refactor: project maintenance

- work in progress

12 files changed, 261 insertions, 375 deletions

diff --git a/config/app.ts b/config/app.ts
index fb3c0be..135f20f 100644
--- a/config/app.ts
+++ b/config/app.ts
@@ -5,12 +5,12 @@
  * file.
  */
 
-import proxyAddr from 'proxy-addr';
-import Env from '@ioc:Adonis/Core/Env';
-import { ServerConfig } from '@ioc:Adonis/Core/Server';
-import { LoggerConfig } from '@ioc:Adonis/Core/Logger';
-import { ProfilerConfig } from '@ioc:Adonis/Core/Profiler';
-import { ValidatorConfig } from '@ioc:Adonis/Core/Validator';
+import proxyAddr from 'proxy-addr'
+import env from '#start/env'
+import { ProfilerConfig } from '@ioc:Adonis/Core/Profiler'
+import { LoggerConfig } from '@adonisjs/core/types/logger'
+import { ValidatorConfig } from '@adonisjs/validator/types'
+import { defineConfig } from '@adonisjs/core/http'
 
 /*
 |--------------------------------------------------------------------------
@@ -25,18 +25,17 @@ import { ValidatorConfig } from '@ioc:Adonis/Core/Validator';
 | be decrypted.
 |
 */
-export const appKey: string = Env.get('APP_KEY');
+export const appKey: string = env.get('APP_KEY')
 
-export const url: string = Env.get('APP_URL');
+export const url: string = env.get('APP_URL')
 
 // TODO: this is parsed as string to be coherent with the previous version of the code we add (before migrating to AdonisJS 5)
-export const isRegistrationEnabled: string = Env.get('IS_REGISTRATION_ENABLED');
-export const connectWithFranz: string = Env.get('CONNECT_WITH_FRANZ');
-export const isCreationEnabled: string = Env.get('IS_CREATION_ENABLED');
+export const isRegistrationEnabled: string = env.get('IS_REGISTRATION_ENABLED')
+export const connectWithFranz: string = env.get('CONNECT_WITH_FRANZ')
+export const isCreationEnabled: string = env.get('IS_CREATION_ENABLED')
 export const jwtUsePEM: boolean =
-  Env.get('JWT_USE_PEM', false) ||
-  (Env.get('JWT_PUBLIC_KEY', '') !== '' &&
-    Env.get('JWT_PRIVATE_KEY', '') !== '');
+  env.get('JWT_USE_PEM', false) ||
+  (env.get('JWT_PUBLIC_KEY', '') !== '' && env.get('JWT_PRIVATE_KEY', '') !== '')
 /*
 |--------------------------------------------------------------------------
 | Http server configuration
@@ -46,7 +45,7 @@ export const jwtUsePEM: boolean =
 | the config properties to make keep server secure.
 |
 */
-export const http: ServerConfig = {
+export const http = defineConfig({
   /*
   |--------------------------------------------------------------------------
   | Allow method spoofing
@@ -137,7 +136,7 @@ export const http: ServerConfig = {
   |
   */
   forceContentNegotiationTo: 'application/json',
-};
+})
 
 /*
 |--------------------------------------------------------------------------
@@ -157,7 +156,7 @@ export const logger: LoggerConfig = {
   | reading the `name` property from the `package.json` file.
   |
   */
-  name: Env.get('APP_NAME', 'Ferdium-server'),
+  name: env.get('APP_NAME', 'Ferdium-server'),
 
   /*
   |--------------------------------------------------------------------------
@@ -179,7 +178,7 @@ export const logger: LoggerConfig = {
   | at deployment level and not code level.
   |
   */
-  level: Env.get('LOG_LEVEL', 'info'),
+  level: env.get('LOG_LEVEL', 'info'),
 
   /*
   |--------------------------------------------------------------------------
@@ -190,8 +189,8 @@ export const logger: LoggerConfig = {
   | can have huge impact on performance.
   |
   */
-  prettyPrint: Env.get('NODE_ENV') === 'development',
-};
+  prettyPrint: env.get('NODE_ENV') === 'development',
+}
 
 /*
 |--------------------------------------------------------------------------
@@ -230,7 +229,7 @@ export const profiler: ProfilerConfig = {
   |
   */
   whitelist: [],
-};
+}
 
