Use composer.json instead of composer.lock

Use recommended `anonymous`, see https://developer.mozilla.org/en-US/docs/Web/API/HTMLImageElement/crossOrigin

.github/ISSUE_TEMPLATE/bug-report.md

@@ -3,9 +3,6 @@ name: "🐛 Bug Report"
 about: "If something isn't working as expected"
 
 ---
-<!--
-IMPORTANT: If you discover a security vulnerability within Flarum, please send an email to [security@flarum.org](mailto:security@flarum.org) instead. We will address these with the utmost urgency and it will prevent vulnerabilities, which may be abused, from popping up on our issue tracker.
--->
 ## Bug Report
 
 **Current Behavior**

.github/ISSUE_TEMPLATE/security-vulnerability.md

@@ -1,8 +0,0 @@
----
-name: "🔒 Security Vulnerability"
-about: "When you discover a security issue"
----
-
-If you discover a security vulnerability within Flarum, please send an email to [security@flarum.org](mailto:security@flarum.org) instead.
-**DO NOT open an issue on this repository.**
-We will address these with the utmost urgency and it will prevent vulnerabilities, which may be abused, from popping up on our issue tracker.

.github/PULL_REQUEST_TEMPLATE.md

@@ -16,7 +16,7 @@ IMPORTANT: We applaud pull requests, they excite us every single time. As we hav
 **Confirmed**
 
 - [ ] Frontend changes: tested on a local Flarum installation.
-- [ ] Backend changes: tests are green (run `php vendor/bin/phpunit`).
+- [ ] Backend changes: tests are green (run `composer test`).
 
 **Required changes:**
 

.github/workflows/build.yml

@@ -0,0 +1,16 @@
+name: JavaScript
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@master
+      - uses: flarum/action-build@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -0,0 +1,80 @@
+name: Tests
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        php: [7.1, 7.2, 7.3]
+        service: ['mysql:5.7', mariadb]
+        prefix: ['', flarum_]
+
+        include:
+          - service: 'mysql:5.7'
+            db: MySQL
+          - service: mariadb
+            db: MariaDB
+          - prefix: flarum_
+            prefixStr: (prefix)
+
+        exclude:
+          - php: 7.1
+            service: 'mysql:5.7'
+            prefix: flarum_
+          - php: 7.1
+            service: mariadb
+            prefix: flarum_
+          - php: 7.2
+            service: 'mysql:5.7'
+            prefix: flarum_
+          - php: 7.2
+            service: mariadb
+            prefix: flarum_
+
+    services:
+      mysql:
+        image: ${{ matrix.service }}
+        ports:
+          - 13306:3306
+
+    name: 'PHP ${{ matrix.php }} / ${{ matrix.db }} ${{ matrix.prefixStr }}'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v1
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "::set-output name=dir::$(composer config cache-files-dir)"
+
+      - uses: actions/cache@v1
+        id: cache
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Select PHP version
+        run: sudo update-alternatives --set php $(which php${{ matrix.php }})
+
+      - name: Create MySQL Database
+        run: mysql -uroot -proot -e 'CREATE DATABASE flarum_test;' --port 13306
+
+      - name: Install Composer dependencies
+        if: steps.cache.outputs.cache-hit != 'true'
+        run: composer install
+
+      - name: Setup Composer tests
+        run: composer test:setup
+        env:
+          DB_PORT: 13306
+          DB_PASSWORD: root
+          DB_PREFIX: ${{ matrix.prefix }}
+
+      - name: Run Composer tests
+        run: composer test

.travis.yml

@@ -1,55 +0,0 @@
-language: php
-
-cache:
-  directories:
-    - $HOME/.composer/cache
-    - $HOME/.npm
-
-install:
-  - composer install
-  - mysql -e 'CREATE DATABASE flarum_test;'
-
-before_script:
-  - echo 'error_reporting = E_ALL' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini
-
-script:
-  - composer test:setup
-  - composer test
-
-jobs:
-  include:
-    - php: 7.1
-      env: DB=mysql
-
-    - php: 7.2
-      env: DB=mysql
-
-    - php: 7.3
-      env: DB=mysql
-
-    - php: 7.1
-      addons:
-        mariadb: '10.2'
-      env: DB=mariadb
-
-    - php: 7.2
-      addons:
-        mariadb: '10.2'
-      env: DB=mariadb
-
-    - php: 7.3
-      addons:
-        mariadb: '10.2'
-      env: DB=mariadb
-
-    - php: 7.2
-      env: DB=mysql PREFIX=forum_
-
-    - stage: build
-      language: generic
-      if: branch = master AND type = push
-      install: skip
-      script: bash .travis/build.sh
-        -k $encrypted_678139e2bc67_key
-        -i $encrypted_678139e2bc67_iv
-      after_success: skip

.travis/build.sh

@@ -1,33 +0,0 @@
-#!/bin/bash
-
-main() {
-  while getopts ":k:i:" opt; do
-    case $opt in
-      k) encrypted_key="$OPTARG"
-      ;;
-      i) encrypted_iv="$OPTARG"
-      ;;
-      \?) echo "Invalid option -$OPTARG" >&2
-      ;;
-    esac
-  done
-
-  git checkout -f $TRAVIS_BRANCH
-  git config user.name "flarum-bot"
-  git config user.email "bot@flarum.org"
-
-  cd js
-  npm i -g npm@6.1.0
-  npm ci
-  npm run build
-
-  git add dist/* -f
-  git commit -m "Bundled output for commit $TRAVIS_COMMIT [skip ci]"
-
-  eval `ssh-agent -s`
-  openssl aes-256-cbc -K $encrypted_key -iv $encrypted_iv -in ../.deploy.enc -d | ssh-add -
-
-  git push git@github.com:$TRAVIS_REPO_SLUG.git $TRAVIS_BRANCH
-}
-
-main "$@"

CHANGELOG.md

@@ -1,5 +1,31 @@
 # Changelog
 
+## [0.1.0-beta.10](https://github.com/flarum/core/compare/v0.1.0-beta.9...v0.1.0-beta.10)
+
+### Added
+- Initial queue support: Infrastructure for offloading long-running tasks (e.g. email sending) to background workers (#1773)
+- Notifications can now be marked as read without visiting a discussion (#151)
+- SEO: The discussion list now has a `rel="canonical"` meta tag, preventing duplicate content (#1134, #1814)
+- The "Edit User" permission can now be edited in the UI (#1845)
+- New status message and redirect after user deletion (#1750, #1777)
+- Errors in Flarum's boot process are now presented with more detailed information (#1607)
+
+### Changed
+- Better, more detailed and extensible error handling (#1641, #1843)
+- Error pages in debug mode now return the same HTTP status codes as in production (#1648)
+- Tweak HTTP status codes for authentication / authorization errors (#1854)
+- Already-used links from account activation emails now show a better error message (#1337)
+
+### Fixed
+- Security vulnerabilities in dependencies
+- Performance: High CPU usage when scrolling in a discussion (#1222)
+- Special characters crashed the search (#1498)
+- Missing declarations for language and text direction in HTML output (#1772)
+- Private messages were counted in user post counts (#1695)
+- Extensions could not change the forum's default page (#1819)
+- API requests authenticated using access tokens needed to provide a CSRF token (#1828)
+- Accessibility: Screenreaders did not read the "Back to discussion list" link (#1835)
+
 ## [0.1.0-beta.9](https://github.com/flarum/core/compare/v0.1.0-beta.8.2...v0.1.0-beta.9)
 
 ### Added

composer.json

@@ -12,6 +12,10 @@
         {
             "name": "Franz Liedke",
             "email": "franz@develophp.org"
+        },
+        {
+          "name": "Daniel Klabbers",
+          "email": "daniel@klabbers.email"
         }
     ],
     "support": {
@@ -36,6 +40,7 @@
         "illuminate/filesystem": "5.7.*",
         "illuminate/hashing": "5.7.*",
         "illuminate/mail": "5.7.*",
+        "illuminate/queue": "5.7.*",
         "illuminate/session": "5.7.*",
         "illuminate/support": "5.7.*",
         "illuminate/validation": "5.7.*",
@@ -55,6 +60,7 @@
         "s9e/text-formatter": "^1.2.0",
         "symfony/config": "^3.3",
         "symfony/console": "^4.2",
+        "symfony/event-dispatcher": "^4.3.2",
         "symfony/translation": "^3.3",
         "symfony/yaml": "^3.3",
         "tobscure/json-api": "^0.3.0",
@@ -63,8 +69,8 @@
         "zendframework/zend-stratigility": "^3.0"
     },
     "require-dev": {
-        "mockery/mockery": "^0.9.4",
-        "phpunit/phpunit": "^6.0"
+        "mockery/mockery": "^1.0",
+        "phpunit/phpunit": "^7.0"
     },
     "autoload": {
         "psr-4": {
@@ -95,5 +101,11 @@
         "test:unit": "phpunit -c tests/phpunit.unit.xml",
         "test:integration": "phpunit -c tests/phpunit.integration.xml",
         "test:setup": "@php tests/integration/setup.php"
+    },
+    "scripts-descriptions": {
+        "test": "Runs all tests.",
+        "test:unit": "Runs all unit tests.",
+        "test:integration": "Runs all integration tests.",
+        "test:setup": "Sets up a database for use with integration tests. Execute this only once."
     }
 }

