feat: Add SVG QR code generation and fix GD backend issue

- Add generateSvg() and generateBase64Svg() methods to QrCodeGenerator
- Add generateTotpQrCodeSvg() and generateTotpQrCodeBase64Svg() methods to MFA class
- Fix QrCodeGenerator to use correct bacon-qr-code API:
  - Use GDLibRenderer for GD extension instead of non-existent GdImageBackEnd
  - Use ImageRenderer with ImagickImageBackEnd for Imagick
- Add comprehensive test coverage for SVG QR code generation
- Update facade annotations with new SVG methods
- Maintain backward compatibility with existing PNG generation

The bacon-qr-code library has two rendering approaches:
1. ImageRenderer with ImageBackEndInterface implementations (SVG, Imagick)
2. GDLibRenderer for direct GD usage

This fixes the issue where GdImageBackEnd class doesn't exist in the library.

Author: anwarx4u

src/Facades/MFA.php

@@ -12,9 +12,14 @@
  *
  * @method static array setupTotp(\Illuminate\Contracts\Auth\Authenticatable $user, ?string $issuer = null, ?string $label = null)
  * @method static bool verifyTotp(\Illuminate\Contracts\Auth\Authenticatable $user, string $code)
- * @method static ?\CodingLibs\MFA\Models\MfaChallenge issueChallenge(\Illuminate\Contracts\Auth\Authenticatable $user, string $method)
+ * @method static ?\CodingLibs\MFA\Models\MfaChallenge issueChallenge(\Illuminate\Contracts\Auth\Authenticatable $user, string $method, bool $send = true)
+ * @method static ?\CodingLibs\MFA\Models\MfaChallenge generateChallenge(\Illuminate\Contracts\Auth\Authenticatable $user, string $method)
  * @method static void registerChannel(\CodingLibs\MFA\Contracts\MfaChannel $channel)
+ * @method static void registerChannelFromConfig(string $type, array $config)
+ * @method static ?\CodingLibs\MFA\Contracts\MfaChannel getChannel(string $name)
  * @method static ?string generateTotpQrCodeBase64(\Illuminate\Contracts\Auth\Authenticatable $user, ?string $issuer = null, ?string $label = null, int $size = 200)
+ * @method static ?string generateTotpQrCodeSvg(\Illuminate\Contracts\Auth\Authenticatable $user, ?string $issuer = null, ?string $label = null, int $size = 200)
+ * @method static ?string generateTotpQrCodeBase64Svg(\Illuminate\Contracts\Auth\Authenticatable $user, ?string $issuer = null, ?string $label = null, int $size = 200)
  * @method static bool verifyChallenge(\Illuminate\Contracts\Auth\Authenticatable $user, string $method, string $code)
  * @method static bool isRememberEnabled()
  * @method static string getRememberCookieName()

src/MFA.php

@@ -188,6 +188,38 @@ public function generateTotpQrCodeBase64(Authenticatable $user, ?string $issuer
         return QrCodeGenerator::generateBase64Png($otpauth, $size);
     }
 
+    public function generateTotpQrCodeSvg(Authenticatable $user, ?string $issuer = null, ?string $label = null, int $size = 200): ?string
+    {
+        $method = $this->getMethod($user, 'totp');
+        if (! $method || ! $method->secret) {
+            return null;
+        }
+
+        $issuer = $issuer ?: Arr::get($this->config, 'totp.issuer', 'Laravel');
+        $label = $label ?: (method_exists($user, 'getEmailForVerification') ? $user->getEmailForVerification() : ($user->email ?? (string) $user->getAuthIdentifier()));
+        $digits = Arr::get($this->config, 'totp.digits', 6);
+        $period = Arr::get($this->config, 'totp.period', 30);
+
+        $otpauth = GoogleTotp::buildOtpAuthUrl($method->secret, $label, $issuer, $digits, $period);
+        return QrCodeGenerator::generateSvg($otpauth, $size);
+    }
+
+    public function generateTotpQrCodeBase64Svg(Authenticatable $user, ?string $issuer = null, ?string $label = null, int $size = 200): ?string
+    {
+        $method = $this->getMethod($user, 'totp');
+        if (! $method || ! $method->secret) {
+            return null;
+        }
+
+        $issuer = $issuer ?: Arr::get($this->config, 'totp.issuer', 'Laravel');
+        $label = $label ?: (method_exists($user, 'getEmailForVerification') ? $user->getEmailForVerification() : ($user->email ?? (string) $user->getAuthIdentifier()));
+        $digits = Arr::get($this->config, 'totp.digits', 6);
+        $period = Arr::get($this->config, 'totp.period', 30);
+
+        $otpauth = GoogleTotp::buildOtpAuthUrl($method->secret, $label, $issuer, $digits, $period);
+        return QrCodeGenerator::generateBase64Svg($otpauth, $size);
+    }
+
     public function verifyChallenge(Authenticatable $user, string $method, string $code): bool
     {
         $now = Carbon::now();