 /*
 |--------------------------------------------------------------------------
@@ -241,4 +240,4 @@ export const profiler: ProfilerConfig = {
 | to the default config https://git.io/JT0WE
 |
 */
-export const validator: ValidatorConfig = {};
+export const validator: ValidatorConfig = {}
diff --git a/config/auth.ts b/config/auth.ts
index 28a9b8c..f43bbdb 100644
--- a/config/auth.ts
+++ b/config/auth.ts
@@ -5,9 +5,9 @@
  * file.
  */
 
-import { AuthConfig } from '@ioc:Adonis/Addons/Auth';
-import Env from '@ioc:Adonis/Core/Env';
-import { appKey, jwtUsePEM } from './app';
+import { AuthConfig } from '@ioc:Adonis/Addons/Auth'
+import env from '#start/env'
+import { appKey, jwtUsePEM } from './app.js'
 
 /*
 |--------------------------------------------------------------------------
@@ -233,12 +233,8 @@ const authConfig: AuthConfig = {
       driver: 'jwt',
       secret: jwtUsePEM ? undefined : appKey,
       algorithmJwt: jwtUsePEM ? undefined : 'HS256',
-      publicKey: jwtUsePEM
-        ? Env.get('JWT_PUBLIC_KEY', '').replaceAll('\\n', '\n')
-        : undefined,
-      privateKey: jwtUsePEM
-        ? Env.get('JWT_PRIVATE_KEY', '').replaceAll('\\n', '\n')
-        : undefined,
+      publicKey: jwtUsePEM ? env.get('JWT_PUBLIC_KEY', '').replaceAll('\\n', '\n') : undefined,
+      privateKey: jwtUsePEM ? env.get('JWT_PRIVATE_KEY', '').replaceAll('\\n', '\n') : undefined,
       persistJwt: true,
       // TODO: We should improve the following implementation as this is a security concern.
       // The following ts-expect-error is to set exp to undefined (JWT with no expiration)
@@ -258,6 +254,6 @@ const authConfig: AuthConfig = {
       },
     },
   },
-};
+}
 
-export default authConfig;
+export default authConfig
diff --git a/config/bodyparser.ts b/config/bodyparser.ts
index b5adcda..b3a027b 100644
--- a/config/bodyparser.ts
+++ b/config/bodyparser.ts
@@ -5,9 +5,10 @@
  * file.
  */
 
-import { BodyParserConfig } from '@ioc:Adonis/Core/BodyParser';
+import { BodyParserConfig } from '@adonisjs/core/bodyparser'
+import { defineConfig } from '@adonisjs/core/bodyparser'
 
-const bodyParserConfig: BodyParserConfig = {
+const bodyParserConfig = defineConfig({
   /*
   |--------------------------------------------------------------------------
   | White listed methods
@@ -200,6 +201,6 @@ const bodyParserConfig: BodyParserConfig = {
     */
     types: ['multipart/form-data'],
   },
-};
+})
 
-export default bodyParserConfig;
+export default bodyParserConfig
diff --git a/config/cors.ts b/config/cors.ts
index dc0e3f6..911326f 100644
--- a/config/cors.ts
+++ b/config/cors.ts
@@ -1,13 +1,6 @@
-/**
- * Config source: https://git.io/JfefC
- *
- * Feel free to let us know via PR, if you find something broken in this config
- * file.
- */
+import { defineConfig } from '@adonisjs/cors'
 
-import { CorsConfig } from '@ioc:Adonis/Core/Cors';
-
-const corsConfig: CorsConfig = {
+const corsConfig = defineConfig({
   /*
   |--------------------------------------------------------------------------
   | Enabled
@@ -129,6 +122,6 @@ const corsConfig: CorsConfig = {
   |
   */
   maxAge: 90,
-};
+})
 
-export default corsConfig;
+export default corsConfig
diff --git a/config/dashboard.ts b/config/dashboard.ts
index 18feb14..9e92024 100644
--- a/config/dashboard.ts
+++ b/config/dashboard.ts
@@ -1,5 +1,5 @@
-import Env from '@ioc:Adonis/Core/Env';
+import env from '#start/env'
 