js/package-lock.json

@@ -1098,6 +1098,16 @@
       "requires": {
         "micromatch": "^3.1.4",
         "normalize-path": "^2.1.1"
+      },
+      "dependencies": {
+        "normalize-path": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz",
+          "integrity": "sha1-GrKLVW4Zg2Oowab35vogE3/mrtk=",
+          "requires": {
+            "remove-trailing-separator": "^1.0.1"
+          }
+        }
       }
     },
     "aproba": {
@@ -1164,9 +1174,9 @@
       "integrity": "sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c="
     },
     "async-each": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz",
-      "integrity": "sha1-GdOGodntxufByF04iu28xW0zYC0="
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.3.tgz",
+      "integrity": "sha512-z/WhQ5FPySLdvREByI2vZiTWwCnF0moMJ1hK9YQwDTHKh6I7/uSckMetoRGb5UBZPC1z0jlw+n/XCgjeH7y1AQ=="
     },
     "atob": {
       "version": "2.1.2",
@@ -1250,9 +1260,9 @@
       "integrity": "sha512-+hN/Zh2D08Mx65pZ/4g5bsmNiZUuChDiQfTUQ7qJr4/kuopCr88xZsAXv6mBoZEsUI4OuGHlX59qE94K2mMW8Q=="
     },
     "binary-extensions": {
-      "version": "1.12.0",
-      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.12.0.tgz",
-      "integrity": "sha512-DYWGk01lDcxeS/K9IHPGWfT8PsJmbXRtRd2Sx72Tnb8pcYZQFF1oSDb8hJtS1vhp212q1Rzi5dUf9+nq0o9UIg=="
+      "version": "1.13.1",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.13.1.tgz",
+      "integrity": "sha512-Un7MIEDdUC5gNpcGDV97op1Ywk748MpHcFTHoYs6qnj1Z3j7I53VG3nwZhKzoBZmbdRNnb6WRdFlwl7tSDuZGw=="
     },
     "bluebird": {
       "version": "3.5.3",
@@ -1468,23 +1478,22 @@
       }
     },
     "chokidar": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-2.0.4.tgz",
-      "integrity": "sha512-z9n7yt9rOvIJrMhvDtDictKrkFHeihkNl6uWMmZlmL6tJtX9Cs+87oK+teBx+JIgzvbX3yZHT3eF8vpbDxHJXQ==",
+      "version": "2.1.8",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-2.1.8.tgz",
+      "integrity": "sha512-ZmZUazfOzf0Nve7duiCKD23PFSCs4JPoYyccjUFF3aQkQadqBhfzhjkwBH2mNOG9cTBwhamM37EIsIkZw3nRgg==",
       "requires": {
         "anymatch": "^2.0.0",
-        "async-each": "^1.0.0",
-        "braces": "^2.3.0",
-        "fsevents": "^1.2.2",
+        "async-each": "^1.0.1",
+        "braces": "^2.3.2",
+        "fsevents": "^1.2.7",
         "glob-parent": "^3.1.0",
-        "inherits": "^2.0.1",
+        "inherits": "^2.0.3",
         "is-binary-path": "^1.0.0",
         "is-glob": "^4.0.0",
-        "lodash.debounce": "^4.0.8",
-        "normalize-path": "^2.1.1",
+        "normalize-path": "^3.0.0",
         "path-is-absolute": "^1.0.0",
-        "readdirp": "^2.0.0",
-        "upath": "^1.0.5"
+        "readdirp": "^2.2.1",
+        "upath": "^1.1.1"
       }
     },
     "chownr": {
@@ -2204,13 +2213,13 @@
       "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
     },
     "fsevents": {
-      "version": "1.2.4",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.4.tgz",
-      "integrity": "sha512-z8H8/diyk76B7q5wg+Ud0+CqzcAF3mBBI/bA5ne5zrRUUIvNkJY//D3BqyH571KuAC4Nr7Rw7CjWX4r0y9DvNg==",
+      "version": "1.2.9",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.9.tgz",
+      "integrity": "sha512-oeyj2H3EjjonWcFjD5NvZNE9Rqe4UW+nQBU2HNeKw0koVLEFIhtyETyAakeAM3de7Z/SW5kcA+fZUait9EApnw==",
       "optional": true,
       "requires": {
-        "nan": "^2.9.2",
-        "node-pre-gyp": "^0.10.0"
+        "nan": "^2.12.1",
+        "node-pre-gyp": "^0.12.0"
       },
       "dependencies": {
         "abbrev": {
@@ -2229,7 +2238,7 @@
           "optional": true
         },
         "are-we-there-yet": {
-          "version": "1.1.4",
+          "version": "1.1.5",
           "bundled": true,
           "optional": true,
           "requires": {
@@ -2252,7 +2261,7 @@
           }
         },
         "chownr": {
-          "version": "1.0.1",
+          "version": "1.1.1",
           "bundled": true,
           "optional": true
         },
@@ -2277,15 +2286,15 @@
           "optional": true
         },
         "debug": {
-          "version": "2.6.9",
+          "version": "4.1.1",
           "bundled": true,
           "optional": true,
           "requires": {
-            "ms": "2.0.0"
+            "ms": "^2.1.1"
           }
         },
         "deep-extend": {
-          "version": "0.5.1",
+          "version": "0.6.0",
           "bundled": true,
           "optional": true
         },
@@ -2328,7 +2337,7 @@
           }
         },
         "glob": {
-          "version": "7.1.2",
+          "version": "7.1.3",
           "bundled": true,
           "optional": true,
           "requires": {
@@ -2346,11 +2355,11 @@
           "optional": true
         },
         "iconv-lite": {
-          "version": "0.4.21",
+          "version": "0.4.24",
           "bundled": true,
           "optional": true,
           "requires": {
-            "safer-buffer": "^2.1.0"
+            "safer-buffer": ">= 2.1.2 < 3"
           }
         },
         "ignore-walk": {
@@ -2407,16 +2416,16 @@
           "optional": true
         },
         "minipass": {
-          "version": "2.2.4",
+          "version": "2.3.5",
           "bundled": true,
           "optional": true,
           "requires": {
-            "safe-buffer": "^5.1.1",
+            "safe-buffer": "^5.1.2",
             "yallist": "^3.0.0"
           }
         },
         "minizlib": {
-          "version": "1.1.0",
+          "version": "1.2.1",
           "bundled": true,
           "optional": true,
           "requires": {
@@ -2432,32 +2441,32 @@
           }
         },
         "ms": {
-          "version": "2.0.0",
+          "version": "2.1.1",
           "bundled": true,
           "optional": true
         },
         "needle": {
-          "version": "2.2.0",
+          "version": "2.3.0",
           "bundled": true,
           "optional": true,
           "requires": {
-            "debug": "^2.1.2",
+            "debug": "^4.1.0",
             "iconv-lite": "^0.4.4",
             "sax": "^1.2.4"
           }
         },
         "node-pre-gyp": {
-          "version": "0.10.0",
+          "version": "0.12.0",
           "bundled": true,
           "optional": true,
           "requires": {
             "detect-libc": "^1.0.2",
             "mkdirp": "^0.5.1",
-            "needle": "^2.2.0",
+            "needle": "^2.2.1",
             "nopt": "^4.0.1",
             "npm-packlist": "^1.1.6",
             "npmlog": "^4.0.2",
-            "rc": "^1.1.7",
+            "rc": "^1.2.7",
             "rimraf": "^2.6.1",
             "semver": "^5.3.0",
             "tar": "^4"
@@ -2473,12 +2482,12 @@
           }
         },
         "npm-bundled": {
-          "version": "1.0.3",
+          "version": "1.0.6",
           "bundled": true,
           "optional": true
         },
         "npm-packlist": {
-          "version": "1.1.10",
+          "version": "1.4.1",
           "bundled": true,
           "optional": true,
           "requires": {
@@ -2545,11 +2554,11 @@
           "optional": true
         },
         "rc": {
-          "version": "1.2.7",
+          "version": "1.2.8",
           "bundled": true,
           "optional": true,
           "requires": {
-            "deep-extend": "^0.5.1",
+            "deep-extend": "^0.6.0",
             "ini": "~1.3.0",
             "minimist": "^1.2.0",
             "strip-json-comments": "~2.0.1"
@@ -2577,15 +2586,15 @@
           }
         },
         "rimraf": {
-          "version": "2.6.2",
+          "version": "2.6.3",
           "bundled": true,
           "optional": true,
           "requires": {
-            "glob": "^7.0.5"
+            "glob": "^7.1.3"
           }
         },
         "safe-buffer": {
-          "version": "5.1.1",
+          "version": "5.1.2",
           "bundled": true,
           "optional": true
         },
@@ -2600,7 +2609,7 @@
           "optional": true
         },
         "semver": {
-          "version": "5.5.0",
+          "version": "5.7.0",
           "bundled": true,
           "optional": true
         },
@@ -2646,16 +2655,16 @@
           "optional": true
         },
         "tar": {
-          "version": "4.4.1",
+          "version": "4.4.8",
           "bundled": true,
           "optional": true,
           "requires": {
-            "chownr": "^1.0.1",
+            "chownr": "^1.1.1",
             "fs-minipass": "^1.2.5",
-            "minipass": "^2.2.4",
-            "minizlib": "^1.1.0",
+            "minipass": "^2.3.4",
+            "minizlib": "^1.1.1",
             "mkdirp": "^0.5.0",
-            "safe-buffer": "^5.1.1",
+            "safe-buffer": "^5.1.2",
             "yallist": "^3.0.2"
           }
         },
@@ -2665,11 +2674,11 @@
           "optional": true
         },
         "wide-align": {
-          "version": "1.1.2",
+          "version": "1.1.3",
           "bundled": true,
           "optional": true,
           "requires": {
-            "string-width": "^1.0.2"
+            "string-width": "^1.0.2 || 2"
           }
         },
         "wrappy": {
@@ -2678,7 +2687,7 @@
           "optional": true
         },
         "yallist": {
-          "version": "3.0.2",
+          "version": "3.0.3",
           "bundled": true,
           "optional": true
         }
@@ -3032,9 +3041,9 @@
       "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8="
     },
     "is-glob": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.0.tgz",
-      "integrity": "sha1-lSHHaEXMJhCoUgPd8ICpWML/q8A=",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz",
+      "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==",
       "requires": {
         "is-extglob": "^2.1.1"
       }
@@ -3184,19 +3193,14 @@
       }
     },
     "lodash": {
-      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
-      "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg=="
+      "version": "4.17.15",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
+      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A=="
     },
     "lodash-es": {
-      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.11.tgz",
-      "integrity": "sha512-DHb1ub+rMjjrxqlB3H56/6MXtm1lSksDp2rA2cNWjG8mlDUYFhUj3Di2Zn5IwSU87xLv8tNIQ7sSwE/YOX/D/Q=="
-    },
-    "lodash.debounce": {
-      "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz",
-      "integrity": "sha1-gteb/zCmfEAF/9XiUVMArZyk168="
+      "version": "4.17.14",
+      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.14.tgz",
+      "integrity": "sha512-7zchRrGa8UZXjD/4ivUWP1867jDkhzTG2c/uj739utSd7O/pFFdxspCemIFKEEjErbcqRzn8nKnGsi7mvTgRPA=="
     },
     "loose-envify": {
       "version": "1.4.0",
@@ -3357,9 +3361,9 @@
       "integrity": "sha512-9XuGnVmS2OyFexUuP/CcJFFJjHLM+RGYBxyVRNyQ6khbMfDJIF/xyZ4zq18ZRfPagpFmWUFpjHd5ZqPULGZyNg=="
     },
     "mixin-deep": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz",
-      "integrity": "sha512-8ZItLHeEgaqEvd5lYBXfm4EZSFCX29Jb9K+lAHhDKzReKBQKj3R+7NOF6tjqYi9t4oI8VUfaWITJQm86wnXGNQ==",
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz",
+      "integrity": "sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==",
       "requires": {
         "for-in": "^1.0.2",
         "is-extendable": "^1.0.1"
@@ -3407,9 +3411,9 @@
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
     "nan": {
-      "version": "2.11.1",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.11.1.tgz",
-      "integrity": "sha512-iji6k87OSXa0CcrLl9z+ZiYSuR2o+c0bGuNmXdrhTQTakxytAFsC56SArGYoiHlJlFoHSnvmhpceZJaXkVuOtA==",
+      "version": "2.14.0",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz",
+      "integrity": "sha512-INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg==",
       "optional": true
     },
     "nanomatch": {
@@ -3486,12 +3490,9 @@
       }
     },
     "normalize-path": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.1.1.tgz",
-      "integrity": "sha1-GrKLVW4Zg2Oowab35vogE3/mrtk=",
-      "requires": {
-        "remove-trailing-separator": "^1.0.1"
-      }
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
     },
     "npm-run-path": {
       "version": "2.0.2",
@@ -4036,9 +4037,9 @@
       "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc="
     },
     "set-value": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz",
-      "integrity": "sha512-hw0yxk9GT/Hr5yJEYnHNKYXkIA8mVJgd9ditYZCe16ZczcaELYYcfvaXesNACk2O8O0nTiPQcQhGUQj8JLzeeg==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/set-value/-/set-value-2.0.1.tgz",
+      "integrity": "sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==",
       "requires": {
         "extend-shallow": "^2.0.1",
         "is-extendable": "^0.1.1",
@@ -4562,35 +4563,14 @@
       "integrity": "sha512-2WSLa6OdYd2ng8oqiGIWnJqyFArvhn+5vgx5GTxMbUYjCYKUcuKS62YLFF0R/BDGlB1yzXjQOLtPAfHsgirEpg=="
     },
     "union-value": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.0.tgz",
-      "integrity": "sha1-XHHDTLW61dzr4+oM0IIHulqhrqQ=",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/union-value/-/union-value-1.0.1.tgz",
+      "integrity": "sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==",
       "requires": {
         "arr-union": "^3.1.0",
         "get-value": "^2.0.6",
         "is-extendable": "^0.1.1",
-        "set-value": "^0.4.3"
-      },
-      "dependencies": {
-        "extend-shallow": {
-          "version": "2.0.1",
-          "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz",
-          "integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
-          "requires": {
-            "is-extendable": "^0.1.0"
-          }
-        },
-        "set-value": {
-          "version": "0.4.3",
-          "resolved": "https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz",
-          "integrity": "sha1-fbCPnT0i3H945Trzw79GZuzfzPE=",
-          "requires": {
-            "extend-shallow": "^2.0.1",
-            "is-extendable": "^0.1.1",
-            "is-plain-object": "^2.0.1",
-            "to-object-path": "^0.3.0"
-          }
-        }
+        "set-value": "^2.0.1"
       }
     },
     "unique-filename": {
@@ -4646,9 +4626,9 @@
       }
     },
     "upath": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/upath/-/upath-1.1.0.tgz",
-      "integrity": "sha512-bzpH/oBhoS/QI/YtbkqCg6VEiPYjSZtrHQM6/QnJS6OL9pKUFLqb3aFh4Scvwm45+7iAgiMkLhSbaZxUqmrprw=="
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/upath/-/upath-1.2.0.tgz",
+      "integrity": "sha512-aZwGpamFO61g3OlfT7OQCHqhGnW43ieH9WZeP7QxN/G/jS4jfqUkZxoryvJgVPEcrl5NL/ggHsSmLMHuH64Lhg=="
     },
     "uri-js": {
       "version": "4.2.2",

js/package.json

@@ -9,7 +9,7 @@
     "flarum-webpack-config": "0.1.0-beta.10",
     "jquery": "^3.4.1",
     "jquery.hotkeys": "^0.1.0",
-    "lodash-es": "^4.17.11",
+    "lodash-es": "^4.17.14",
     "m.attrs.bidi": "github:tobscure/m.attrs.bidi",
     "mithril": "^0.2.8",
     "moment": "^2.22.2",

js/src/admin/components/PermissionGrid.js

@@ -228,6 +228,12 @@ export default class PermissionGrid extends Component {
       permission: 'discussion.deletePosts'
     }, 60);
 
