# Phase 12: Security & Deployment Hardening

## Performance Optimization (Caching)
During the final review, we evaluated database performance on public entry points. The `HomeController` serves as the primary storefront. To prevent DDoS attacks or general high-traffic scenarios from crippling the local database parsing `enrollments_count` algorithms:
- Implemented `Cache::remember()` for `$featuredCourses` enforcing a 1-hour retention block.
- Implemented `Cache::rememberForever()` for Root Categories (these only change explicitly by an Admin manually adding a Category).
- Implemented an $86,400$ second (24-hour) cache block on pulling `site_name` from Settings.

## Payment API Rate Limiting
To prevent malicious API-call spamming that could intentionally max out our Stripe/JazzCash infrastructure quotas, we applied `throttle:10,1` natively inside `routes/web.php` for the `auth` group managing `/checkout/{course:slug}`. Users can only initialize 10 checkouts per minute maximum.

## Deployment Checklist
Before pushing this wamp64 codebase into a production server (Ubuntu/Nginx/Apache), verify the following inside `.env`:

1. **Environment Flag:** Ensure `APP_ENV=production` and `APP_DEBUG=false`. This strictly prevents Laravel Ignition stack-traces from exposing DB structures to end users on generic error 500s.
2. **Key Regeneration:** `php artisan key:generate` on the live server.
3. **Configurations Optimization:** Run `php artisan config:cache`, `php artisan route:cache`, and `php artisan view:cache`.
4. **Queue Architecture:** If email triggers are integrated for Phase 11 reviews, ensure `QUEUE_CONNECTION=database` or Redis, running the Supervisor daemon.
5. **Bunny Net Webhooks:** The `/webhooks/payments/{gateway}` endpoint must remain open. Do NOT place this route behind CSRF. Ensure it is listed inside `VerifyCsrfToken.php` `$except` array, so Gateway callbacks successfully bypass Laravel token security!

## Project Finality
The logic has been successfully deployed and sealed.
All 12 phases of the architecture log are resolved.