-export const enabled: boolean = Env.get('IS_DASHBOARD_ENABLED') !== 'false';
+export const enabled: boolean = env.get('IS_DASHBOARD_ENABLED') !== 'false'
 
-export const mailFrom: string = Env.get('MAIL_SENDER');
+export const mailFrom: string = env.get('MAIL_SENDER')
diff --git a/config/database.ts b/config/database.ts
index 65a9455..d2db1c2 100644
--- a/config/database.ts
+++ b/config/database.ts
@@ -1,4 +1,3 @@
-/* eslint-disable @typescript-eslint/indent */
 /**
  * Config source: https://git.io/JesV9
  *
@@ -6,11 +5,12 @@
  * file.
  */
 
-import path from 'node:path';
-import Env from '@ioc:Adonis/Core/Env';
-import { DatabaseConfig } from '@ioc:Adonis/Lucid/Database';
+import path from 'node:path'
+import env from '#start/env'
+import { DatabaseConfig } from '@adonisjs/lucid/database'
+import { defineConfig } from '@adonisjs/lucid'
 
-const databaseConfig: DatabaseConfig = {
+const databaseConfig = defineConfig({
   /*
   |--------------------------------------------------------------------------
   | Connection
@@ -21,7 +21,7 @@ const databaseConfig: DatabaseConfig = {
   | file.
   |
   */
-  connection: Env.get('DB_CONNECTION', 'sqlite'),
+  connection: env.get('DB_CONNECTION', 'sqlite'),
 
   connections: {
     /*
@@ -39,13 +39,13 @@ const databaseConfig: DatabaseConfig = {
       client: 'sqlite',
       connection: {
         filename: path.join(
-          Env.get('DATA_DIR', 'data'),
-          `${Env.get('DB_DATABASE', 'ferdium')}.sqlite`,
+          env.get('DATA_DIR', 'data'),
+          `${env.get('DB_DATABASE', 'ferdium')}.sqlite`
         ),
       },
       pool: {
         afterCreate: (conn, cb) => {
-          conn.run('PRAGMA foreign_keys=true', cb);
+          conn.run('PRAGMA foreign_keys=true', cb)
         },
       },
       migrations: {
@@ -53,7 +53,7 @@ const databaseConfig: DatabaseConfig = {
       },
       useNullAsDefault: true,
       healthCheck: false,
-      debug: Env.get('DB_DEBUG', false),
+      debug: env.get('DB_DEBUG', false),
     },
 
     /*
@@ -70,17 +70,17 @@ const databaseConfig: DatabaseConfig = {
     mysql: {
       client: 'mysql',
       connection: {
-        host: Env.get('DB_HOST', 'localhost'),
-        port: Env.get('DB_PORT', ''),
-        user: Env.get('DB_USER', 'root'),
-        password: Env.get('DB_PASSWORD', ''),
-        database: Env.get('DB_DATABASE', 'ferdium'),
+        host: env.get('DB_HOST', 'localhost'),
+        port: env.get('DB_PORT', ''),
+        user: env.get('DB_USER', 'root'),
+        password: env.get('DB_PASSWORD', ''),
+        database: env.get('DB_DATABASE', 'ferdium'),
       },
       migrations: {
         naturalSort: true,
       },
       healthCheck: false,
-      debug: Env.get('DB_DEBUG', false),
+      debug: env.get('DB_DEBUG', false),
     },
 
     /*
@@ -97,25 +97,25 @@ const databaseConfig: DatabaseConfig = {
     pg: {
       client: 'pg',
       connection: {
-        host: Env.get('DB_HOST', 'localhost'),
-        port: Env.get('DB_PORT', ''),
-        user: Env.get('DB_USER', 'root'),
-        password: Env.get('DB_PASSWORD', ''),
-        database: Env.get('DB_DATABASE', 'ferdium'),
-        ssl: Env.get('DB_CA_CERT')
+        host: env.get('DB_HOST', 'localhost'),
+        port: env.get('DB_PORT', ''),
+        user: env.get('DB_USER', 'root'),
+        password: env.get('DB_PASSWORD', ''),
+        database: env.get('DB_DATABASE', 'ferdium'),
+        ssl: env.get('DB_CA_CERT')
           ? {
               rejectUnauthorized: false,
-              ca: Env.get('DB_CA_CERT'),
+              ca: env.get('DB_CA_CERT'),
             }
-          : JSON.parse(Env.get('DB_SSL', 'true')),
+          : JSON.parse(env.get('DB_SSL', 'true')),
       },
       migrations: {
         naturalSort: true,
       },
       healthCheck: false,
-      debug: Env.get('DB_DEBUG', false),
+      debug: env.get('DB_DEBUG', false),
     },
   },
-};
+})
 