+    items.add('userEdit', {
+      icon: 'fas fa-user-cog',
+      label: app.translator.trans('core.admin.permissions.edit_users_label'),
+      permission: 'user.edit'
+    }, 60);
+    
     return items;
   }
 

js/src/common/Model.js

@@ -190,7 +190,7 @@ export default class Model {
    * @public
    */
   delete(data, options = {}) {
-    if (!this.exists) return m.deferred.resolve().promise;
+    if (!this.exists) return m.deferred().resolve().promise;
 
     return app.request(Object.assign({
       method: 'DELETE',

js/src/common/components/Button.js

@@ -29,6 +29,12 @@ export default class Button extends Component {
     attrs.className = attrs.className || '';
     attrs.type = attrs.type || 'button';
 
+    // If a tooltip was provided for buttons without additional content, we also
+    // use this tooltip as text for screen readers
+    if (attrs.title && !this.props.children) {
+      attrs['aria-label'] = attrs.title;
+    }
+
     // If nothing else is provided, we use the textual button content as tooltip
     if (!attrs.title && this.props.children) {
       attrs.title = extractText(this.props.children);

js/src/common/models/User.js

@@ -91,6 +91,7 @@ Object.assign(User.prototype, {
       user.freshness = new Date();
       m.redraw();
     };
+    image.crossOrigin = 'anonymous';
     image.src = this.avatarUrl();
   },
 

js/src/common/utils/ScrollListener.js

@@ -1,4 +1,4 @@
-const scroll = window.requestAnimationFrame ||
+const later = window.requestAnimationFrame ||
   window.webkitRequestAnimationFrame ||
   window.mozRequestAnimationFrame ||
   window.msRequestAnimationFrame ||
@@ -17,7 +17,7 @@ export default class ScrollListener {
    */
   constructor(callback) {
     this.callback = callback;
-    this.lastTop = -1;
+    this.ticking = false;
   }
 
   /**
@@ -27,27 +27,27 @@ export default class ScrollListener {
    * @protected
    */
   loop() {
-    if (!this.active) return;
+    // THROTTLE: If the callback is still running (or hasn't yet run), we ignore
+    // further scroll events.
+    if (this.ticking) return;
 
-    this.update();
+    // Schedule the callback to be executed soon (TM), and stop throttling once
+    // the callback is done.
+    later(() => {
+      this.update();
+      this.ticking = false;
+    });
 
-    scroll(this.loop.bind(this));
+    this.ticking = true;
   }
 
   /**
-   * Check if the scroll position has changed; if it has, run the handler.
+   * Run the callback, whether there was a scroll event or not.
    *
-   * @param {Boolean} [force=false] Whether or not to force the handler to be
-   *     run, even if the scroll position hasn't changed.
    * @public
    */
-  update(force) {
-    const top = window.pageYOffset;
-
-    if (this.lastTop !== top || force) {
-      this.callback(top);
-      this.lastTop = top;
-    }
+  update() {
+    this.callback(window.pageYOffset);
   }
 
   /**
@@ -57,8 +57,10 @@ export default class ScrollListener {
    */
   start() {
     if (!this.active) {
-      this.active = true;
-      this.loop();
+      window.addEventListener(
+        'scroll',
+        this.active = this.loop.bind(this)
+      );
     }
   }
 
@@ -68,6 +70,8 @@ export default class ScrollListener {
    * @public
    */
   stop() {
-    this.active = false;
+    window.removeEventListener('scroll', this.active);
+
+    this.active = null;
   }
 }

js/src/forum/components/LogInButton.js

@@ -13,7 +13,7 @@ export default class LogInButton extends Button {
     props.className = (props.className || '') + ' LogInButton';
 
     props.onclick = function() {
-      const width = 600;
+      const width = 580;
       const height = 400;
       const $window = $(window);
 
@@ -22,7 +22,7 @@ export default class LogInButton extends Button {
         `height=${height},` +
         `top=${$window.height() / 2 - height / 2},` +
         `left=${$window.width() / 2 - width / 2},` +
-        'status=no,scrollbars=no,resizable=no');
+        'status=no,scrollbars=yes,resizable=no');
     };
 
     super.initProps(props);

js/src/forum/components/Notification.js

@@ -2,6 +2,7 @@ import Component from '../../common/Component';
 import avatar from '../../common/helpers/avatar';
 import icon from '../../common/helpers/icon';
 import humanTime from '../../common/helpers/humanTime';
+import Button from '../../common/components/Button';
 
 /**
  * The `Notification` component abstract displays a single notification.
@@ -26,6 +27,17 @@ export default class Notification extends Component {
 
           if (!isInitialized) $(element).click(this.markAsRead.bind(this));
         }}>
+        {!notification.isRead() && Button.component({
+          className: 'Notification-action Button Button--icon Button--link',
+          icon: 'fas fa-check',
+          title: app.translator.trans('core.forum.notifications.mark_as_read_tooltip'),
+          onclick: e => {
+            e.preventDefault();
+            e.stopPropagation();
+
+            this.markAsRead();
+          }
+        })}
         {avatar(notification.fromUser())}
         {icon(this.icon(), {className: 'Notification-icon'})}
         <span className="Notification-content">{this.content()}</span>

js/src/forum/components/PostStream.js

@@ -2,7 +2,6 @@ import Component from '../../common/Component';
 import ScrollListener from '../../common/utils/ScrollListener';
 import PostLoading from './LoadingPost';
 import anchorScroll from '../../common/utils/anchorScroll';
-import mixin from '../../common/utils/mixin';
 import evented from '../../common/utils/evented';
 import ReplyPlaceholder from './ReplyPlaceholder';
 import Button from '../../common/components/Button';
@@ -586,7 +585,7 @@ class PostStream extends Component {
    */
   unpause() {
     this.paused = false;
-    this.scrollListener.update(true);
+    this.scrollListener.update();
     this.trigger('unpaused');
   }
 }

js/src/forum/components/PostStreamScrubber.js

@@ -2,7 +2,6 @@ import Component from '../../common/Component';
 import icon from '../../common/helpers/icon';
 import ScrollListener from '../../common/utils/ScrollListener';
 import SubtreeRetainer from '../../common/utils/SubtreeRetainer';
-import computed from '../../common/utils/computed';
 import formatNumber from '../../common/utils/formatNumber';
 
 /**
@@ -365,7 +364,7 @@ export default class PostStreamScrubber extends Component {
   }
 
   onresize() {
-    this.scrollListener.update(true);
+    this.scrollListener.update();
 
     // Adjust the height of the scrollbar so that it fills the height of
     // the sidebar and doesn't overlap the footer.

js/src/forum/components/TextEditor.js

@@ -122,6 +122,8 @@ export default class TextEditor extends Component {
   setSelectionRange(start, end) {
     const $textarea = this.$('textarea');
 
+    if (!$textarea.length) return;
+
     $textarea[0].setSelectionRange(start, end);
     $textarea.focus();
   }
@@ -134,6 +136,8 @@ export default class TextEditor extends Component {
   getSelectionRange() {
     const $textarea = this.$('textarea');
 
+    if (!$textarea.length) return [0, 0];
+
     return [$textarea[0].selectionStart, $textarea[0].selectionEnd];
   }
 

js/src/forum/utils/History.js

@@ -92,7 +92,7 @@ export default class History {
 
     this.stack.pop();
 
-    m.route(this.getCurrent().url);
+    this.canGoBack() ? m.route(this.getCurrent().url) : this.home();
   }
 
   /**

js/src/forum/utils/UserControls.js

@@ -1,3 +1,4 @@
+import Alert from '../../common/components/Alert';
 import Button from '../../common/components/Button';
 import Separator from '../../common/components/Separator';
 import EditUserModal from '../components/EditUserModal';
@@ -61,7 +62,7 @@ export default {
       items.add('edit', Button.component({
         icon: 'fas fa-pencil-alt',
         children: app.translator.trans('core.forum.user_controls.edit_button'),
-        onclick: this.editAction.bind(user)
+        onclick: this.editAction.bind(this, user)
       }));
     }
 
@@ -84,7 +85,7 @@ export default {
       items.add('delete', Button.component({
         icon: 'fas fa-times',
         children: app.translator.trans('core.forum.user_controls.delete_button'),
-        onclick: this.deleteAction.bind(user)
+        onclick: this.deleteAction.bind(this, user)
       }));
     }
 
@@ -93,23 +94,51 @@ export default {
 
   /**
    * Delete the user.
+   *
+   * @param {User} user
    */
-  deleteAction() {
-    if (confirm(app.translator.trans('core.forum.user_controls.delete_confirmation'))) {
-      this.delete().then(() => {
-        if (app.current instanceof UserPage && app.current.user === this) {
-          app.history.back();
-        } else {
-          window.location.reload();
-        }
-      });
+  deleteAction(user) {
+    if (!confirm(app.translator.trans('core.forum.user_controls.delete_confirmation'))) {
+      return;
     }
+
+    user.delete().then(() => {
+      this.showDeletionAlert(user, 'success');
+      if (app.current instanceof UserPage && app.current.user === user) {
+        app.history.back();
+      } else {
+        window.location.reload();
+      }
+    }).catch(() => this.showDeletionAlert(user, 'error'));
+  },
+
+  /**
+   * Show deletion alert of user.
+   *
+   * @param {User} user
+   * @param {string} type
+   */
+  showDeletionAlert(user, type) {
+    const { username, email } = user.data.attributes;
+    const message = {
+      success: 'core.forum.user_controls.delete_success_message',
+      error: 'core.forum.user_controls.delete_error_message',
+    }[type];
+
+    app.alerts.show(new Alert({
+      type,
+      children: app.translator.trans(
+        message, { username, email }
+      )
+    }));
   },
 
