diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 5ec954d5..4d2f86d7 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -23,10 +23,26 @@ class Kernel extends HttpKernel protected $middleware = [ 'Fideloper\Proxy\TrustProxies', 'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode', - 'Illuminate\Cookie\Middleware\EncryptCookies', - 'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse', - 'Illuminate\Session\Middleware\StartSession', - 'Illuminate\View\Middleware\ShareErrorsFromSession', + + ]; + + /** + * The application's route middleware groups. + * + * @var array + */ + protected $middlewareGroups = [ + 'web' => [ + 'Illuminate\Cookie\Middleware\EncryptCookies', + 'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse', + 'Illuminate\Session\Middleware\StartSession', + 'Illuminate\View\Middleware\ShareErrorsFromSession', + 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken', + ], + 'api' => [ + 'CachetHQ\Cachet\Http\Middleware\Acceptable', + 'CachetHQ\Cachet\Http\Middleware\Timezone', + ], ]; /** @@ -35,19 +51,15 @@ class Kernel extends HttpKernel * @var array */ protected $routeMiddleware = [ - 'accept' => 'CachetHQ\Cachet\Http\Middleware\Acceptable', 'admin' => 'CachetHQ\Cachet\Http\Middleware\Admin', 'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting', 'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup', 'app.subscribers' => 'CachetHQ\Cachet\Http\Middleware\SubscribersConfigured', 'auth' => 'CachetHQ\Cachet\Http\Middleware\Authenticate', - 'auth.api' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate', - 'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth', 'auth.api.optional' => 'CachetHQ\Cachet\Http\Middleware\ApiOptionalAuthenticate', - 'csrf' => 'Illuminate\Foundation\Http\Middleware\VerifyCsrfToken', + 'auth.api.required' => 'CachetHQ\Cachet\Http\Middleware\ApiAuthenticate', 'guest' => 'CachetHQ\Cachet\Http\Middleware\RedirectIfAuthenticated', 'localize' => 'CachetHQ\Cachet\Http\Middleware\Localize', - 'timezone' => 'CachetHQ\Cachet\Http\Middleware\Timezone', 'throttling' => 'GrahamCampbell\Throttle\Http\Middleware\ThrottleMiddleware', ]; } diff --git a/app/Http/Middleware/Acceptable.php b/app/Http/Middleware/Acceptable.php index c54383e2..d958c5f3 100644 --- a/app/Http/Middleware/Acceptable.php +++ b/app/Http/Middleware/Acceptable.php @@ -21,13 +21,13 @@ class Acceptable * * @param \Illuminate\Http\Request $request * @param \Closure $next - * @param string $type + * @param string|null $type * * @return mixed */ - public function handle($request, Closure $next, $type) + public function handle($request, Closure $next, $type = null) { - if (!$request->accepts($type)) { + if (!$request->accepts($type ?: 'accept:application/json')) { throw new NotAcceptableHttpException(); } diff --git a/app/Http/Middleware/ApiAuthenticate.php b/app/Http/Middleware/ApiAuthenticate.php index 126ff679..709fb884 100644 --- a/app/Http/Middleware/ApiAuthenticate.php +++ b/app/Http/Middleware/ApiAuthenticate.php @@ -55,10 +55,6 @@ class ApiAuthenticate } catch (ModelNotFoundException $e) { throw new HttpException(401); } - } elseif ($request->getUser()) { - if ($this->auth->onceBasic() !== null) { - throw new HttpException(401); - } } else { throw new HttpException(401); } diff --git a/app/Http/Middleware/ApiOptionalAuthenticate.php b/app/Http/Middleware/ApiOptionalAuthenticate.php index dd43a243..0fb07a3a 100644 --- a/app/Http/Middleware/ApiOptionalAuthenticate.php +++ b/app/Http/Middleware/ApiOptionalAuthenticate.php @@ -54,10 +54,6 @@ class ApiOptionalAuthenticate } catch (ModelNotFoundException $e) { // } - } elseif ($request->getUser()) { - if ($this->auth->onceBasic() !== null) { - // - } } } diff --git a/app/Http/Routes/ApiRoutes.php b/app/Http/Routes/ApiRoutes.php index e0c8c55c..eee55c45 100644 --- a/app/Http/Routes/ApiRoutes.php +++ b/app/Http/Routes/ApiRoutes.php @@ -30,28 +30,25 @@ class ApiRoutes $router->group([ 'namespace' => 'Api', 'prefix' => 'api/v1', - 'middleware' => ['accept:application/json', 'timezone', 'auth.api.optional'], + 'middleware' => ['api'], ], function ($router) { - // General - $router->get('ping', 'GeneralController@ping'); + $router->group(['middleware' => ['auth.api.optional']], function ($router) { + $router->get('ping', 'GeneralController@ping'); - // Components - $router->get('components', 'ComponentController@getComponents'); - $router->get('components/groups', 'ComponentGroupController@getGroups'); - $router->get('components/groups/{component_group}', 'ComponentGroupController@getGroup'); - $router->get('components/{component}', 'ComponentController@getComponent'); + $router->get('components', 'ComponentController@getComponents'); + $router->get('components/groups', 'ComponentGroupController@getGroups'); + $router->get('components/groups/{component_group}', 