Housekeeping / Laravel best-practices

[rjackson]

Just to formally note potential housekeeping tasks that I've noticed browsing through the membership system.

These are behind-the-scenes tweaks that won't really make any member-facing changes, but will bring the system closer to the general Laravel best-practises and ways of doing things.

My hopes from these is to make the system:

1. Easier for folks to understand (especially those with Laravel-related background)
2. More robust & reliable
3. Easier to extend and maintain going forward

These are fairly loose thoughts at the moment. I need to take a closer look at each of them.

Potential tasks:

• Replace usages of env in application code with config files & the config function (see Laravel 9 Accessing Configuration Values for reference)
• Extract Telegram-specific code from BB\Exceptions\Handler to somewhere more appropriate, and re-use TelegramHelper. Perhaps creating TelegramHelper::captureException method?
• Replace TelegramHelper notifications with Laravel 5.3 Notifications API (will need to backport) with a Telegram notification channel, allowing more flexible and alternate notification channels going forward
• Replace hardcoded links to the live website with generated URLs to named routes (see Named Routes)
• Reconcile automate.sh-scheduled jobs and Laravel Task Scheduling scheduled jobs, and get the server set up to invoke Task Scheduling jobs properly
• Review access control logic and formalise into Authorisation Policies
• Review user_id inputs in frontend forms, as these could pose access control risks (setting up things against other users accounts)
• Reviewing dependencies, and trimming any unused / unnecessary functionality (lest they get in the way of the Laravel upgrade path)
• Review usages of unescaped Blade output ({!! !!}}) as I've spotted a few unnecessary and risky usages of it