src/Support/QrCodeGenerator.php

@@ -4,8 +4,9 @@
 
 use BaconQrCode\Renderer\Color\Rgb;
 use BaconQrCode\Renderer\ImageRenderer;
-use BaconQrCode\Renderer\Image\GdImageBackEnd;
+use BaconQrCode\Renderer\GDLibRenderer;
 use BaconQrCode\Renderer\Image\ImagickImageBackEnd;
+use BaconQrCode\Renderer\Image\SvgImageBackEnd;
 use BaconQrCode\Renderer\Module\SquareModule;
 use BaconQrCode\Renderer\RendererStyle\Fill;
 use BaconQrCode\Renderer\RendererStyle\RendererStyle;
@@ -14,6 +15,14 @@
 class QrCodeGenerator
 {
     public static function generateBase64Png(string $text, int $size = 200): string
+    {
+        $renderer = self::selectRenderer($size);
+        $writer = new Writer($renderer);
+        $pngData = $writer->writeString($text);
+        return 'data:image/png;base64,' . base64_encode($pngData);
+    }
+
+    public static function generateSvg(string $text, int $size = 200): string
     {
         $renderer = new ImageRenderer(
             new RendererStyle(
@@ -24,22 +33,43 @@ public static function generateBase64Png(string $text, int $size = 200): string
                 Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(0, 0, 0)),
                 SquareModule::instance()
             ),
-            self::selectImageBackEnd()
+            new SvgImageBackEnd()
         );
 
         $writer = new Writer($renderer);
-        $pngData = $writer->writeString($text);
-        return 'data:image/png;base64,' . base64_encode($pngData);
+        return $writer->writeString($text);
+    }
+
+    public static function generateBase64Svg(string $text, int $size = 200): string
+    {
+        $svgData = self::generateSvg($text, $size);
+        return 'data:image/svg+xml;base64,' . base64_encode($svgData);
     }
 
-    private static function selectImageBackEnd()
+    private static function selectRenderer(int $size)
     {
         if (class_exists(\Imagick::class)) {
-            return new ImagickImageBackEnd();
+            return new ImageRenderer(
+                new RendererStyle(
+                    $size,
+                    0,
+                    null,
+                    null,
+                    Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(0, 0, 0)),
+                    SquareModule::instance()
+                ),
+                new ImagickImageBackEnd()
+            );
         }
 
         if (extension_loaded('gd')) {
-            return new GdImageBackEnd();
+            return new GDLibRenderer(
+                $size,
+                4, // margin
+                'png', // image format
+                9, // compression quality
+                Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(0, 0, 0))
+            );
         }
 
         throw new \RuntimeException('No image backend available: install Imagick or enable GD.');

