SkinbaseNova/app/Http/Controllers/Web/ApplicationController.php

<?php

namespace App\Http\Controllers\Web;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;
use App\Models\StaffApplication;

class ApplicationController extends Controller
{
    public function show()
    {
        return view('web.apply');
    }

    public function submit(Request $request)
    {
        $data = $request->validate([
            'topic' => 'required|string|in:apply,bug,contact,other',
            'name' => 'required|string|max:100',
            'email' => 'required|email|max:150',
            'role' => 'nullable|string|max:100',
            'portfolio' => 'nullable|url|max:255',
            'affected_url' => 'nullable|url|max:255',
            'steps' => 'nullable|string|max:2000',
            'message' => 'nullable|string|max:2000',
        ]);

        $payload = [
            'id' => (string) Str::uuid(),
            'submitted_at' => now()->toISOString(),
            'ip' => $request->ip(),
            'user_agent' => $request->userAgent(),
            'data' => $data,
        ];

        // Honeypot: silently drop submissions that fill the hidden field
        if ($request->filled('website')) {
            return redirect()->route('contact.show')->with('success', 'Your submission was received.');
        }

        try {
            Storage::append('staff_applications.jsonl', json_encode($payload, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));
        } catch (\Throwable $e) {
            // best-effort store; don't fail the user if write fails
        }

        // store in DB as well
        try {
            StaffApplication::create([
                'id' => $payload['id'],
                'topic' => $data['topic'] ?? 'apply',
                'name' => $data['name'] ?? null,
                'email' => $data['email'] ?? null,
                'role' => $data['role'] ?? null,
                'portfolio' => $data['portfolio'] ?? null,
                'message' => $data['message'] ?? null,
                'payload' => $payload,
                'ip' => $payload['ip'],
                'user_agent' => $payload['user_agent'],
            ]);
        } catch (\Throwable $e) {
            // ignore DB errors
        }

        $to = config('mail.from.address');

        if ($to) {
            try {
                // prefer the DB model when available
                $appModel = isset($appModel) ? $appModel : StaffApplication::find($payload['id']) ?? null;
                if (! $appModel) {
                    // construct a lightweight model-like object for the mailable
                    $appModel = new StaffApplication($payload['data'] ?? []);
                    $appModel->id = $payload['id'];
                    $appModel->payload = $payload;
                    $appModel->ip = $payload['ip'];
                    $appModel->user_agent = $payload['user_agent'];
                    $appModel->created_at = now();
                }

                Mail::to($to)->queue(new \App\Mail\StaffApplicationReceived($appModel));
            } catch (\Throwable $e) {
                // ignore mail errors but don't fail user
            }
        }

        return redirect()->route('contact.show')->with('success', 'Your submission was received. Thank you — we will review it soon.');
    }
}