-export default databaseConfig;
+export default databaseConfig
diff --git a/config/drive.ts b/config/drive.ts
index b6950eb..f099303 100644
--- a/config/drive.ts
+++ b/config/drive.ts
@@ -5,9 +5,9 @@
  * file.
  */
 
-import Env from '@ioc:Adonis/Core/Env';
-import { driveConfig } from '@adonisjs/core/build/config';
-import Application from '@ioc:Adonis/Core/Application';
+import env from '#start/env'
+import { driveConfig } from '@adonisjs/core/build/config'
+import { app } from '@adonisjs/core/services/app'
 
 /*
 |--------------------------------------------------------------------------
@@ -28,7 +28,7 @@ export default driveConfig({
   | the `DRIVE_DISK` environment variable.
   |
   */
-  disk: Env.get('DRIVE_DISK', 'local'),
+  disk: env.get('DRIVE_DISK', 'local'),
 
   disks: {
     /*
@@ -53,7 +53,7 @@ export default driveConfig({
       | files.
       |
       */
-      root: Application.tmpPath('uploads'),
+      root: app.tmpPath('uploads'),
 
       /*
       |--------------------------------------------------------------------------
@@ -146,4 +146,4 @@ export default driveConfig({
     //   usingUniformAcl: false,
     // },
   },
-});
+})
diff --git a/config/hash.ts b/config/hash.ts
index abe7dd0..22e38bd 100644
--- a/config/hash.ts
+++ b/config/hash.ts
@@ -5,8 +5,9 @@
  * file.
  */
 
-import Env from '@ioc:Adonis/Core/Env';
-import { hashConfig } from '@adonisjs/core/build/config';
+import env from '#start/env'
+import { defineConfig } from '@adonisjs/core/hash'
+import { drivers } from '@adonisjs/core/hash'
 
 /*
 |--------------------------------------------------------------------------
@@ -17,7 +18,7 @@ import { hashConfig } from '@adonisjs/core/build/config';
 | defined inside `contracts` directory.
 |
 */
-export default hashConfig({
+export default defineConfig({
   /*
   |--------------------------------------------------------------------------
   | Default hasher
@@ -28,18 +29,17 @@ export default hashConfig({
   |
   | Default is set to bcrypt to prevent breaking-changes.
   */
-  default: Env.get('HASH_DRIVER', 'scrypt'),
+  default: env.get('HASH_DRIVER', 'scrypt'),
 
   list: {
-    scrypt: {
-      driver: 'scrypt',
+    scrypt: drivers.scrypt({
       cost: 16_384,
       blockSize: 8,
       parallelization: 1,
       saltSize: 16,
       keyLength: 64,
       maxMemory: 32 * 1024 * 1024,
-    },
+    }),
     /*
     |--------------------------------------------------------------------------
     | Argon
@@ -53,14 +53,13 @@ export default hashConfig({
     | npm install phc-argon2
     |
     */
-    argon: {
-      driver: 'argon2',
+    argon: drivers.argon2({
       variant: 'id',
       iterations: 3,
       memory: 4096,
       parallelism: 1,
       saltSize: 16,
-    },
+    }),
 
     /*
     |--------------------------------------------------------------------------
@@ -75,14 +74,17 @@ export default hashConfig({
     | npm install phc-bcrypt
     |
     */
-    bcrypt: {
-      driver: 'bcrypt',
+    bcrypt: drivers.bcrypt({
       rounds: 10,
-    },
+    }),
 
     legacy: {
       // @ts-expect-error
       driver: 'legacy',
     },
   },
-});
+})
+
+declare module '@adonisjs/core/types' {
+  export interface HashersList extends InferHashers<typeof hashConfig> {}
+}
diff --git a/config/mail.ts b/config/mail.ts
index 3f688ce..7d650d5 100644
--- a/config/mail.ts
+++ b/config/mail.ts
@@ -5,10 +5,10 @@
  * file.
  */
 
