ro
4337a20fb8
API Security has been reworked to check if request is secure, verifies the API token created on site setup given to every member, and then confirms the system is accepting API requests by way of the API enabled toggle in settings API usage is now only meant for backend use, so this needs to be noted in the docs
76 lines
3.3 KiB
PHP
76 lines
3.3 KiB
PHP
<?php
|
|
|
|
namespace App\Http;
|
|
|
|
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
|
|
|
class Kernel extends HttpKernel
|
|
{
|
|
/**
|
|
* The application's global HTTP middleware stack.
|
|
*
|
|
* These middleware are run during every request to your application.
|
|
*
|
|
* @var array<int, class-string|string>
|
|
*/
|
|
protected $middleware = [
|
|
// \App\Http\Middleware\TrustHosts::class,
|
|
\App\Http\Middleware\TrustProxies::class,
|
|
\Illuminate\Http\Middleware\HandleCors::class,
|
|
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
|
|
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
|
\App\Http\Middleware\TrimStrings::class,
|
|
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
|
|
];
|
|
|
|
/**
|
|
* The application's route middleware groups.
|
|
*
|
|
* @var array<string, array<int, class-string|string>>
|
|
*/
|
|
protected $middlewareGroups = [
|
|
'web' => [
|
|
\App\Http\Middleware\EncryptCookies::class,
|
|
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
|
\Illuminate\Session\Middleware\StartSession::class,
|
|
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
|
\App\Http\Middleware\VerifyCsrfToken::class,
|
|
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
|
],
|
|
|
|
'api' => [
|
|
// \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
|
|
\Illuminate\Routing\Middleware\ThrottleRequests::class . ':api',
|
|
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
|
//added middleware so api has access to session data
|
|
\App\Http\Middleware\EncryptCookies::class,
|
|
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
|
\Illuminate\Session\Middleware\StartSession::class,
|
|
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
|
],
|
|
];
|
|
|
|
/**
|
|
* The application's middleware aliases.
|
|
*
|
|
* Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
|
|
*
|
|
* @var array<string, class-string|string>
|
|
*/
|
|
protected $middlewareAliases = [
|
|
'auth' => \App\Http\Middleware\Authenticate::class,
|
|
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
|
|
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
|
|
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
|
|
'can' => \Illuminate\Auth\Middleware\Authorize::class,
|
|
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
|
|
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
|
|
'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
|
|
'signed' => \App\Http\Middleware\ValidateSignature::class,
|
|
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
|
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
|
'member.check' => \App\Http\Middleware\MemberCheck::class,
|
|
'validate.key' => \App\Http\Middleware\ValidateAPIKey::class,
|
|
];
|
|
}
|