.9179 11.6549 17.824 12.7681L14.0961 16.5348C13.4748 15.8358 12.7888 15.3569 12.038 15.098C11.2872 14.8132 10.6012 14.6708 9.97987 14.6708C9.38444 14.6708 8.95729 14.7615 8.6984 14.9427C8.43952 15.098 8.31008 15.318 8.31008 15.6028C8.31008 15.9394 8.51719 16.2112 8.9314 16.4183C9.3715 16.6254 9.9281 16.8196 10.6012 17.0008C11.3002 17.1561 12.0121 17.3632 12.737 17.6221C13.4877 17.881 14.1997 18.2434 14.8728 18.7094C15.5717 19.1495 16.1283 19.7449 16.5426 20.4957C16.9827 21.2465 17.2027 22.2173 17.2027 23.4081C17.2027 25.298 16.4778 26.7995 15.0281 27.9127C13.5783 29 11.6367 29.5437 9.20323 29.5437Z" />
         </svg>
     </div>
 
     <div
         class="w-full sm:max-w-md mt-6 px-6 py-4 bg-card-background shadow-md border border-card-border overflow-hidden sm:rounded-lg">
 
-        <div class="card card-default">
-            <div class="text-base text-muted">
-                <!-- Introduction -->
-                <p class="text-center pb-4"><strong class="text-white">{{ $client->name }}</strong> is requesting permission
-                    to access your
-                    account.</p>
+        <!-- Introduction -->
+        <p class="text-center pb-4 text-text-primary"><strong class="text-text-primary">{{ $client->name }}</strong> is requesting permission
+            to access your
+            account.</p>
 
-                <!-- Scope List -->
-                @if (count($scopes) > 0)
-                    <div class="pb-4">
-                        <p><strong>This application will be able to:</strong></p>
+        <!-- Scope List -->
+        @if (count($scopes) > 0)
+            <div class="pb-4">
+                <p class="text-text-primary"><strong>This application will be able to:</strong></p>
 
-                        <ul class="list-disc pl-5 py-2">
-                            @foreach ($scopes as $scope)
-                                <li>{{ $scope->description }}</li>
-                            @endforeach
-                        </ul>
-                    </div>
-                @endif
-
-                <div class="flex flex-col sm:flex-row sm:space-x-5 space-x-0 space-y-3 sm:space-y-0">
-                    <!-- Authorize Button -->
-                    <form method="post" class="flex-1" action="{{ route('passport.authorizations.approve') }}">
-                        @csrf
-
-                        <input type="hidden" name="state" value="{{ $request->state }}">
-                        <input type="hidden" name="client_id" value="{{ $client->getKey() }}">
-                        <input type="hidden" name="auth_token" value="{{ $authToken }}">
-                        <button type="submit"
-                                class="w-full text-center items-center px-2 sm:px-3 py-2 bg-accent-300/10 border border-accent-300/20 rounded-md font-semibold text-xs sm:text-sm text-white hover:bg-accent-300/20 active:bg-accent-300/20 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 transition ease-in-out duration-150">
-                            Authorize
-                        </button>
-                    </form>
-
-                    <!-- Cancel Button -->
-                    <form method="post" class="flex-1" action="{{ route('passport.authorizations.deny') }}">
-                        @csrf
-                        @method('DELETE')
-
-                        <input type="hidden" name="state" value="{{ $request->state }}">
-                        <input type="hidden" name="client_id" value="{{ $client->getKey() }}">
-                        <input type="hidden" name="auth_token" value="{{ $authToken }}">
-                        <button
-                            class="w-full text-center text-xs sm:text-sm px-2 sm:px-3 py-2 bg-button-secondary-background border border-button-secondary-border hover:bg-button-secondary-background-hover shadow-sm transition text-white rounded-lg font-medium items-center space-x-1.5 focus-visible:border-input-border-active focus:outline-none focus:ring-0 disabled:opacity-25 ease-in-out">
-                            Cancel
-                        </button>
-                    </form>
-                </div>
+                <ul class="list-disc pl-5 py-2 text-text-primary">
+                    @foreach ($scopes as $scope)
+                        <li>{{ $scope->description }}</li>
+                    @endforeach
+                </ul>
             </div>
+        @endif
+
+        <div class="flex flex-col sm:flex-row sm:space-x-5 space-x-0 space-y-3 sm:space-y-0">
+            <!-- Authorize Button -->
+            <form method="post" class="flex-1" action="{{ route('passport.authorizations.approve') }}">
+                @csrf
+
+                <input type="hidden" name="state" value="{{ $request->state }}">
+                <input type="hidden" name="client_id" value="{{ $client->getKey() }}">
+                <input type="hidden" name="auth_token" value="{{ $authToken }}">
+                <button type="submit"
+                        class="w-full text-center items-center px-2 sm:px-3 py-2 bg-accent-300/10 border border-accent-300/20 rounded-md font-semibold text-xs sm:text-sm text-text-primary hover:bg-accent-300/20 active:bg-accent-300/20 focus:outline-none focus:ring-2 focus:ring-accent-300 focus:ring-offset-2 transition ease-in-out duration-150">
+                    Authorize
+                </button>
+            </form>
+
+            <!-- Cancel Button -->
+            <form method="post" class="flex-1" action="{{ route('passport.authorizations.deny') }}">
+                @csrf
+                @method('DELETE')
+
+                <input type="hidden" name="state" value="{{ $request->state }}">
+                <input type="hidden" name="client_id" value="{{ $client->getKey() }}">
+                <input type="hidden" name="auth_token" value="{{ $authToken }}">
+                <button
+                    class="w-full text-center text-xs sm:text-sm px-2 sm:px-3 py-2 bg-button-secondary-background border border-button-secondary-border hover:bg-button-secondary-background-hover shadow-sm transition text-text-primary rounded-lg font-medium items-center space-x-1.5 focus-visible:border-input-border-active focus:outline-none focus:ring-0 disabled:opacity-25 ease-in-out">
+                    Cancel
+                </button>
+            </form>
         </div>
 
     </div>

resources/views/emails/auth-api-expiration-reminder.blade.php

@@ -0,0 +1,12 @@
+@component('mail::message')
+
+{{ __('The API token ":token" expired.', ['token' => $tokenName]) }}
+
+
+{{ __('You can create a new API token in your profile:') }}
+
+@component('mail::button', ['url' => $profileUrl])
+    {{ __('Go to your profile') }}
+@endcomponent
+
+@endcomponent

resources/views/emails/auth-api-token-expired.blade.php

@@ -0,0 +1,13 @@
+@component('mail::message')
+
+{{ __('The API token ":token" will expire in 7 days!', ['token' => $tokenName]) }}
+
+{{ __('Please make sure to create a new API token and use the new one instead before it expires to avoid any disruptions in service.') }}
+
+{{ __('You can create a new API token in your profile:') }}
+
+@component('mail::button', ['url' => $profileUrl])
+    {{ __('Go to your profile') }}
+@endcomponent
+
+@endcomponent