remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
75b78c17fa957355ecd753062215092826936578
Atomcms-edit/routes/auth.php
T
root 75b78c17fa refactor: improve security, split routes, add API resources and FormRequests 
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
2026-05-20 23:03:16 +02:00

62 lines
2.9 KiB
PHP
Executable File
Raw Blame History

<?php
use App\Http\Controllers\Auth\SocialAuthController;
use Illuminate\Support\Facades\Route;
use Laravel\Fortify\Features;
use Laravel\Fortify\Http\Controllers\RegisteredUserController;
use App\Actions\Fortify\Controllers\TwoFactorAuthenticatedSessionController;
use App\Http\Controllers\User\ForgotPasswordController;
use App\Http\Controllers\User\UserReferralController;
// Social Login routes
Route::prefix('auth')->group(function () {
Route::get('/google', [SocialAuthController::class, 'redirect'])->name('auth.google');
Route::get('/google/callback', [SocialAuthController::class, 'callback'])->name('auth.google.callback');
Route::get('/discord', [SocialAuthController::class, 'redirect'])->name('auth.discord');
Route::get('/discord/callback', [SocialAuthController::class, 'callback'])->name('auth.discord.callback');
Route::get('/github', [SocialAuthController::class, 'redirect'])->name('auth.github');
Route::get('/github/callback', [SocialAuthController::class, 'callback'])->name('auth.github.callback');
Route::delete('/unlink/{provider}', [SocialAuthController::class, 'unlink'])->name('auth.unlink')->middleware('auth');
});
// Registration
Route::middleware(['guest', 'throttle:60,1'])->group(function () {
Route::get('/register', [RegisteredUserController::class, 'create']);
Route::post('/register', [RegisteredUserController::class, 'store'])->name('register');
Route::get('/register/{referral_code}', UserReferralController::class)->name('register.referral');
});
// Password reset
Route::middleware(['guest', 'throttle:60,1'])->group(function () {
Route::get('forgot-password', ForgotPasswordController::class)->name('forgot.password.get');
Route::post('forgot-password', [ForgotPasswordController::class, 'submitForgetPassword'])->name('forgot.password.post');
Route::get('reset-password/{token}', [ForgotPasswordController::class, 'showResetPassword'])->name('reset.password.get');
Route::post('reset-password/{token}', [ForgotPasswordController::class, 'submitResetPassword'])->name('reset.password.post');
});
// Two factor challenge login
Route::get('/two-factor-challenge', static fn () => view('auth.two-factor-challenge'))->name('two-factor.login');
// Email verification resend
Route::post('/email/verification-notification', static function () {
request()->user()->sendEmailVerificationNotification();
return back()->with('status', 'verification-link-sent');
})->middleware(['auth', 'throttle:6,1'])->name('verification.send');
// Two factor challenge with throttle
if (Features::enabled(Features::twoFactorAuthentication())) {
$twoFactorLimiter = config('fortify.limiters.two-factor');
Route::post('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'store'])
->middleware(
array_filter([
'guest:' . config('fortify.guard'),
$twoFactorLimiter ? 'throttle:' . $twoFactorLimiter : null,
]),
);
}
Reference in New Issue View Git Blame Copy Permalink