'ComponentGroupController@getGroup'); + $router->get('components/{component}', 'ComponentController@getComponent'); - // Incidents - $router->get('incidents', 'IncidentController@getIncidents'); - $router->get('incidents/{incident}', 'IncidentController@getIncident'); + $router->get('incidents', 'IncidentController@getIncidents'); + $router->get('incidents/{incident}', 'IncidentController@getIncident'); - // Metrics - $router->get('metrics', 'MetricController@getMetrics'); - $router->get('metrics/{metric}', 'MetricController@getMetric'); - $router->get('metrics/{metric}/points', 'MetricController@getMetricPoints'); + $router->get('metrics', 'MetricController@getMetrics'); + $router->get('metrics/{metric}', 'MetricController@getMetric'); + $router->get('metrics/{metric}/points', 'MetricController@getMetricPoints'); + }); - // Authorization Required - $router->group(['middleware' => 'auth.api'], function ($router) { + $router->group(['middleware' => ['auth.api.required']], function ($router) { $router->get('subscribers', 'SubscriberController@getSubscribers'); $router->post('components', 'ComponentController@postComponents'); diff --git a/app/Http/Routes/AuthRoutes.php b/app/Http/Routes/AuthRoutes.php index 932fcb0f..7eb2d276 100644 --- a/app/Http/Routes/AuthRoutes.php +++ b/app/Http/Routes/AuthRoutes.php @@ -29,7 +29,7 @@ class AuthRoutes { $router->group([ 'as' => 'auth.', - 'middleware' => 'app.hasSetting', + 'middleware' => ['web', 'app.hasSetting'], 'prefix' => 'auth', 'setting' => 'app_name', ], function ($router) { @@ -40,7 +40,7 @@ class AuthRoutes ]); $router->post('login', [ - 'middleware' => ['guest', 'csrf', 'throttling:10,10'], + 'middleware' => ['guest', 'throttling:10,10'], 'uses' => 'AuthController@postLogin', ]); @@ -51,7 +51,7 @@ class AuthRoutes ]); $router->post('2fa', [ - 'middleware' => ['csrf', 'throttling:10,10'], + 'middleware' => ['throttling:10,10'], 'uses' => 'AuthController@postTwoFactor', ]); diff --git a/app/Http/Routes/DashboardRoutes.php b/app/Http/Routes/DashboardRoutes.php index d5062e7d..71abd86e 100644 --- a/app/Http/Routes/DashboardRoutes.php +++ b/app/Http/Routes/DashboardRoutes.php @@ -28,7 +28,7 @@ class DashboardRoutes public function map(Registrar $router) { $router->group([ - 'middleware' => 'auth', + 'middleware' => ['web', 'auth'], 'prefix' => 'dashboard', 'namespace' => 'Dashboard', 'as' => 'dashboard.', diff --git a/app/Http/Routes/FeedRoutes.php b/app/Http/Routes/FeedRoutes.php index ebdd2cc3..08c52e14 100644 --- a/app/Http/Routes/FeedRoutes.php +++ b/app/Http/Routes/FeedRoutes.php @@ -27,9 +27,8 @@ class FeedRoutes */ public function map(Registrar $router) { - // Prevent access until the app is setup. $router->group([ - 'middleware' => 'app.hasSetting', + 'middleware' => ['web', 'app.hasSetting'], 'setting' => 'app_name', ], function ($router) { $router->get('/atom/{component_group?}', [ diff --git a/app/Http/Routes/SetupRoutes.php b/app/Http/Routes/SetupRoutes.php index b490c016..aba0e3d0 100644 --- a/app/Http/Routes/SetupRoutes.php +++ b/app/Http/Routes/SetupRoutes.php @@ -27,7 +27,7 @@ class SetupRoutes */ public function map(Registrar $router) { - $router->group(['middleware' => ['app.isSetup', 'csrf']], function ($router) { + $router->group(['middleware' => ['web', 'app.isSetup']], function ($router) { $router->controller('setup', 'SetupController'); }); } diff --git a/app/Http/Routes/SignupRoutes.php b/app/Http/Routes/SignupRoutes.php index 6777d666..55eb40da 100644 --- a/app/Http/Routes/SignupRoutes.php +++ b/app/Http/Routes/SignupRoutes.php @@ -28,7 +28,7 @@ class SignupRoutes public function map(Registrar $router) { $router->group([ - 'middleware' => ['app.hasSetting', 'guest'], + 'middleware' => ['web', 'app.hasSetting', 'guest'], 'setting' => 'app_name', 'as' => 'signup.', ], function ($router) { diff --git a/app/Http/Routes/StatusPageRoutes.php b/app/Http/Routes/StatusPageRoutes.php index f289d7d2..a2764bae 100644 --- a/app/Http/Routes/StatusPageRoutes.php +++ b/app/Http/Routes/StatusPageRoutes.php @@ -28,7 +28,7 @@ class StatusPageRoutes public function map(Registrar $router) { $router->group([ - 'middleware' => ['app.hasSetting', 'localize'], + 'middleware' => ['web', 'app.hasSetting', 'localize'], 'setting' => 'app_name', ], function ($router) { $router->get('/', [ diff --git a/app/Http/Routes/SubscribeRoutes.php b/app/Http/Routes/SubscribeRoutes.php index 1638793d..23d5252c 100644 --- a/app/Http/Routes/SubscribeRoutes.php +++ b/app/Http/Routes/SubscribeRoutes.php @@ -28,7 +28,7 @@ class SubscribeRoutes public function map(Registrar $router) { $router->group([ - 'middleware' => ['app.hasSetting', 'localize'], + 'middleware' => ['web', 'app.hasSetting', 'localize'], 'setting' => 'app_name', 'as' => 'subscribe.', ], function ($router) {