   /**
    * Edit the user.
+   *
+   * @param {User} user
    */
-  editAction() {
-    app.modal.show(new EditUserModal({user: this}));
+  editAction(user) {
+    app.modal.show(new EditUserModal({ user }));
   }
 };

less/common/Modal.less

@@ -156,6 +156,7 @@
     }
   }
   .Modal {
+    max-width: 100%;
     margin: 0;
     -webkit-transform: none !important;
             transform: none !important;

less/forum/NotificationList.less

@@ -87,6 +87,10 @@
   &:hover {
     text-decoration: none;
     background: @control-bg;
+    
+    .Notification-action {
+      display: block;
+    }
   }
   .Avatar {
     .Avatar--size(24px);
@@ -98,6 +102,27 @@
     font-weight: bold;
     text-transform: uppercase;
   }
+
+  .Notification-action {
+    float: right;
+    display: none;
+    margin-top: -7px;
+    margin-right: -10px;
+    line-height: inherit;
+    padding: 5px 0;
+
+    & when (@config-colored-header = true) {
+      .Button--color(@control-color, @control-bg);
+
+      &:hover {
+        color: @link-color;
+      }
+    }
+
+    .icon {
+      font-size: 12px;
+    }
+  }
 }
 .Notification-icon {
   float: left;

src/Admin/AdminServiceProvider.php

@@ -16,6 +16,10 @@ use Flarum\Extension\Event\Disabled;
 use Flarum\Extension\Event\Enabled;
 use Flarum\Foundation\AbstractServiceProvider;
 use Flarum\Foundation\Application;
+use Flarum\Foundation\ErrorHandling\Registry;
+use Flarum\Foundation\ErrorHandling\Reporter;
+use Flarum\Foundation\ErrorHandling\ViewFormatter;
+use Flarum\Foundation\ErrorHandling\WhoopsFormatter;
 use Flarum\Foundation\Event\ClearingCache;
 use Flarum\Frontend\AddLocaleAssets;
 use Flarum\Frontend\AddTranslations;
@@ -51,11 +55,11 @@ class AdminServiceProvider extends AbstractServiceProvider
             $pipe = new MiddlewarePipe;
 
             // All requests should first be piped through our global error handler
-            if ($app->inDebugMode()) {
-                $pipe->pipe($app->make(HttpMiddleware\HandleErrorsWithWhoops::class));
-            } else {
-                $pipe->pipe($app->make(HttpMiddleware\HandleErrorsWithView::class));
-            }
+            $pipe->pipe(new HttpMiddleware\HandleErrors(
+                $app->make(Registry::class),
+                $app->inDebugMode() ? $app->make(WhoopsFormatter::class) : $app->make(ViewFormatter::class),
+                $app->tagged(Reporter::class)
+            ));
 
             $pipe->pipe($app->make(HttpMiddleware\ParseJsonBody::class));
             $pipe->pipe($app->make(HttpMiddleware\StartSession::class));

src/Api/ApiKey.php

@@ -14,6 +14,7 @@ namespace Flarum\Api;
 use Carbon\Carbon;
 use Flarum\Database\AbstractModel;
 use Flarum\User\User;
+use Illuminate\Support\Str;
 
 /**
  * @property int $id
@@ -38,7 +39,7 @@ class ApiKey extends AbstractModel
     {
         $key = new static;
 
-        $key->key = str_random(40);
+        $key->key = Str::random(40);
 
         return $key;
     }

src/Api/ApiServiceProvider.php

@@ -20,12 +20,13 @@ use Flarum\Event\ConfigureMiddleware;
 use Flarum\Event\ConfigureNotificationTypes;
 use Flarum\Foundation\AbstractServiceProvider;
 use Flarum\Foundation\Application;
+use Flarum\Foundation\ErrorHandling\JsonApiFormatter;
+use Flarum\Foundation\ErrorHandling\Registry;
+use Flarum\Foundation\ErrorHandling\Reporter;
 use Flarum\Http\Middleware as HttpMiddleware;
 use Flarum\Http\RouteCollection;
 use Flarum\Http\RouteHandlerFactory;
 use Flarum\Http\UrlGenerator;
-use Tobscure\JsonApi\ErrorHandler;
-use Tobscure\JsonApi\Exception\Handler\InvalidParameterExceptionHandler;
 use Zend\Stratigility\MiddlewarePipe;
 
 class ApiServiceProvider extends AbstractServiceProvider
@@ -49,7 +50,11 @@ class ApiServiceProvider extends AbstractServiceProvider
         $this->app->singleton('flarum.api.middleware', function (Application $app) {
             $pipe = new MiddlewarePipe;
 
-            $pipe->pipe($app->make(Middleware\HandleErrors::class));
+            $pipe->pipe(new HttpMiddleware\HandleErrors(
+                $app->make(Registry::class),
+                new JsonApiFormatter($app->inDebugMode()),
+                $app->tagged(Reporter::class)
+            ));
 
             $pipe->pipe($app->make(HttpMiddleware\ParseJsonBody::class));
             $pipe->pipe($app->make(Middleware\FakeHttpMethods::class));
@@ -68,25 +73,6 @@ class ApiServiceProvider extends AbstractServiceProvider
         $this->app->afterResolving('flarum.api.middleware', function (MiddlewarePipe $pipe) {
             $pipe->pipe(new HttpMiddleware\DispatchRoute($this->app->make('flarum.api.routes')));
         });
-
-        $this->app->singleton(ErrorHandler::class, function () {
-            $handler = new ErrorHandler;
-
-            $handler->registerHandler(new ExceptionHandler\FloodingExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\IlluminateValidationExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\InvalidAccessTokenExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\InvalidConfirmationTokenExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\MethodNotAllowedExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\ModelNotFoundExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\PermissionDeniedExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\RouteNotFoundExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\TokenMismatchExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\ValidationExceptionHandler);
-            $handler->registerHandler(new InvalidParameterExceptionHandler);
-            $handler->registerHandler(new ExceptionHandler\FallbackExceptionHandler($this->app->inDebugMode(), $this->app->make('log')));
-
-            return $handler;
-        });
     }
 
     /**

src/Api/Client.php

@@ -12,11 +12,14 @@
 namespace Flarum\Api;
 
 use Exception;
+use Flarum\Foundation\ErrorHandling\JsonApiFormatter;
+use Flarum\Foundation\ErrorHandling\Registry;
 use Flarum\User\User;
 use Illuminate\Contracts\Container\Container;
 use InvalidArgumentException;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use Throwable;
 use Zend\Diactoros\ServerRequestFactory;
 
 class Client
@@ -27,18 +30,18 @@ class Client
     protected $container;
 
     /**
-     * @var ErrorHandler
+     * @var Registry
      */
-    protected $errorHandler;
+    protected $registry;
 
     /**
      * @param Container $container
-     * @param ErrorHandler $errorHandler
+     * @param Registry $registry
      */
-    public function __construct(Container $container, ErrorHandler $errorHandler = null)
+    public function __construct(Container $container, Registry $registry)
     {
         $this->container = $container;
-        $this->errorHandler = $errorHandler;
+        $this->registry = $registry;
     }
 
     /**
@@ -69,23 +72,14 @@ class Client
 
         try {
             return $controller->handle($request);
-        } catch (Exception $e) {
-            if (! $this->errorHandler) {
+        } catch (Throwable $e) {
+            $error = $this->registry->handle($e);
+
+            if ($error->shouldBeReported()) {
                 throw $e;
             }
 
-            return $this->errorHandler->handle($e);
+            return (new JsonApiFormatter)->format($error, $request);
         }
     }
-
-    /**
-     * @param ErrorHandler $errorHandler
-     * @return Client
-     */
-    public function setErrorHandler(?ErrorHandler $errorHandler): self
-    {
-        $this->errorHandler = $errorHandler;
-
-        return $this;
-    }
 }

src/Api/Controller/CreateDiscussionController.php

@@ -16,6 +16,7 @@ use Flarum\Discussion\Command\ReadDiscussion;
 use Flarum\Discussion\Command\StartDiscussion;
 use Flarum\Post\Floodgate;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -63,14 +64,14 @@ class CreateDiscussionController extends AbstractCreateController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         $actor = $request->getAttribute('actor');
-        $ipAddress = array_get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
+        $ipAddress = Arr::get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
 
         if (! $request->getAttribute('bypassFloodgate')) {
             $this->floodgate->assertNotFlooding($actor);
         }
 
         $discussion = $this->bus->dispatch(
-            new StartDiscussion($actor, array_get($request->getParsedBody(), 'data', []), $ipAddress)
+            new StartDiscussion($actor, Arr::get($request->getParsedBody(), 'data', []), $ipAddress)
         );
 
         // After creating the discussion, we assume that the user has seen all

src/Api/Controller/CreateGroupController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\GroupSerializer;
 use Flarum\Group\Command\CreateGroup;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -43,7 +44,7 @@ class CreateGroupController extends AbstractCreateController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         return $this->bus->dispatch(
-            new CreateGroup($request->getAttribute('actor'), array_get($request->getParsedBody(), 'data', []))
+            new CreateGroup($request->getAttribute('actor'), Arr::get($request->getParsedBody(), 'data', []))
         );
     }
 }

src/Api/Controller/CreatePostController.php

@@ -16,6 +16,7 @@ use Flarum\Discussion\Command\ReadDiscussion;
 use Flarum\Post\Command\PostReply;
 use Flarum\Post\Floodgate;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -62,9 +63,9 @@ class CreatePostController extends AbstractCreateController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         $actor = $request->getAttribute('actor');
-        $data = array_get($request->getParsedBody(), 'data', []);
-        $discussionId = array_get($data, 'relationships.discussion.data.id');
-        $ipAddress = array_get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
+        $data = Arr::get($request->getParsedBody(), 'data', []);
+        $discussionId = Arr::get($data, 'relationships.discussion.data.id');
+        $ipAddress = Arr::get($request->getServerParams(), 'REMOTE_ADDR', '127.0.0.1');
 
         if (! $request->getAttribute('bypassFloodgate')) {
             $this->floodgate->assertNotFlooding($actor);

src/Api/Controller/CreateTokenController.php

@@ -12,10 +12,11 @@
 namespace Flarum\Api\Controller;
 
 use Flarum\Http\AccessToken;
-use Flarum\User\Exception\PermissionDeniedException;
+use Flarum\User\Exception\NotAuthenticatedException;
 use Flarum\User\UserRepository;
 use Illuminate\Contracts\Bus\Dispatcher as BusDispatcher;
 use Illuminate\Contracts\Events\Dispatcher as EventDispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -57,14 +58,14 @@ class CreateTokenController implements RequestHandlerInterface
     {
         $body = $request->getParsedBody();
 
-        $identification = array_get($body, 'identification');
-        $password = array_get($body, 'password');
-        $lifetime = array_get($body, 'lifetime', 3600);
+        $identification = Arr::get($body, 'identification');
+        $password = Arr::get($body, 'password');
+        $lifetime = Arr::get($body, 'lifetime', 3600);
 
         $user = $this->users->findByIdentification($identification);
 
         if (! $user || ! $user->checkPassword($password)) {
-            throw new PermissionDeniedException;
+            throw new NotAuthenticatedException;
         }
 