tests/Feature/SvgQrCodeTest.php

@@ -0,0 +1,136 @@
+<?php
+
+use CodingLibs\MFA\MFA;
+use CodingLibs\MFA\Support\QrCodeGenerator;
+use Illuminate\Contracts\Auth\Authenticatable;
+
+class SvgQrCodeTestFakeUser implements Authenticatable
+{
+    public function __construct(public int|string $id, public ?string $email = null) {}
+    public function getAuthIdentifierName() { return 'id'; }
+    public function getAuthIdentifier() { return $this->id; }
+    public function getAuthPassword() { return ''; }
+    public function getAuthPasswordName() { return 'password'; }
+    public function getRememberToken() { return null; }
+    public function setRememberToken($value): void {}
+    public function getRememberTokenName() { return 'remember_token'; }
+    public function getEmailForVerification() { return $this->email; }
+}
+
+it('generates SVG QR code for TOTP', function () {
+    $user = new SvgQrCodeTestFakeUser(4001, 'user@example.com');
+    $mfa = app(MFA::class);
+
+    $result = $mfa->setupTotp($user, 'TestApp', 'user@example.com');
+    expect($result)->toHaveKeys(['secret', 'otpauth_url']);
+
+    $svg = $mfa->generateTotpQrCodeSvg($user, 'TestApp', 'user@example.com', 200);
+    
+    expect($svg)->toBeString();
+    expect($svg)->toContain('<svg');
+    expect($svg)->toContain('xmlns="http://www.w3.org/2000/svg"');
+    expect($svg)->toContain('width="200"');
+    expect($svg)->toContain('height="200"');
+    expect($svg)->toContain('</svg>');
+});
+
+it('generates base64 encoded SVG QR code for TOTP', function () {
+    $user = new SvgQrCodeTestFakeUser(4002, 'user2@example.com');
+    $mfa = app(MFA::class);
+
+    $result = $mfa->setupTotp($user, 'TestApp', 'user2@example.com');
+    expect($result)->toHaveKeys(['secret', 'otpauth_url']);
+
+    $base64Svg = $mfa->generateTotpQrCodeBase64Svg($user, 'TestApp', 'user2@example.com', 200);
+    
+    expect($base64Svg)->toBeString();
+    expect($base64Svg)->toStartWith('data:image/svg+xml;base64,');
+    
+    // Decode and verify it's valid SVG
+    $decodedSvg = base64_decode(substr($base64Svg, 26)); // Remove data:image/svg+xml;base64,
+    expect($decodedSvg)->toContain('<svg');
+    expect($decodedSvg)->toContain('</svg>');
+});
+
+it('returns null for SVG generation when TOTP not set up', function () {
+    $user = new SvgQrCodeTestFakeUser(4003, 'user3@example.com');
+    $mfa = app(MFA::class);
+
+    $svg = $mfa->generateTotpQrCodeSvg($user);
+    expect($svg)->toBeNull();
+
+    $base64Svg = $mfa->generateTotpQrCodeBase64Svg($user);
+    expect($base64Svg)->toBeNull();
+});
+
+it('generates SVG with custom size', function () {
+    $user = new SvgQrCodeTestFakeUser(4004, 'user4@example.com');
+    $mfa = app(MFA::class);
+
+    $result = $mfa->setupTotp($user, 'TestApp', 'user4@example.com');
+    expect($result)->toHaveKeys(['secret', 'otpauth_url']);
+
+    $svg = $mfa->generateTotpQrCodeSvg($user, 'TestApp', 'user4@example.com', 300);
+    
+    expect($svg)->toBeString();
+    expect($svg)->toContain('width="300"');
+    expect($svg)->toContain('height="300"');
+});
+
+it('QrCodeGenerator generates raw SVG', function () {
+    $testText = 'otpauth://totp/TestApp:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=TestApp';
+    
+    $svg = QrCodeGenerator::generateSvg($testText, 200);
+    
+    expect($svg)->toBeString();
+    expect($svg)->toContain('<svg');
+    expect($svg)->toContain('xmlns="http://www.w3.org/2000/svg"');
+    expect($svg)->toContain('width="200"');
+    expect($svg)->toContain('height="200"');
+    expect($svg)->toContain('</svg>');
+});
+
+it('QrCodeGenerator generates base64 encoded SVG', function () {
+    $testText = 'otpauth://totp/TestApp:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=TestApp';
+    
+    $base64Svg = QrCodeGenerator::generateBase64Svg($testText, 200);
+    
+    expect($base64Svg)->toBeString();
+    expect($base64Svg)->toStartWith('data:image/svg+xml;base64,');
+    
+    // Decode and verify it's valid SVG
+    $decodedSvg = base64_decode(substr($base64Svg, 26));
+    expect($decodedSvg)->toContain('<svg');
+    expect($decodedSvg)->toContain('</svg>');
+});
+
+it('SVG QR codes are scalable and contain proper viewBox', function () {
+    $user = new SvgQrCodeTestFakeUser(4005, 'user5@example.com');
+    $mfa = app(MFA::class);
+
+    $result = $mfa->setupTotp($user, 'TestApp', 'user5@example.com');
+    expect($result)->toHaveKeys(['secret', 'otpauth_url']);
+
+    $svg = $mfa->generateTotpQrCodeSvg($user, 'TestApp', 'user5@example.com', 200);
+    
+    expect($svg)->toContain('viewBox="0 0 200 200"');
+    
+    // Test with different size
+    $svg300 = $mfa->generateTotpQrCodeSvg($user, 'TestApp', 'user5@example.com', 300);
+    expect($svg300)->toContain('viewBox="0 0 300 300"');
+});
+
+it('SVG QR codes work in HTML img tags', function () {
+    $user = new SvgQrCodeTestFakeUser(4006, 'user6@example.com');
+    $mfa = app(MFA::class);
+
+    $result = $mfa->setupTotp($user, 'TestApp', 'user6@example.com');
+    expect($result)->toHaveKeys(['secret', 'otpauth_url']);
+
+    $base64Svg = $mfa->generateTotpQrCodeBase64Svg($user, 'TestApp', 'user6@example.com', 200);
+    
+    // This should work in an HTML img tag
+    $html = '<img src="' . $base64Svg . '" alt="QR Code" />';
+    expect($html)->toContain('data:image/svg+xml;base64,');
+    expect($html)->toContain('<img');
+});