-import Env from '@ioc:Adonis/Core/Env';
-import { mailConfig } from '@adonisjs/mail/build/config';
+import env from '#start/env'
+import { defineConfig } from '@adonisjs/mail'
 
-export default mailConfig({
+export default defineConfig({
   /*
   |--------------------------------------------------------------------------
   | Default mailer
@@ -18,7 +18,7 @@ export default mailConfig({
   | a mailer
   |
   */
-  mailer: Env.get('MAIL_CONNECTION', 'smtp'),
+  mailer: env.get('MAIL_CONNECTION', 'smtp'),
 
   /*
   |--------------------------------------------------------------------------
@@ -42,22 +42,21 @@ export default mailConfig({
     | Uses SMTP protocol for sending email
     |
     */
-    smtp: {
-      driver: 'smtp',
-      name: Env.get('APP_URL'),
-      port: Env.get('SMTP_PORT', '2525'),
-      host: Env.get('SMTP_HOST', 'localhost'),
-      secure: JSON.parse(Env.get('MAIL_SSL', 'false')),
-      requireTLS: JSON.parse(Env.get('MAIL_REQUIRE_TLS', 'false')),
+    smtp: drivers.smtp({
+      name: env.get('APP_URL'),
+      port: env.get('SMTP_PORT', '2525'),
+      host: env.get('SMTP_HOST', 'localhost'),
+      secure: JSON.parse(env.get('MAIL_SSL', 'false')),
+      requireTLS: JSON.parse(env.get('MAIL_REQUIRE_TLS', 'false')),
       auth: {
-        user: Env.get('MAIL_USERNAME'),
-        pass: Env.get('MAIL_PASSWORD'),
+        user: env.get('MAIL_USERNAME'),
+        pass: env.get('MAIL_PASSWORD'),
         type: 'login',
       },
       maxConnections: 5,
       maxMessages: 100,
       rateLimit: 10,
-    },
+    }),
 
     /*
     |--------------------------------------------------------------------------
@@ -72,47 +71,48 @@ export default mailConfig({
     | ```
     |
     */
-    ses: {
-      driver: 'ses',
+    ses: drivers.ses({
       apiVersion: '2010-12-01',
-      key: Env.get('SES_ACCESS_KEY'),
-      secret: Env.get('SES_ACCESS_SECRET'),
-      region: Env.get('SES_REGION'),
+      key: env.get('SES_ACCESS_KEY'),
+      secret: env.get('SES_ACCESS_SECRET'),
+      region: env.get('SES_REGION'),
       sslEnabled: true,
       sendingRate: 10,
       maxConnections: 5,
-    },
+    }),
 
     /*
     |--------------------------------------------------------------------------
     | Mailgun
     |--------------------------------------------------------------------------
     |
-                | Uses Mailgun service for sending emails.
+        | Uses Mailgun service for sending emails.
     |
     | If you are using an EU domain. Ensure to change the baseUrl to hit the
     | europe endpoint (https://api.eu.mailgun.net/v3).
     |
     */
-    mailgun: {
-      driver: 'mailgun',
+    mailgun: drivers.mailgun({
       baseUrl: 'https://api.mailgun.net/v3',
-      key: Env.get('MAILGUN_API_KEY'),
-      domain: Env.get('MAILGUN_DOMAIN'),
-    },
+      key: env.get('MAILGUN_API_KEY'),
+      domain: env.get('MAILGUN_DOMAIN'),
+    }),
 
     /*
     |--------------------------------------------------------------------------
     | SparkPost
     |--------------------------------------------------------------------------
     |
-                | Uses Sparkpost service for sending emails.
+        | Uses Sparkpost service for sending emails.
     |
     */
-    sparkpost: {
-      driver: 'sparkpost',
+    sparkpost: drivers.sparkpost({
       baseUrl: 'https://api.sparkpost.com/api/v1',
-      key: Env.get('SPARKPOST_API_KEY'),
-    },
+      key: env.get('SPARKPOST_API_KEY'),
+    }),
   },
-});
+})
+
+declare module '@adonisjs/mail/types' {
+  export interface MailersList extends InferMailers<typeof mailConfig> {}
+}
diff --git a/config/session.ts b/config/session.ts
index fbf8c7c..299eec3 100644
--- a/config/session.ts
+++ b/config/session.ts
@@ -5,11 +5,11 @@
  * file.
  */
 