         $token = AccessToken::generate($user->id, $lifetime);

src/Api/Controller/CreateUserController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\CurrentUserSerializer;
 use Flarum\User\Command\RegisterUser;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -43,7 +44,7 @@ class CreateUserController extends AbstractCreateController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         return $this->bus->dispatch(
-            new RegisterUser($request->getAttribute('actor'), array_get($request->getParsedBody(), 'data', []))
+            new RegisterUser($request->getAttribute('actor'), Arr::get($request->getParsedBody(), 'data', []))
         );
     }
 }

src/Api/Controller/DeleteAvatarController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\UserSerializer;
 use Flarum\User\Command\DeleteAvatar;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -43,7 +44,7 @@ class DeleteAvatarController extends AbstractShowController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         return $this->bus->dispatch(
-            new DeleteAvatar(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
+            new DeleteAvatar(Arr::get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
         );
     }
 }

src/Api/Controller/DeleteDiscussionController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\Discussion\Command\DeleteDiscussion;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 
 class DeleteDiscussionController extends AbstractDeleteController
@@ -35,7 +36,7 @@ class DeleteDiscussionController extends AbstractDeleteController
      */
     protected function delete(ServerRequestInterface $request)
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
         $input = $request->getParsedBody();
 

src/Api/Controller/DeleteGroupController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\Group\Command\DeleteGroup;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 
 class DeleteGroupController extends AbstractDeleteController
@@ -36,7 +37,7 @@ class DeleteGroupController extends AbstractDeleteController
     protected function delete(ServerRequestInterface $request)
     {
         $this->bus->dispatch(
-            new DeleteGroup(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
+            new DeleteGroup(Arr::get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
         );
     }
 }

src/Api/Controller/DeletePostController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\Post\Command\DeletePost;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 
 class DeletePostController extends AbstractDeleteController
@@ -36,7 +37,7 @@ class DeletePostController extends AbstractDeleteController
     protected function delete(ServerRequestInterface $request)
     {
         $this->bus->dispatch(
-            new DeletePost(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
+            new DeletePost(Arr::get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
         );
     }
 }

src/Api/Controller/DeleteUserController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\User\Command\DeleteUser;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 
 class DeleteUserController extends AbstractDeleteController
@@ -36,7 +37,7 @@ class DeleteUserController extends AbstractDeleteController
     protected function delete(ServerRequestInterface $request)
     {
         $this->bus->dispatch(
-            new DeleteUser(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
+            new DeleteUser(Arr::get($request->getQueryParams(), 'id'), $request->getAttribute('actor'))
         );
     }
 }

src/Api/Controller/ForgotPasswordController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\User\Command\RequestPasswordReset;
 use Flarum\User\UserRepository;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -46,7 +47,7 @@ class ForgotPasswordController implements RequestHandlerInterface
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $email = array_get($request->getParsedBody(), 'email');
+        $email = Arr::get($request->getParsedBody(), 'email');
 
         $this->bus->dispatch(
             new RequestPasswordReset($email)

src/Api/Controller/ListDiscussionsController.php

@@ -16,6 +16,7 @@ use Flarum\Discussion\Discussion;
 use Flarum\Discussion\Search\DiscussionSearcher;
 use Flarum\Http\UrlGenerator;
 use Flarum\Search\SearchCriteria;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -75,7 +76,7 @@ class ListDiscussionsController extends AbstractListController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         $actor = $request->getAttribute('actor');
-        $query = array_get($this->extractFilter($request), 'q');
+        $query = Arr::get($this->extractFilter($request), 'q');
         $sort = $this->extractSort($request);
 
         $criteria = new SearchCriteria($actor, $query, $sort);

src/Api/Controller/ListNotificationsController.php

@@ -15,12 +15,14 @@ use Flarum\Api\Serializer\NotificationSerializer;
 use Flarum\Discussion\Discussion;
 use Flarum\Http\UrlGenerator;
 use Flarum\Notification\NotificationRepository;
-use Flarum\User\Exception\PermissionDeniedException;
+use Flarum\User\AssertPermissionTrait;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
 class ListNotificationsController extends AbstractListController
 {
+    use AssertPermissionTrait;
+
     /**
      * {@inheritdoc}
      */
@@ -67,9 +69,7 @@ class ListNotificationsController extends AbstractListController
     {
         $actor = $request->getAttribute('actor');
 
-        if ($actor->isGuest()) {
-            throw new PermissionDeniedException;
-        }
+        $this->assertRegistered($actor);
 
         $actor->markNotificationsAsRead()->save();
 

src/Api/Controller/ListPostsController.php

@@ -15,6 +15,8 @@ use Flarum\Api\Serializer\PostSerializer;
 use Flarum\Event\ConfigurePostsQuery;
 use Flarum\Post\PostRepository;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Str;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 use Tobscure\JsonApi\Exception\InvalidParameterException;
@@ -64,7 +66,7 @@ class ListPostsController extends AbstractListController
         $filter = $this->extractFilter($request);
         $include = $this->extractInclude($request);
 
-        if ($postIds = array_get($filter, 'id')) {
+        if ($postIds = Arr::get($filter, 'id')) {
             $postIds = explode(',', $postIds);
         } else {
             $postIds = $this->getPostIds($request);
@@ -86,7 +88,7 @@ class ListPostsController extends AbstractListController
         $limit = $this->extractLimit($request);
         $filter = $this->extractFilter($request);
 
-        if (($near = array_get($queryParams, 'page.near')) > 1) {
+        if (($near = Arr::get($queryParams, 'page.near')) > 1) {
             if (count($filter) > 1 || ! isset($filter['discussion']) || $sort) {
                 throw new InvalidParameterException(
                     'You can only use page[near] with filter[discussion] and the default sort order'
@@ -120,7 +122,7 @@ class ListPostsController extends AbstractListController
         $query->skip($offset)->take($limit);
 
         foreach ((array) $sort as $field => $order) {
-            $query->orderBy(snake_case($field), $order);
+            $query->orderBy(Str::snake($field), $order);
         }
 
         return $query->pluck('id')->all();
@@ -132,19 +134,19 @@ class ListPostsController extends AbstractListController
      */
     private function applyFilters(Builder $query, array $filter)
     {
-        if ($discussionId = array_get($filter, 'discussion')) {
+        if ($discussionId = Arr::get($filter, 'discussion')) {
             $query->where('discussion_id', $discussionId);
         }
 
-        if ($number = array_get($filter, 'number')) {
+        if ($number = Arr::get($filter, 'number')) {
             $query->where('number', $number);
         }
 
-        if ($userId = array_get($filter, 'user')) {
+        if ($userId = Arr::get($filter, 'user')) {
             $query->where('user_id', $userId);
         }
 
-        if ($type = array_get($filter, 'type')) {
+        if ($type = Arr::get($filter, 'type')) {
             $query->where('type', $type);
         }
 

src/Api/Controller/ListUsersController.php

@@ -14,13 +14,16 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\UserSerializer;
 use Flarum\Http\UrlGenerator;
 use Flarum\Search\SearchCriteria;
-use Flarum\User\Exception\PermissionDeniedException;
+use Flarum\User\AssertPermissionTrait;
 use Flarum\User\Search\UserSearcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
 class ListUsersController extends AbstractListController
 {
+    use AssertPermissionTrait;
+
     /**
      * {@inheritdoc}
      */
@@ -69,11 +72,9 @@ class ListUsersController extends AbstractListController
     {
         $actor = $request->getAttribute('actor');
 
-        if ($actor->cannot('viewUserList')) {
-            throw new PermissionDeniedException;
-        }
+        $this->assertCan($actor, 'viewUserList');
 
-        $query = array_get($this->extractFilter($request), 'q');
+        $query = Arr::get($this->extractFilter($request), 'q');
         $sort = $this->extractSort($request);
 
         $criteria = new SearchCriteria($actor, $query, $sort);

src/Api/Controller/SendConfirmationEmailController.php

@@ -18,6 +18,7 @@ use Flarum\User\EmailToken;
 use Flarum\User\Exception\PermissionDeniedException;
 use Illuminate\Contracts\Mail\Mailer;
 use Illuminate\Mail\Message;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -67,7 +68,7 @@ class SendConfirmationEmailController implements RequestHandlerInterface
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
 
         $this->assertRegistered($actor);

src/Api/Controller/SetPermissionController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\Group\Permission;
 use Flarum\User\AssertPermissionTrait;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -30,8 +31,8 @@ class SetPermissionController implements RequestHandlerInterface
         $this->assertAdmin($request->getAttribute('actor'));
 
         $body = $request->getParsedBody();
-        $permission = array_get($body, 'permission');
-        $groupIds = array_get($body, 'groupIds');
+        $permission = Arr::get($body, 'permission');
+        $groupIds = Arr::get($body, 'groupIds');
 
         Permission::where('permission', $permission)->delete();
 

src/Api/Controller/ShowDiscussionController.php

@@ -16,6 +16,8 @@ use Flarum\Discussion\Discussion;
 use Flarum\Discussion\DiscussionRepository;
 use Flarum\Post\PostRepository;
 use Flarum\User\User;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Str;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -73,7 +75,7 @@ class ShowDiscussionController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        $discussionId = array_get($request->getQueryParams(), 'id');
+        $discussionId = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
         $include = $this->extractInclude($request);
 
@@ -86,7 +88,7 @@ class ShowDiscussionController extends AbstractShowController
         }
 
         $discussion->load(array_filter($include, function ($relationship) {
-            return ! starts_with($relationship, 'posts');
+            return ! Str::startsWith($relationship, 'posts');
         }));
 
         return $discussion;
@@ -150,7 +152,7 @@ class ShowDiscussionController extends AbstractShowController
         $queryParams = $request->getQueryParams();
         $actor = $request->getAttribute('actor');
 
-        if (($near = array_get($queryParams, 'page.near')) > 1) {
+        if (($near = Arr::get($queryParams, 'page.near')) > 1) {
             $offset = $this->posts->getIndexForNumber($discussion->id, $near, $actor);
             $offset = max(0, $offset - $limit / 2);
         } else {

src/Api/Controller/ShowPostController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\Api\Serializer\PostSerializer;
 use Flarum\Post\PostRepository;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -52,6 +53,6 @@ class ShowPostController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        return $this->posts->findOrFail(array_get($request->getQueryParams(), 'id'), $request->getAttribute('actor'));
+        return $this->posts->findOrFail(Arr::get($request->getQueryParams(), 'id'), $request->getAttribute('actor'));
     }
 }

src/Api/Controller/ShowUserController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\CurrentUserSerializer;
 use Flarum\Api\Serializer\UserSerializer;
 use Flarum\User\UserRepository;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -47,7 +48,7 @@ class ShowUserController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
 
         if (! is_numeric($id)) {
             $id = $this->users->getIdForUsername($id);

src/Api/Controller/UninstallExtensionController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\Extension\ExtensionManager;
 use Flarum\User\AssertPermissionTrait;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 
 class UninstallExtensionController extends AbstractDeleteController
@@ -36,7 +37,7 @@ class UninstallExtensionController extends AbstractDeleteController
     {
         $this->assertAdmin($request->getAttribute('actor'));
 
-        $name = array_get($request->getQueryParams(), 'name');
+        $name = Arr::get($request->getQueryParams(), 'name');
 
         if ($this->extensions->getExtension($name) == null) {
             return;

src/Api/Controller/UpdateDiscussionController.php

@@ -16,6 +16,7 @@ use Flarum\Discussion\Command\EditDiscussion;
 use Flarum\Discussion\Command\ReadDiscussion;
 use Illuminate\Contracts\Bus\Dispatcher;
 use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -45,8 +46,8 @@ class UpdateDiscussionController extends AbstractShowController
     protected function data(ServerRequestInterface $request, Document $document)
     {
         $actor = $request->getAttribute('actor');
-        $discussionId = array_get($request->getQueryParams(), 'id');
-        $data = array_get($request->getParsedBody(), 'data', []);
+        $discussionId = Arr::get($request->getQueryParams(), 'id');
+        $data = Arr::get($request->getParsedBody(), 'data', []);
 
         $discussion = $this->bus->dispatch(
             new EditDiscussion($discussionId, $actor, $data)
@@ -54,7 +55,7 @@ class UpdateDiscussionController extends AbstractShowController
 
         // TODO: Refactor the ReadDiscussion (state) command into EditDiscussion?
         // That's what extensions will do anyway.
-        if ($readNumber = array_get($data, 'attributes.lastReadPostNumber')) {
+        if ($readNumber = Arr::get($data, 'attributes.lastReadPostNumber')) {
             $state = $this->bus->dispatch(
                 new ReadDiscussion($discussionId, $actor, $readNumber)
             );

src/Api/Controller/UpdateExtensionController.php

@@ -13,6 +13,7 @@ namespace Flarum\Api\Controller;
 
 use Flarum\Extension\ExtensionManager;
 use Flarum\User\AssertPermissionTrait;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -42,8 +43,8 @@ class UpdateExtensionController implements RequestHandlerInterface
     {
         $this->assertAdmin($request->getAttribute('actor'));
 
