remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a7bd30fd34cf7f1a601418770755ac274897aaa9
Atomcms-edit/routes/web.php
T
root 4094f0fb14 Fix 40+ codebase issues: security, performance, duplication, dead code, and routes 
HIGH:
- Add missing import RadioSongRequestFormRequest (fixes crash on POST)
- Add Purify XSS sanitization for article full_story
- Fix duplicate radio API routes (/api/radio vs /api/radio/v2)
- Add try-catch guards in InstallationController for missing records

MEDIUM:
- Fix N+1: eager load comments.user in ArticleController::show()
- Fix GuestbookController authorization logic
- Remove dead doSetup() method and duplicate route
- Extract shared HasRadioDefaults trait (remove code duplication)
- Use named routes in ForceStaffTwoFactorMiddleware
- Fix WebsiteHelpCenterTicket::isOpen() (no permission leak)
- Enable  on WebsiteHelpCenterTicket (matches schema)
- Replace WebsiteTeam::all()->pluck() with direct pluck()
- Replace CatalogPage::all()->pluck() with direct pluck()
- Replace WebsiteBadge::all() with direct pluck()
- Add throttle middleware to guestbook store, logo-generator, radio embed

LOW:
- Remove unused imports
- Remove dead /inertia-test route
- Consolidate cache keys in RadioController
2026-06-08 18:56:34 +02:00

61 lines
2.6 KiB
PHP
Executable File
Raw Blame History

<?php
use App\Http\Controllers\Auth\LoginRedirectController;
use App\Http\Controllers\Auth\LogoutController;
use App\Http\Controllers\Miscellaneous\HomeController;
use App\Http\Controllers\Miscellaneous\InstallationController;
use App\Http\Controllers\Miscellaneous\LocaleController;
use App\Http\Controllers\Miscellaneous\MaintenanceController;
use App\Http\Controllers\User\BannedController;
use Illuminate\Support\Facades\Route;
// Radio embed (public, no auth required)
Route::get('/radio/embed', [\App\Http\Controllers\Radio\EmbedController::class, 'show'])->name('radio.embed')->middleware('throttle:60,1');
// Language route
Route::get('/language/{locale}', LocaleController::class)->name('language.select');
// Installation routes
Route::prefix('installation')->controller(InstallationController::class)->group(function () {
Route::get('/', 'index')->name('installation.index');
Route::get('/step/{step}', 'showStep')->name('installation.show-step');
Route::post('/start-installation', 'storeInstallationKey')->name('installation.start-installation');
Route::post('/restart-installation', 'restartInstallation')->name('installation.restart');
Route::post('/previous-step', 'previousStep')->name('installation.previous-step');
Route::post('/save-step', 'saveStepSettings')->name('installation.save-step');
Route::post('/complete', 'completeInstallation')->name('installation.complete');
});
// All routes within this group is protected by maintenance, ban and 2FA middleware
Route::middleware(['maintenance', 'check.ban', 'force.staff.2fa'])->group(function () {
// Maintenance route
Route::get('/maintenance', MaintenanceController::class)->name('maintenance.show');
// Banned route
Route::get('/banned', BannedController::class)->name('banned.show');
// Home routes (guest only)
Route::middleware(['guest', 'throttle:60,1'])->withoutMiddleware('force.staff.2fa')->group(function () {
Route::get('/login', LoginRedirectController::class)->name('login');
Route::get('/', HomeController::class)->name('welcome');
Route::get('/home', HomeController::class)->name('home');
});
// Logout route
Route::post('/logout', LogoutController::class)->name('logout');
// Authenticated routes
Route::middleware('auth')->group(function () {
require __DIR__ . '/user.php';
require __DIR__ . '/community.php';
require __DIR__ . '/shop.php';
require __DIR__ . '/help-center.php';
require __DIR__ . '/client.php';
require __DIR__ . '/admin.php';
});
// Auth routes (mixed guest/auth)
require __DIR__ . '/auth.php';
});
Reference in New Issue View Git Blame Copy Permalink