-import Env from '@ioc:Adonis/Core/Env';
-import Application from '@ioc:Adonis/Core/Application';
-import { sessionConfig } from '@adonisjs/session/build/config';
+import env from '#start/env'
+import { app } from '@adonisjs/core/services/app'
+import { defineConfig } from '@adonisjs/session'
 
-export default sessionConfig({
+export default defineConfig({
   /*
   |--------------------------------------------------------------------------
   | Enable/Disable sessions
@@ -36,7 +36,7 @@ export default sessionConfig({
   | Note: Switching drivers will make existing sessions invalid.
   |
   */
-  driver: Env.get('SESSION_DRIVER', 'cookie'),
+  driver: env.get('SESSION_DRIVER', 'cookie'),
 
   /*
   |--------------------------------------------------------------------------
@@ -100,7 +100,7 @@ export default sessionConfig({
   |
   */
   file: {
-    location: Application.tmpPath('sessions'),
+    location: app.tmpPath('sessions'),
   },
 
   /*
@@ -113,4 +113,4 @@ export default sessionConfig({
   |
   */
   redisConnection: 'local',
-});
+})
diff --git a/config/shield.ts b/config/shield.ts
index 3566e1c..c88df25 100644
--- a/config/shield.ts
+++ b/config/shield.ts
@@ -1,243 +1,138 @@
-/**
- * Config source: https://git.io/Jvwvt
- *
- * Feel free to let us know via PR, if you find something broken in this config
- * file.
- */
+import env from '#start/env'
+import { defineConfig } from '@adonisjs/shield'
 
-import Env from '@ioc:Adonis/Core/Env';
-import { ShieldConfig } from '@ioc:Adonis/Addons/Shield';
+export default defineConfig({
+  csp: {
+    /*
+    |--------------------------------------------------------------------------
+    | Enable/disable CSP
+    |--------------------------------------------------------------------------
+    |
+    | The CSP rules are disabled by default for seamless onboarding.
+    |
+    */
+    enabled: false,
 
-/*
-|--------------------------------------------------------------------------
-| Content Security Policy
-|--------------------------------------------------------------------------
-|
-| Content security policy filters out the origins not allowed to execute
-| and load resources like scripts, styles and fonts. There are wide
-| variety of options to choose from.
-*/
-export const csp: ShieldConfig['csp'] = {
-  /*
-  |--------------------------------------------------------------------------
-  | Enable/disable CSP
-  |--------------------------------------------------------------------------
-  |
-  | The CSP rules are disabled by default for seamless onboarding.
-  |
-  */
-  enabled: false,
+    /*
+    |--------------------------------------------------------------------------
+    | Directives
+    |--------------------------------------------------------------------------
+    |
+    | All directives are defined in camelCase and here is the list of
+    | available directives and their possible values.
+    |
+    | https://content-security-policy.com
+    |
+    | @example
+    | directives: {
+    |   defaultSrc: ["'self'", '@nonce', 'cdnjs.cloudflare.com']
+    | }
+    |
+    */
+    directives: {},
 
