remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
75b78c17fa957355ecd753062215092826936578
Atomcms-edit/routes/web.php
T
root 75b78c17fa refactor: improve security, split routes, add API resources and FormRequests 
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
2026-05-20 23:03:16 +02:00

62 lines
2.5 KiB
PHP
Executable File
Raw Blame History

<?php
use App\Http\Controllers\Miscellaneous\HomeController;
use App\Http\Controllers\Miscellaneous\InstallationController;
use App\Http\Controllers\Miscellaneous\LocaleController;
use App\Http\Controllers\Miscellaneous\MaintenanceController;
use App\Http\Controllers\User\BannedController;
use Illuminate\Support\Facades\Route;
// Language route
Route::get('/language/{locale}', LocaleController::class)->name('language.select');
// Installation routes
Route::prefix('installation')->controller(InstallationController::class)->group(function () {
Route::get('/', 'index')->name('installation.index');
Route::get('/step/{step}', 'showStep')->name('installation.show-step');
Route::post('/start-installation', 'storeInstallationKey')->name('installation.start-installation');
Route::post('/restart-installation', 'restartInstallation')->name('installation.restart');
Route::post('/previous-step', 'previousStep')->name('installation.previous-step');
Route::post('/save-step', 'saveStepSettings')->name('installation.save-step');
Route::post('/complete', 'completeInstallation')->name('installation.complete');
});
// All routes within this group is protected by maintenance, ban and 2FA middleware
Route::middleware(['maintenance', 'check.ban', 'force.staff.2fa'])->group(function () {
// Maintenance route
Route::get('/maintenance', MaintenanceController::class)->name('maintenance.show');
// Banned route
Route::get('/banned', BannedController::class)->name('banned.show');
// Home routes (guest only)
Route::middleware(['guest', 'throttle:60,1'])->withoutMiddleware('force.staff.2fa')->group(function () {
Route::get('/login', static fn () => to_route('welcome'))->name('login');
Route::get('/', HomeController::class)->name('welcome');
Route::get('/home', HomeController::class)->name('home');
});
// Logout route
Route::post('/logout', static function () {
auth()->guard('web')->logout();
session()->invalidate();
session()->regenerateToken();
return redirect('/');
})->name('logout');
// Authenticated routes
Route::middleware('auth')->group(function () {
require __DIR__ . '/user.php';
require __DIR__ . '/community.php';
require __DIR__ . '/shop.php';
require __DIR__ . '/help-center.php';
require __DIR__ . '/client.php';
require __DIR__ . '/admin.php';
});
// Auth routes (mixed guest/auth)
require __DIR__ . '/auth.php';
});
Reference in New Issue View Git Blame Copy Permalink