Summary
Once a project's webhook token is set, there is no way to rotate it without manually editing the database. Token rotation is important security hygiene — if a token is ever exposed, admins need a quick way to invalidate it.
Implementation
1. Add a route in the admin projects resource (in routes/web.php):
Route::post('admin/projects/{project}/rotate-token', [ProjectManagementController::class, 'rotateToken'])
->middleware(['auth', 'admin'])
->name('admin.projects.rotate-token');2. Add rotateToken() to ProjectManagementController:
public function rotateToken(Project $project)
{
$this->authorize('manage', $project); // uses Policy from Phase 3
$project->update(['token' => generateToken()]);
return back()->with('success', 'Token rotated. Update your SNS subscription endpoint.');
}3. Update the project edit view (resources/views/admin/projects/edit.blade.php or similar):
- Display the current webhook URL with the token
- Add a "Rotate Token" button with a confirmation dialog warning that the old SNS subscription will stop working immediately
- After rotation, show the new endpoint URL prominently so the admin can update AWS
Acceptance Criteria
Summary
Once a project's webhook token is set, there is no way to rotate it without manually editing the database. Token rotation is important security hygiene — if a token is ever exposed, admins need a quick way to invalidate it.
Implementation
1. Add a route in the admin projects resource (in
routes/web.php):2. Add
rotateToken()toProjectManagementController:3. Update the project edit view (
resources/views/admin/projects/edit.blade.phpor similar):Acceptance Criteria
generateToken()helper)