-        $enabled = array_get($request->getParsedBody(), 'enabled');
-        $name = array_get($request->getQueryParams(), 'name');
+        $enabled = Arr::get($request->getParsedBody(), 'enabled');
+        $name = Arr::get($request->getQueryParams(), 'name');
 
         if ($enabled === true) {
             $this->extensions->enable($name);

src/Api/Controller/UpdateGroupController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\GroupSerializer;
 use Flarum\Group\Command\EditGroup;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -42,9 +43,9 @@ class UpdateGroupController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
-        $data = array_get($request->getParsedBody(), 'data', []);
+        $data = Arr::get($request->getParsedBody(), 'data', []);
 
         return $this->bus->dispatch(
             new EditGroup($id, $actor, $data)

src/Api/Controller/UpdateNotificationController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\NotificationSerializer;
 use Flarum\Notification\Command\ReadNotification;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -42,7 +43,7 @@ class UpdateNotificationController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
 
         return $this->bus->dispatch(

src/Api/Controller/UpdatePostController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\PostSerializer;
 use Flarum\Post\Command\EditPost;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -50,9 +51,9 @@ class UpdatePostController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
-        $data = array_get($request->getParsedBody(), 'data', []);
+        $data = Arr::get($request->getParsedBody(), 'data', []);
 
         return $this->bus->dispatch(
             new EditPost($id, $actor, $data)

src/Api/Controller/UpdateUserController.php

@@ -16,6 +16,7 @@ use Flarum\Api\Serializer\UserSerializer;
 use Flarum\User\Command\EditUser;
 use Flarum\User\Exception\PermissionDeniedException;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -49,9 +50,9 @@ class UpdateUserController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
-        $data = array_get($request->getParsedBody(), 'data', []);
+        $data = Arr::get($request->getParsedBody(), 'data', []);
 
         if ($actor->id == $id) {
             $this->serializer = CurrentUserSerializer::class;
@@ -60,7 +61,7 @@ class UpdateUserController extends AbstractShowController
         // Require the user's current password if they are attempting to change
         // their own email address.
         if (isset($data['attributes']['email']) && $actor->id == $id) {
-            $password = array_get($request->getParsedBody(), 'meta.password');
+            $password = Arr::get($request->getParsedBody(), 'meta.password');
 
             if (! $actor->checkPassword($password)) {
                 throw new PermissionDeniedException;

src/Api/Controller/UploadAvatarController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Api\Serializer\UserSerializer;
 use Flarum\User\Command\UploadAvatar;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface;
 use Tobscure\JsonApi\Document;
 
@@ -42,9 +43,9 @@ class UploadAvatarController extends AbstractShowController
      */
     protected function data(ServerRequestInterface $request, Document $document)
     {
-        $id = array_get($request->getQueryParams(), 'id');
+        $id = Arr::get($request->getQueryParams(), 'id');
         $actor = $request->getAttribute('actor');
-        $file = array_get($request->getUploadedFiles(), 'avatar');
+        $file = Arr::get($request->getUploadedFiles(), 'avatar');
 
         return $this->bus->dispatch(
             new UploadAvatar($id, $file, $actor)

src/Api/Controller/UploadFaviconController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Foundation\Application;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Flarum\User\AssertPermissionTrait;
+use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 use Intervention\Image\ImageManager;
 use League\Flysystem\Adapter\Local;
@@ -52,7 +53,7 @@ class UploadFaviconController extends ShowForumController
     {
         $this->assertAdmin($request->getAttribute('actor'));
 
-        $file = array_get($request->getUploadedFiles(), 'favicon');
+        $file = Arr::get($request->getUploadedFiles(), 'favicon');
 
         $tmpFile = tempnam($this->app->storagePath().'/tmp', 'favicon');
         $file->moveTo($tmpFile);

src/Api/Controller/UploadLogoController.php

@@ -14,6 +14,7 @@ namespace Flarum\Api\Controller;
 use Flarum\Foundation\Application;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Flarum\User\AssertPermissionTrait;
+use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
 use Intervention\Image\ImageManager;
 use League\Flysystem\Adapter\Local;
@@ -52,7 +53,7 @@ class UploadLogoController extends ShowForumController
     {
         $this->assertAdmin($request->getAttribute('actor'));
 
-        $file = array_get($request->getUploadedFiles(), 'logo');
+        $file = Arr::get($request->getUploadedFiles(), 'logo');
 
         $tmpFile = tempnam($this->app->storagePath().'/tmp', 'logo');
         $file->moveTo($tmpFile);

src/Api/ErrorHandler.php

@@ -1,51 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api;
-
-use Exception;
-use Throwable;
-use Tobscure\JsonApi\Document;
-use Tobscure\JsonApi\ErrorHandler as JsonApiErrorHandler;
-
-class ErrorHandler
-{
-    /**
-     * @var JsonApiErrorHandler
-     */
-    protected $errorHandler;
-
-    /**
-     * @param JsonApiErrorHandler $errorHandler
-     */
-    public function __construct(JsonApiErrorHandler $errorHandler)
-    {
-        $this->errorHandler = $errorHandler;
-    }
-
-    /**
-     * @param Exception $e
-     * @return JsonApiResponse
-     */
-    public function handle(Throwable $e)
-    {
-        if (! $e instanceof Exception) {
-            $e = new Exception($e->getMessage(), $e->getCode(), $e);
-        }
-
-        $response = $this->errorHandler->handle($e);
-
-        $document = new Document;
-        $document->setErrors($response->getErrors());
-
-        return new JsonApiResponse($document, $response->getStatus());
-    }
-}

src/Api/Event/WillGetData.php

@@ -12,6 +12,7 @@
 namespace Flarum\Api\Event;
 
 use Flarum\Api\Controller\AbstractSerializeController;
+use Illuminate\Support\Arr;
 
 class WillGetData
 {
@@ -64,7 +65,7 @@ class WillGetData
      */
     public function removeInclude($name)
     {
-        array_forget($this->controller->include, $name);
+        Arr::forget($this->controller->include, $name);
     }
 
     /**
@@ -84,7 +85,7 @@ class WillGetData
      */
     public function removeOptionalInclude($name)
     {
-        array_forget($this->controller->optionalInclude, $name);
+        Arr::forget($this->controller->optionalInclude, $name);
     }
 
     /**
@@ -124,7 +125,7 @@ class WillGetData
      */
     public function removeSortField($field)
     {
-        array_forget($this->controller->sortFields, $field);
+        Arr::forget($this->controller->sortFields, $field);
     }
 
     /**

src/Api/Exception/InvalidAccessTokenException.php

@@ -12,7 +12,12 @@
 namespace Flarum\Api\Exception;
 
 use Exception;
+use Flarum\Foundation\KnownError;
 
-class InvalidAccessTokenException extends Exception
+class InvalidAccessTokenException extends Exception implements KnownError
 {
+    public function getType(): string
+    {
+        return 'invalid_access_token';
+    }
 }

src/Api/ExceptionHandler/FallbackExceptionHandler.php

@@ -1,77 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Psr\Log\LoggerInterface;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class FallbackExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * @var bool
-     */
-    protected $debug;
-
-    /**
-     * @var LoggerInterface
-     */
-    protected $logger;
-
-    /**
-     * @param bool $debug
-     * @param LoggerInterface $logger
-     */
-    public function __construct($debug, LoggerInterface $logger)
-    {
-        $this->debug = $debug;
-        $this->logger = $logger;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return true;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 500;
-        $error = $this->constructError($e, $status);
-
-        $this->logger->error($e);
-
-        return new ResponseBag($status, [$error]);
-    }
-
-    /**
-     * @param Exception $e
-     * @param $status
-     * @return array
-     */
-    private function constructError(Exception $e, $status)
-    {
-        $error = ['code' => $status, 'title' => 'Internal server error'];
-
-        if ($this->debug) {
-            $error['detail'] = (string) $e;
-        }
-
-        return $error;
-    }
-}

src/Api/ExceptionHandler/FloodingExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\Post\Exception\FloodingException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class FloodingExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof FloodingException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 429;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'too_many_requests'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/IlluminateValidationExceptionHandler.php

@@ -1,58 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Illuminate\Validation\ValidationException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class IlluminateValidationExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof ValidationException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 422;
-
-        $errors = $this->formatErrors($e->errors());
-
-        return new ResponseBag($status, $errors);
-    }
-
-    /**
-     * @param array $errors
-     * @return array
-     */
-    protected function formatErrors(array $errors)
-    {
-        $errors = array_map(function ($field, $messages) {
-            return [
-                'status' => '422',
-                'code' => 'validation_error',
-                'detail' => implode("\n", $messages),
-                'source' => ['pointer' => "/data/attributes/$field"]
-            ];
-        }, array_keys($errors), $errors);
-
-        return $errors;
-    }
-}

src/Api/ExceptionHandler/InvalidAccessTokenExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\Api\Exception\InvalidAccessTokenException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class InvalidAccessTokenExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof InvalidAccessTokenException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 401;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'invalid_access_token'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/InvalidConfirmationTokenExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\User\Exception\InvalidConfirmationTokenException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class InvalidConfirmationTokenExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof InvalidConfirmationTokenException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 403;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'invalid_confirmation_token'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/MethodNotAllowedExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\Http\Exception\MethodNotAllowedException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class MethodNotAllowedExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof MethodNotAllowedException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 405;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'method_not_allowed'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/ModelNotFoundExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Illuminate\Database\Eloquent\ModelNotFoundException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class ModelNotFoundExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof ModelNotFoundException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 404;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'resource_not_found'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/PermissionDeniedExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\User\Exception\PermissionDeniedException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class PermissionDeniedExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof PermissionDeniedException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 401;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'permission_denied'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/RouteNotFoundExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\Http\Exception\RouteNotFoundException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class RouteNotFoundExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof RouteNotFoundException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 404;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'route_not_found'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/TokenMismatchExceptionHandler.php

@@ -1,42 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\Http\Exception\TokenMismatchException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class TokenMismatchExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof TokenMismatchException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $status = 400;
-        $error = [
-            'status' => (string) $status,
-            'code' => 'csrf_token_mismatch'
-        ];
-
-        return new ResponseBag($status, [$error]);
-    }
-}

src/Api/ExceptionHandler/ValidationExceptionHandler.php

@@ -1,53 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\ExceptionHandler;
-
-use Exception;
-use Flarum\Foundation\ValidationException;
-use Tobscure\JsonApi\Exception\Handler\ExceptionHandlerInterface;
-use Tobscure\JsonApi\Exception\Handler\ResponseBag;
-
-class ValidationExceptionHandler implements ExceptionHandlerInterface
-{
-    /**
-     * {@inheritdoc}
-     */
-    public function manages(Exception $e)
-    {
-        return $e instanceof ValidationException;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function handle(Exception $e)
-    {
-        $errors = array_merge(
-            $this->buildErrors($e->getAttributes(), '/data/attributes'),
-            $this->buildErrors($e->getRelationships(), '/data/relationships')
-        );
-
-        return new ResponseBag(422, $errors);
-    }
-
-    private function buildErrors(array $messages, $pointer)
-    {
-        return array_map(function ($path, $detail) use ($pointer) {
-            return [
-                'status' => '422',
-                'code' => 'validation_error',
-                'detail' => $detail,
-                'source' => ['pointer' => $pointer.'/'.$path]
-            ];
-        }, array_keys($messages), $messages);
-    }
-}

src/Api/Middleware/HandleErrors.php

@@ -1,47 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * (c) Toby Zerner <toby.zerner@gmail.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Flarum\Api\Middleware;
-
-use Flarum\Api\ErrorHandler;
-use Psr\Http\Message\ResponseInterface as Response;
-use Psr\Http\Message\ServerRequestInterface as Request;
-use Psr\Http\Server\MiddlewareInterface as Middleware;
-use Psr\Http\Server\RequestHandlerInterface as Handler;
-use Throwable;
-
-class HandleErrors implements Middleware
-{
-    /**
-     * @var ErrorHandler
-     */
-    protected $errorHandler;
-
-    /**
-     * @param ErrorHandler $errorHandler
-     */
-    public function __construct(ErrorHandler $errorHandler)
-    {
-        $this->errorHandler = $errorHandler;
-    }
-
-    /**
-     * Catch all errors that happen during further middleware execution.
-     */
-    public function process(Request $request, Handler $handler): Response
-    {
-        try {
-            return $handler->handle($request);
-        } catch (Throwable $e) {
-            return $this->errorHandler->handle($e);
-        }
-    }
-}

src/Console/Event/Configuring.php

@@ -33,7 +33,7 @@ class Configuring
     public $console;
 