-  /*
-  |--------------------------------------------------------------------------
-  | Directives
-  |--------------------------------------------------------------------------
-  |
-  | All directives are defined in camelCase and here is the list of
-  | available directives and their possible values.
-  |
-  | https://content-security-policy.com
-  |
-  | @example
-  | directives: {
-  |   defaultSrc: ["'self'", '@nonce', 'cdnjs.cloudflare.com']
-  | }
-  |
-  */
-  directives: {},
-
-  /*
-  |--------------------------------------------------------------------------
-  | Report only
-  |--------------------------------------------------------------------------
-  |
-  | Setting `reportOnly=true` will not block the scripts from running and
-  | instead report them to a URL.
-  |
-  */
-  reportOnly: false,
-};
-
-/*
-|--------------------------------------------------------------------------
-| CSRF Protection
-|--------------------------------------------------------------------------
-|
-| CSRF Protection adds another layer of security by making sure, actionable
-| routes does have a valid token to execute an action.
-|
-*/
-export const csrf: ShieldConfig['csrf'] = {
-  /*
-  |--------------------------------------------------------------------------
-  | Enable/Disable CSRF
-  |--------------------------------------------------------------------------
-  */
-  enabled: Env.get('NODE_ENV') === 'production',
-
-  /*
-  |--------------------------------------------------------------------------
-  | Routes to Ignore
-  |--------------------------------------------------------------------------
-  |
-  | Define an array of route patterns that you want to ignore from CSRF
-  | validation. Make sure the route patterns are started with a leading
-  | slash. Example:
-  |
-  | `/foo/bar`
-        |
-        | Also you can define a function that is evaluated on every HTTP Request.
-        | ```
-        |  exceptRoutes: ({ request }) => request.url().includes('/api')
-        | ```
-  |
-  */
-  exceptRoutes: ctx => {
-    // ignore all routes starting with /v1/ (api)
-    return (
-      ctx.request.url().includes('/v1/') ||
-      ctx.request.url().includes('/import')
-    );
+    /*
+    |--------------------------------------------------------------------------
+    | Report only
+    |--------------------------------------------------------------------------
+    |
+    | Setting `reportOnly=true` will not block the scripts from running and
+    | instead report them to a URL.
+    |
+    */
+    reportOnly: false,
   },
+  csrf: {
+    /*
+    |--------------------------------------------------------------------------
+    | Enable/Disable CSRF
+    |--------------------------------------------------------------------------
+    */
+    enabled: env.get('NODE_ENV') === 'production',
 
-  /*
-  |--------------------------------------------------------------------------
-  | Enable Sharing Token Via Cookie
-  |--------------------------------------------------------------------------
-  |
-  | When the following flag is enabled, AdonisJS will drop `XSRF-TOKEN`
-  | cookie that frontend frameworks can read and return back as a
-  | `X-XSRF-TOKEN` header.
-  |
-  | The cookie has `httpOnly` flag set to false, so it is little insecure and
-  | can be turned off when you are not using a frontend framework making
-  | AJAX requests.
-  |
-  */
-  enableXsrfCookie: true,
-
-  /*
-  |--------------------------------------------------------------------------
-  | Methods to Validate
-  |--------------------------------------------------------------------------
-  |
-  | Define an array of HTTP methods to be validated for a valid CSRF token.
-  |
-  */
-  methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
-};
-
-/*
-|--------------------------------------------------------------------------
-| DNS Prefetching
-|--------------------------------------------------------------------------
-|
-| DNS prefetching allows browsers to proactively perform domain name
-| resolution in background.
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
-|
-*/
-export const dnsPrefetch: ShieldConfig['dnsPrefetch'] = {
-  /*
-  |--------------------------------------------------------------------------
-  | Enable/disable this feature
-  |--------------------------------------------------------------------------
-  */
-  enabled: true,
+    /*
+    |--------------------------------------------------------------------------
+    | Routes to Ignore
+    |--------------------------------------------------------------------------
+    |
+    | Define an array of route patterns that you want to ignore from CSRF
+    | validation. Make sure the route patterns are started with a leading
+    | slash. Example:
+    |
+    | `/foo/bar`
+      |
+      | Also you can define a function that is evaluated on every HTTP Request.
+      | ```
+      |  exceptRoutes: ({ request }) => request.url().includes('/api')
+      | ```
+    |
+    */
+    exceptRoutes: (ctx) => {
+      // ignore all routes starting with /v1/ (api)
+      return ctx.request.url().includes('/v1/') || ctx.request.url().includes('/import')
+    },
 
-  /*
-  |--------------------------------------------------------------------------
-  | Allow or Dis-Allow Explicitly
-  |--------------------------------------------------------------------------
-  |
-  | The `enabled` boolean does not set `X-DNS-Prefetch-Control` header. However
-  | the `allow` boolean controls the value of `X-DNS-Prefetch-Control` header.
-  |
-  | - When `allow = true`, then `X-DNS-Prefetch-Control = 'on'`
-  | - When `allow = false`, then `X-DNS-Prefetch-Control = 'off'`
-  |
-  */
-  allow: true,
-};
+    /*
+    |--------------------------------------------------------------------------
+    | Enable Sharing Token Via Cookie
+    |--------------------------------------------------------------------------
+    |
+    | When the following flag is enabled, AdonisJS will drop `XSRF-TOKEN`
+    | cookie that frontend frameworks can read and return back as a
+    | `X-XSRF-TOKEN` header.
+    |
+    | The cookie has `httpOnly` flag set to false, so it is little insecure and
+    | can be turned off when you are not using a frontend framework making
+    | AJAX requests.
+    |
+    */
+    enableXsrfCookie: true,
 
