remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: improve security, split routes, add API resources and FormRequests

Browse Source 
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
This commit is contained in:
root
2026-05-20 23:03:16 +02:00
parent 2f30a058a4
commit 75b78c17fa
26 changed files with 745 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/help-center.php
Executable
+31
View File
@@ -0,0 +1,31 @@
<?php
use App\Http\Controllers\Help\HelpCenterController;
use App\Http\Controllers\Help\TicketController;
use App\Http\Controllers\Help\TicketReplyController;
use App\Http\Controllers\Help\WebsiteRulesController;
use Illuminate\Support\Facades\Route;
// Help center
Route::prefix('help-center')->as('help-center.')->group(function () {
Route::get('/', HelpCenterController::class)->name('index')->withoutMiddleware(['auth', 'check.ban']);
Route::prefix('tickets')->as('ticket.')->middleware('auth')->withoutMiddleware('check.ban')->group(function () {
Route::get('/create', [TicketController::class, 'create'])->name('create');
Route::post('/store', [TicketController::class, 'store'])->name('store');
Route::get('/show/{ticket}', [TicketController::class, 'show'])->name('show');
Route::get('/edit/{ticket}', [TicketController::class, 'edit'])->name('edit');
Route::put('/edit/{ticket}', [TicketController::class, 'update'])->name('update');
Route::delete('/delete/{ticket}', [TicketController::class, 'destroy'])->name('destroy');
Route::put('/toggle-status/{ticket}', [TicketController::class, 'toggleTicketStatus'])->name('toggle-status');
Route::post('/reply/{ticket}/store', [TicketReplyController::class, 'store'])->name('reply.store')->middleware('throttle:30,1');
Route::delete('/reply/{reply}/delete', [TicketController::class, 'destroyReply'])->name('reply.destroy');
Route::get('/all', [TicketController::class, 'index'])->name('index');
});
Route::get('/rules', WebsiteRulesController::class)->name('rules.index')->withoutMiddleware('auth');
});