     /**
-     * @param Application $app
+     * @param Application        $app
      * @param ConsoleApplication $console
      */
     public function __construct(Application $app, ConsoleApplication $console)

src/Console/Server.php

@@ -13,9 +13,14 @@ namespace Flarum\Console;
 
 use Flarum\Console\Event\Configuring;
 use Flarum\Foundation\Application;
+use Flarum\Foundation\ErrorHandling\Registry;
+use Flarum\Foundation\ErrorHandling\Reporter;
 use Flarum\Foundation\SiteInterface;
 use Illuminate\Contracts\Events\Dispatcher;
 use Symfony\Component\Console\Application as ConsoleApplication;
+use Symfony\Component\Console\ConsoleEvents;
+use Symfony\Component\Console\Event\ConsoleErrorEvent;
+use Symfony\Component\EventDispatcher\EventDispatcher;
 
 class Server
 {
@@ -45,7 +50,33 @@ class Server
     {
         $app = Application::getInstance();
 
+        $this->handleErrors($app, $console);
+
         $events = $app->make(Dispatcher::class);
+
         $events->fire(new Configuring($app, $console));
     }
+
+    private function handleErrors(Application $app, ConsoleApplication $console)
+    {
+        $dispatcher = new EventDispatcher();
+
+        $dispatcher->addListener(ConsoleEvents::ERROR, function (ConsoleErrorEvent $event) use ($app) {
+            /** @var Registry $registry */
+            $registry = $app->make(Registry::class);
+
+            $error = $registry->handle($event->getError());
+
+            /** @var Reporter[] $reporters */
+            $reporters = $app->tagged(Reporter::class);
+
+            if ($error->shouldBeReported()) {
+                foreach ($reporters as $reporter) {
+                    $reporter->report($error->getException());
+                }
+            }
+        });
+
+        $console->setDispatcher($dispatcher);
+    }
 }

src/Database/Console/MigrateCommand.php

@@ -12,7 +12,12 @@
 namespace Flarum\Database\Console;
 
 use Flarum\Console\AbstractCommand;
+use Flarum\Database\Migrator;
+use Flarum\Extension\ExtensionManager;
 use Flarum\Foundation\Application;
+use Flarum\Settings\SettingsRepositoryInterface;
+use Illuminate\Database\ConnectionInterface;
+use Illuminate\Database\Schema\Builder;
 
 class MigrateCommand extends AbstractCommand
 {
@@ -55,16 +60,16 @@ class MigrateCommand extends AbstractCommand
 
     public function upgrade()
     {
-        $this->app->bind('Illuminate\Database\Schema\Builder', function ($app) {
-            return $app->make('Illuminate\Database\ConnectionInterface')->getSchemaBuilder();
+        $this->app->bind(Builder::class, function ($app) {
+            return $app->make(ConnectionInterface::class)->getSchemaBuilder();
         });
 
-        $migrator = $this->app->make('Flarum\Database\Migrator');
+        $migrator = $this->app->make(Migrator::class);
         $migrator->setOutput($this->output);
 
         $migrator->run(__DIR__.'/../../../migrations');
 
-        $extensions = $this->app->make('Flarum\Extension\ExtensionManager');
+        $extensions = $this->app->make(ExtensionManager::class);
         $extensions->getMigrator()->setOutput($this->output);
 
         foreach ($extensions->getEnabledExtensions() as $name => $extension) {
@@ -75,7 +80,7 @@ class MigrateCommand extends AbstractCommand
             }
         }
 
-        $this->app->make('Flarum\Settings\SettingsRepositoryInterface')->set('version', $this->app->version());
+        $this->app->make(SettingsRepositoryInterface::class)->set('version', $this->app->version());
 
         $this->info('Publishing assets...');
 

src/Discussion/Command/EditDiscussionHandler.php

@@ -17,6 +17,7 @@ use Flarum\Discussion\Event\Saving;
 use Flarum\Foundation\DispatchEventsTrait;
 use Flarum\User\AssertPermissionTrait;
 use Illuminate\Contracts\Events\Dispatcher;
+use Illuminate\Support\Arr;
 
 class EditDiscussionHandler
 {
@@ -54,7 +55,7 @@ class EditDiscussionHandler
     {
         $actor = $command->actor;
         $data = $command->data;
-        $attributes = array_get($data, 'attributes', []);
+        $attributes = Arr::get($data, 'attributes', []);
 
         $discussion = $this->discussions->findOrFail($command->discussionId, $actor);
 

src/Discussion/Command/StartDiscussionHandler.php

@@ -20,6 +20,7 @@ use Flarum\Post\Command\PostReply;
 use Flarum\User\AssertPermissionTrait;
 use Illuminate\Contracts\Bus\Dispatcher as BusDispatcher;
 use Illuminate\Contracts\Events\Dispatcher as EventDispatcher;
+use Illuminate\Support\Arr;
 
 class StartDiscussionHandler
 {
@@ -66,7 +67,7 @@ class StartDiscussionHandler
         // an opportunity to alter the discussion entity based on data in the
         // command they may have passed through in the controller.
         $discussion = Discussion::start(
-            array_get($data, 'attributes.title'),
+            Arr::get($data, 'attributes.title'),
             $actor
         );
 

src/Discussion/Search/Gambit/FulltextGambit.php

@@ -29,9 +29,10 @@ class FulltextGambit implements GambitInterface
             throw new LogicException('This gambit can only be applied on a DiscussionSearch');
         }
 
-        // The @ character crashes fulltext searches on InnoDB tables.
-        // See https://bugs.mysql.com/bug.php?id=74042
-        $bit = str_replace('@', '*', $bit);
+        // Replace all non-word characters with spaces.
+        // We do this to prevent MySQL fulltext search boolean mode from taking
+        // effect: https://dev.mysql.com/doc/refman/5.7/en/fulltext-boolean.html
+        $bit = preg_replace('/[^\p{L}\p{N}_]+/u', ' ', $bit);
 
         $query = $search->getQuery();
         $grammar = $query->getGrammar();
@@ -52,7 +53,7 @@ class FulltextGambit implements GambitInterface
         // discussions that have a relevant title or that contain relevant posts.
         $query
             ->addSelect('posts_ft.most_relevant_post_id')
-            ->leftJoin(
+            ->join(
                 new Expression('('.$subquery->toSql().') '.$grammar->wrapTable('posts_ft')),
                 'posts_ft.discussion_id', '=', 'discussions.id'
             )

src/Event/ConfigureLocales.php

@@ -13,6 +13,7 @@ namespace Flarum\Event;
 
 use DirectoryIterator;
 use Flarum\Locale\LocaleManager;
+use Illuminate\Support\Arr;
 use RuntimeException;
 
 /**
@@ -49,8 +50,8 @@ class ConfigureLocales
                 throw new RuntimeException("Error parsing composer.json in $name: ".json_last_error_msg());
             }
 
-            $locale = array_get($json, 'extra.flarum-locale.code');
-            $title = array_get($json, 'extra.flarum-locale.title', $title);
+            $locale = Arr::get($json, 'extra.flarum-locale.code');
+            $title = Arr::get($json, 'extra.flarum-locale.title', $title);
         }
 
         if (! isset($locale)) {

src/Extend/LanguagePack.php

@@ -20,6 +20,18 @@ use RuntimeException;
 
 class LanguagePack implements ExtenderInterface, LifecycleInterface
 {
+    private $path;
+
+    /**
+     * LanguagePack constructor.
+     *
+     * @param string|null $path Path to yaml language files.
+     */
+    public function __construct(string $path = '/locale')
+    {
+        $this->path = $path;
+    }
+
     public function extend(Container $container, Extension $extension = null)
     {
         if (is_null($extension)) {
@@ -49,11 +61,11 @@ class LanguagePack implements ExtenderInterface, LifecycleInterface
     {
         $locales->addLocale($locale, $title);
 
-        $directory = $extension->getPath().'/locale';
+        $directory = $extension->getPath().$this->path;
 
         if (! is_dir($directory)) {
             throw new RuntimeException(
-                'Language packs must have a "locale" subdirectory.'
+                'Expected to find "'.$this->path.'" directory in language pack.'
             );
         }
 

src/Extension/DefaultLanguagePackGuard.php

@@ -12,8 +12,9 @@
 namespace Flarum\Extension;
 
 use Flarum\Extension\Event\Disabling;
-use Flarum\Http\Exception\ForbiddenException;
 use Flarum\Settings\SettingsRepositoryInterface;
+use Flarum\User\Exception\PermissionDeniedException;
+use Illuminate\Support\Arr;
 
 class DefaultLanguagePackGuard
 {
@@ -34,10 +35,10 @@ class DefaultLanguagePackGuard
         }
 
         $defaultLocale = $this->settings->get('default_locale');
-        $locale = array_get($event->extension->extra, 'flarum-locale.code');
+        $locale = Arr::get($event->extension->extra, 'flarum-locale.code');
 
         if ($locale === $defaultLocale) {
-            throw new ForbiddenException('You cannot disable the default language pack!');
+            throw new PermissionDeniedException('You cannot disable the default language pack!');
         }
     }
 }

src/Extension/ExtensionManager.php

@@ -21,6 +21,8 @@ use Flarum\Foundation\Application;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Illuminate\Contracts\Container\Container;
 use Illuminate\Contracts\Events\Dispatcher;
+use Illuminate\Database\ConnectionInterface;
+use Illuminate\Database\Schema\Builder;
 use Illuminate\Filesystem\Filesystem;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
@@ -227,8 +229,8 @@ class ExtensionManager
      */
     public function migrate(Extension $extension, $direction = 'up')
     {
-        $this->app->bind('Illuminate\Database\Schema\Builder', function ($container) {
-            return $container->make('Illuminate\Database\ConnectionInterface')->getSchemaBuilder();
+        $this->app->bind(Builder::class, function ($container) {
+            return $container->make(ConnectionInterface::class)->getSchemaBuilder();
         });
 
         $extension->migrate($this->migrator, $direction);

src/Formatter/Formatter.php

@@ -139,8 +139,8 @@ class Formatter
         $dom = $configurator->tags['URL']->template->asDOM();
 
         foreach ($dom->getElementsByTagName('a') as $a) {
-            $a->setAttribute('target', '_blank');
-            $a->setAttribute('rel', 'nofollow');
+            $rel = $a->getAttribute('rel');
+            $a->setAttribute('rel', "$rel nofollow ugc");
         }
 
         $dom->saveChanges();

src/Formatter/FormatterServiceProvider.php

@@ -12,6 +12,7 @@
 namespace Flarum\Formatter;
 
 use Flarum\Foundation\AbstractServiceProvider;
+use Illuminate\Cache\Repository;
 use Illuminate\Contracts\Container\Container;
 
 class FormatterServiceProvider extends AbstractServiceProvider
@@ -23,7 +24,7 @@ class FormatterServiceProvider extends AbstractServiceProvider
     {
         $this->app->singleton('flarum.formatter', function (Container $container) {
             return new Formatter(
-                $container->make('cache.store'),
+                new Repository($container->make('cache.filestore')),
                 $container->make('events'),
                 $this->app->storagePath().'/formatter'
             );

src/Forum/Auth/ResponseFactory.php

@@ -15,6 +15,7 @@ use Flarum\Http\Rememberer;
 use Flarum\User\LoginProvider;
 use Flarum\User\RegistrationToken;
 use Flarum\User\User;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Zend\Diactoros\Response\HtmlResponse;
 
