remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: improve security, split routes, add API resources and FormRequests

Browse Source 
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
This commit is contained in:
root
2026-05-20 23:03:16 +02:00
parent 2f30a058a4
commit 75b78c17fa
26 changed files with 745 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/user.php
Executable
+45
View File
@@ -0,0 +1,45 @@
<?php
use App\Http\Controllers\User\AccountSettingsController;
use App\Http\Controllers\User\GuestbookController;
use App\Http\Controllers\User\MeController;
use App\Http\Controllers\User\PasswordSettingsController;
use App\Http\Controllers\User\PreferencesController;
use App\Http\Controllers\User\ProfileController;
use App\Http\Controllers\User\ReferralController;
use App\Http\Controllers\User\TwoFactorAuthenticationController;
use Illuminate\Support\Facades\Route;
// User routes
Route::prefix('user')->group(function () {
Route::get('/me', MeController::class)->name('me.show');
Route::get('/claim/referral-reward', ReferralController::class)->name('claim.referral-reward');
// Public profile
Route::withoutMiddleware('auth')->group(function () {
Route::get('/profile/{user:username}', ProfileController::class)->name('profile.show');
});
// Guestbook
Route::post('/profile/{user}/guestbook', [GuestbookController::class, 'store'])->name('guestbook.store');
Route::delete('/profile/{user}/{guestbook}/delete', [GuestbookController::class, 'destroy'])->name('guestbook.destroy');
// Settings
Route::prefix('settings')->group(function () {
Route::get('/account', [AccountSettingsController::class, 'edit'])->name('settings.account.show');
Route::put('/account', [AccountSettingsController::class, 'update'])->name('settings.account.update');
Route::get('/password', [PasswordSettingsController::class, 'edit'])->name('settings.password.show');
Route::put('/password', [PasswordSettingsController::class, 'update'])->name('settings.password.update');
Route::get('/session-logs', [AccountSettingsController::class, 'sessionLogs'])->name('settings.session-logs');
Route::get('/two-factor', [TwoFactorAuthenticationController::class, 'index'])->name('settings.two-factor');
Route::post('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'store'])->name('user.two-factor.enable');
Route::post('/2fa-verify', [TwoFactorAuthenticationController::class, 'verify'])->name('two-factor.verify');
Route::delete('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'destroy'])->name('user.two-factor.disable');
Route::get('/preferences', [PreferencesController::class, 'edit'])->name('settings.preferences.show');
Route::put('/preferences', [PreferencesController::class, 'update'])->name('settings.preferences.update');
});
});