-/*
-|--------------------------------------------------------------------------
-| Iframe Options
-|--------------------------------------------------------------------------
-|
-| xFrame defines whether or not your website can be embedded inside an
-| iframe. Choose from one of the following options.
-|
-| - DENY
-| - SAMEORIGIN
-| - ALLOW-FROM http://example.com
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-*/
-export const xFrame: ShieldConfig['xFrame'] = {
-  enabled: true,
-  action: 'DENY',
-};
-
-/*
-|--------------------------------------------------------------------------
-| Http Strict Transport Security
-|--------------------------------------------------------------------------
-|
-| A security to ensure that a browser always makes a connection over
-| HTTPS.
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
-|
-*/
-export const hsts: ShieldConfig['hsts'] = {
-  enabled: true,
-  /*
-  |--------------------------------------------------------------------------
-  | Max Age
-  |--------------------------------------------------------------------------
-  |
-  | Control, how long the browser should remember that a site is only to be
-  | accessed using HTTPS.
-  |
-  */
-  maxAge: '180 days',
-
-  /*
-  |--------------------------------------------------------------------------
-  | Include Subdomains
-  |--------------------------------------------------------------------------
-  |
-  | Apply rules on the subdomains as well.
-  |
-  */
-  includeSubDomains: true,
+    /*
+    |--------------------------------------------------------------------------
+    | Methods to Validate
+    |--------------------------------------------------------------------------
+    |
+    | Define an array of HTTP methods to be validated for a valid CSRF token.
+    |
+    */
+    methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
+  },
+  hsts: {
+    enabled: true,
+    /*
+    |--------------------------------------------------------------------------
+    | Max Age
+    |--------------------------------------------------------------------------
+    |
+    | Control, how long the browser should remember that a site is only to be
+    | accessed using HTTPS.
+    |
+    */
+    maxAge: '180 days',
 
-  /*
-  |--------------------------------------------------------------------------
-  | Preloading
-  |--------------------------------------------------------------------------
-  |
-  | Google maintains a service to register your domain and it will preload
-  | the HSTS policy. Learn more https://hstspreload.org/
-  |
-  */
-  preload: false,
-};
+    /*
+    |--------------------------------------------------------------------------
+    | Include Subdomains
+    |--------------------------------------------------------------------------
+    |
+    | Apply rules on the subdomains as well.
+    |
+    */
+    includeSubDomains: true,
 
-/*
-|--------------------------------------------------------------------------
-| No Sniff
-|--------------------------------------------------------------------------
-|
-| Browsers have a habit of sniffing content-type of a response. Which means
-| files with .txt extension containing Javascript code will be executed as
-| Javascript. You can disable this behavior by setting nosniff to false.
-|
-| Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
-|
-*/
-export const contentTypeSniffing: ShieldConfig['contentTypeSniffing'] = {
-  enabled: true,
-};
+    /*
+    |--------------------------------------------------------------------------
+    | Preloading
+    |--------------------------------------------------------------------------
+    |
+    | Google maintains a service to register your domain and it will preload
+    | the HSTS policy. Learn more https://hstspreload.org/
+    |
+    */
+    preload: false,
+  },
+  contentTypeSniffing: {
+    enabled: true,
+  },
+})
diff --git a/config/static.ts b/config/static.ts
index 1f7c88f..1d0d0c3 100644
--- a/config/static.ts
+++ b/config/static.ts
@@ -1,10 +1,10 @@
-import { AssetsConfig } from '@ioc:Adonis/Core/Static';
+import { defineConfig } from '@adonisjs/static'
 
-const staticConfig: AssetsConfig = {
+const staticConfig = defineConfig({
   enabled: true,
   dotFiles: 'ignore',
   etag: true,
   lastModified: true,
-};
+})
 
-export default staticConfig;
+export default staticConfig