@@ -43,7 +44,7 @@ class ResponseFactory
 
         $provided = $registration->getProvided();
 
-        if (! empty($provided['email']) && $user = User::where(array_only($provided, 'email'))->first()) {
+        if (! empty($provided['email']) && $user = User::where(Arr::only($provided, 'email'))->first()) {
             $user->loginProviders()->create(compact('provider', 'identifier'));
 
             return $this->makeLoggedInResponse($user);

src/Forum/Content/Discussion.php

@@ -17,6 +17,7 @@ use Flarum\Http\Exception\RouteNotFoundException;
 use Flarum\Http\UrlGenerator;
 use Flarum\User\User;
 use Illuminate\Contracts\View\Factory;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
 class Discussion
@@ -51,12 +52,12 @@ class Discussion
     public function __invoke(Document $document, Request $request)
     {
         $queryParams = $request->getQueryParams();
-        $page = max(1, array_get($queryParams, 'page'));
+        $page = max(1, Arr::get($queryParams, 'page'));
 
         $params = [
-            'id' => (int) array_get($queryParams, 'id'),
+            'id' => (int) Arr::get($queryParams, 'id'),
             'page' => [
-                'near' => array_get($queryParams, 'near'),
+                'near' => Arr::get($queryParams, 'near'),
                 'offset' => ($page - 1) * 20,
                 'limit' => 20
             ]
@@ -65,7 +66,7 @@ class Discussion
         $apiDocument = $this->getApiDocument($request->getAttribute('actor'), $params);
 
         $getResource = function ($link) use ($apiDocument) {
-            return array_first($apiDocument->included, function ($value) use ($link) {
+            return Arr::first($apiDocument->included, function ($value) use ($link) {
                 return $value->type === $link->type && $value->id === $link->id;
             });
         };

src/Forum/Content/Index.php

@@ -14,8 +14,11 @@ namespace Flarum\Forum\Content;
 use Flarum\Api\Client;
 use Flarum\Api\Controller\ListDiscussionsController;
 use Flarum\Frontend\Document;
+use Flarum\Http\UrlGenerator;
+use Flarum\Settings\SettingsRepositoryInterface;
 use Flarum\User\User;
 use Illuminate\Contracts\View\Factory;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
 class Index
@@ -30,23 +33,37 @@ class Index
      */
     protected $view;
 
+    /**
+     * @var SettingsRepositoryInterface
+     */
+    protected $settings;
+
+    /**
+     * @var UrlGenerator
+     */
+    protected $url;
+
     /**
      * @param Client $api
      * @param Factory $view
+     * @param SettingsRepositoryInterface $settings
+     * @param UrlGenerator $url
      */
-    public function __construct(Client $api, Factory $view)
+    public function __construct(Client $api, Factory $view, SettingsRepositoryInterface $settings, UrlGenerator $url)
     {
         $this->api = $api;
         $this->view = $view;
+        $this->settings = $settings;
+        $this->url = $url;
     }
 
     public function __invoke(Document $document, Request $request)
     {
         $queryParams = $request->getQueryParams();
 
-        $sort = array_pull($queryParams, 'sort');
-        $q = array_pull($queryParams, 'q');
-        $page = array_pull($queryParams, 'page', 1);
+        $sort = Arr::pull($queryParams, 'sort');
+        $q = Arr::pull($queryParams, 'q');
+        $page = Arr::pull($queryParams, 'page', 1);
 
         $sortMap = $this->getSortMap();
 
@@ -57,9 +74,11 @@ class Index
         ];
 
         $apiDocument = $this->getApiDocument($request->getAttribute('actor'), $params);
+        $defaultRoute = $this->settings->get('default_route');
 
         $document->content = $this->view->make('flarum.forum::frontend.content.index', compact('apiDocument', 'page'));
         $document->payload['apiDocument'] = $apiDocument;
+        $document->canonicalUrl = $defaultRoute === '/all' ? $this->url->to('forum')->base() : $request->getUri()->withQuery('');
 
         return $document;
     }

src/Forum/Controller/ConfirmEmailController.php

@@ -14,12 +14,11 @@ namespace Flarum\Forum\Controller;
 use Flarum\Foundation\Application;
 use Flarum\Http\SessionAuthenticator;
 use Flarum\User\Command\ConfirmEmail;
-use Flarum\User\Exception\InvalidConfirmationTokenException;
 use Illuminate\Contracts\Bus\Dispatcher;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Server\RequestHandlerInterface;
-use Zend\Diactoros\Response\HtmlResponse;
 use Zend\Diactoros\Response\RedirectResponse;
 
 class ConfirmEmailController implements RequestHandlerInterface
@@ -57,15 +56,11 @@ class ConfirmEmailController implements RequestHandlerInterface
      */
     public function handle(Request $request): ResponseInterface
     {
-        try {
-            $token = array_get($request->getQueryParams(), 'token');
+        $token = Arr::get($request->getQueryParams(), 'token');
 
-            $user = $this->bus->dispatch(
-                new ConfirmEmail($token)
-            );
-        } catch (InvalidConfirmationTokenException $e) {
-            return new HtmlResponse('Invalid confirmation token');
-        }
+        $user = $this->bus->dispatch(
+            new ConfirmEmail($token)
+        );
 
         $session = $request->getAttribute('session');
         $this->authenticator->logIn($session, $user->id);

src/Forum/Controller/LogInController.php

@@ -18,6 +18,7 @@ use Flarum\Http\Rememberer;
 use Flarum\Http\SessionAuthenticator;
 use Flarum\User\Event\LoggedIn;
 use Flarum\User\UserRepository;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -65,7 +66,7 @@ class LogInController implements RequestHandlerInterface
     {
         $actor = $request->getAttribute('actor');
         $body = $request->getParsedBody();
-        $params = array_only($body, ['identification', 'password']);
+        $params = Arr::only($body, ['identification', 'password']);
 
         $response = $this->apiClient->send(CreateTokenController::class, $actor, [], $params);
 
@@ -79,7 +80,7 @@ class LogInController implements RequestHandlerInterface
 
             event(new LoggedIn($this->users->findOrFail($data->userId), $token));
 
-            if (array_get($body, 'remember')) {
+            if (Arr::get($body, 'remember')) {
                 $response = $this->rememberer->remember($response, $token);
             }
         }

src/Forum/Controller/LogOutController.php

@@ -20,6 +20,7 @@ use Flarum\User\AssertPermissionTrait;
 use Flarum\User\Event\LoggedOut;
 use Illuminate\Contracts\Events\Dispatcher;
 use Illuminate\Contracts\View\Factory;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Server\RequestHandlerInterface;
@@ -94,7 +95,7 @@ class LogOutController implements RequestHandlerInterface
         $session = $request->getAttribute('session');
         $actor = $request->getAttribute('actor');
 
-        $url = array_get($request->getQueryParams(), 'return', $this->app->url());
+        $url = Arr::get($request->getQueryParams(), 'return', $this->app->url());
 
         // If there is no user logged in, return to the index.
         if ($actor->isGuest()) {
@@ -105,8 +106,8 @@ class LogOutController implements RequestHandlerInterface
         // allow the user to press a button to complete the log out process.
         $csrfToken = $session->token();
 
-        if (array_get($request->getQueryParams(), 'token') !== $csrfToken) {
-            $return = array_get($request->getQueryParams(), 'return');
+        if (Arr::get($request->getQueryParams(), 'token') !== $csrfToken) {
+            $return = Arr::get($request->getQueryParams(), 'return');
 
             $view = $this->view->make('flarum.forum::log-out')
                 ->with('url', $this->url->to('forum')->route('logout').'?token='.$csrfToken.($return ? '&return='.urlencode($return) : ''));

src/Forum/Controller/ResetPasswordController.php

@@ -16,6 +16,7 @@ use Flarum\Http\Controller\AbstractHtmlController;
 use Flarum\User\Exception\InvalidConfirmationTokenException;
 use Flarum\User\PasswordToken;
 use Illuminate\Contracts\View\Factory;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
 class ResetPasswordController extends AbstractHtmlController
@@ -40,7 +41,7 @@ class ResetPasswordController extends AbstractHtmlController
      */
     public function render(Request $request)
     {
-        $token = array_get($request->getQueryParams(), 'token');
+        $token = Arr::get($request->getQueryParams(), 'token');
 
         $token = PasswordToken::findOrFail($token);
 

src/Forum/Controller/SavePasswordController.php

@@ -18,6 +18,7 @@ use Flarum\User\PasswordToken;
 use Flarum\User\UserValidator;
 use Illuminate\Contracts\Events\Dispatcher;
 use Illuminate\Contracts\Validation\Factory;
+use Illuminate\Support\Arr;
 use Illuminate\Support\MessageBag;
 use Illuminate\Validation\ValidationException;
 use Psr\Http\Message\ResponseInterface;
@@ -72,9 +73,9 @@ class SavePasswordController implements RequestHandlerInterface
     {
         $input = $request->getParsedBody();
 
-        $token = PasswordToken::findOrFail(array_get($input, 'passwordToken'));
+        $token = PasswordToken::findOrFail(Arr::get($input, 'passwordToken'));
 
-        $password = array_get($input, 'password');
+        $password = Arr::get($input, 'password');
 
         try {
             // todo: probably shouldn't use the user validator for this,

src/Forum/ForumServiceProvider.php

@@ -18,6 +18,10 @@ use Flarum\Extension\Event\Enabled;
 use Flarum\Formatter\Formatter;
 use Flarum\Foundation\AbstractServiceProvider;
 use Flarum\Foundation\Application;
+use Flarum\Foundation\ErrorHandling\Registry;
+use Flarum\Foundation\ErrorHandling\Reporter;
+use Flarum\Foundation\ErrorHandling\ViewFormatter;
+use Flarum\Foundation\ErrorHandling\WhoopsFormatter;
 use Flarum\Foundation\Event\ClearingCache;
 use Flarum\Frontend\AddLocaleAssets;
 use Flarum\Frontend\AddTranslations;
@@ -53,15 +57,19 @@ class ForumServiceProvider extends AbstractServiceProvider
             return $routes;
         });
 
+        $this->app->afterResolving('flarum.forum.routes', function (RouteCollection $routes) {
+            $this->setDefaultRoute($routes);
+        });
+
         $this->app->singleton('flarum.forum.middleware', function (Application $app) {
             $pipe = new MiddlewarePipe;
 
             // All requests should first be piped through our global error handler
-            if ($app->inDebugMode()) {
-                $pipe->pipe($app->make(HttpMiddleware\HandleErrorsWithWhoops::class));
-            } else {
-                $pipe->pipe($app->make(HttpMiddleware\HandleErrorsWithView::class));
-            }
+            $pipe->pipe(new HttpMiddleware\HandleErrors(
+                $app->make(Registry::class),
+                $app->inDebugMode() ? $app->make(WhoopsFormatter::class) : $app->make(ViewFormatter::class),
+                $app->tagged(Reporter::class)
+            ));
 
             $pipe->pipe($app->make(HttpMiddleware\ParseJsonBody::class));
             $pipe->pipe($app->make(HttpMiddleware\CollectGarbage::class));
@@ -181,7 +189,16 @@ class ForumServiceProvider extends AbstractServiceProvider
         $this->app->make('events')->fire(
             new ConfigureForumRoutes($routes, $factory)
         );
+    }
 
+    /**
+     * Determine the default route.
+     *
+     * @param RouteCollection $routes
+     */
+    protected function setDefaultRoute(RouteCollection $routes)
+    {
+        $factory = $this->app->make(RouteHandlerFactory::class);
         $defaultRoute = $this->app->make('flarum.settings')->get('default_route');
 
         if (isset($routes->getRouteData()[0]['GET'][$defaultRoute])) {