Move generic ApiRoutes to a whitelisted routeprovider file

app/Foundation/Providers/RouteServiceProvider.php

@@ -15,8 +15,9 @@ use Barryvdh\Cors\HandleCors;
 use CachetHQ\Cachet\Http\Middleware\Acceptable;
 use CachetHQ\Cachet\Http\Middleware\Authenticate;
 use CachetHQ\Cachet\Http\Middleware\Timezone;
+use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
 use CachetHQ\Cachet\Http\Routes\AuthRoutes;
-use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes;
+use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes;
 use CachetHQ\Cachet\Http\Routes\SetupRoutes;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Cookie\Middleware\EncryptCookies;
@@ -52,7 +53,12 @@ class RouteServiceProvider extends ServiceProvider
      *
      * @var string[]
      */
-    protected $whitelistedAuthRoutes = [AuthRoutes::class, SetupRoutes::class, ApiRoutes::class];
+    protected $whitelistedAuthRoutes = [
+        AuthRoutes::class,
+        SetupRoutes::class,
+        ApiSystemRoutes::class,
+        ApiSetupRoutes::class
+    ];
 
     /**
      * Define the route model bindings, pattern filters, etc.

app/Http/Routes/ApiRoutes.php

@@ -41,10 +41,6 @@ class ApiRoutes
             'prefix'     => 'api/v1',
         ], function (Registrar $router) {
             $router->group(['middleware' => ['auth.api']], function (Registrar $router) {
-                $router->get('ping', 'GeneralController@ping');
-                $router->get('version', 'GeneralController@version');
-                $router->get('status', 'GeneralController@status');
-
                 $router->get('components', 'ComponentController@index');
                 $router->get('components/groups', 'ComponentGroupController@index');
                 $router->get('components/groups/{component_group}', 'ComponentGroupController@show');

app/Http/Routes/ApiSystemRoutes.php

@@ -0,0 +1,50 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Http\Routes;
+
+use Illuminate\Contracts\Routing\Registrar;
+
+/**
+ * This is the api routes class.
+ *
+ * @author James Brooks <james@alt-three.com>
+ */
+class ApiSystemRoutes
+{
+    /**
+     * Defines if these routes are for the browser.
+     *
+     * @var bool
+     */
+    public static $browser = false;
+
+    /**
+     * Define the api routes for the system status, ping and version.
+     *
+     * @param \Illuminate\Contracts\Routing\Registrar $router
+     *
+     * @return void
+     */
+    public function map(Registrar $router)
+    {
+        $router->group([
+            'namespace'  => 'Api',
+            'prefix'     => 'api/v1',
+        ], function (Registrar $router) {
+            $router->group(['middleware' => ['auth.api']], function (Registrar $router) {
+                $router->get('ping', 'GeneralController@ping');
+                $router->get('version', 'GeneralController@version');
+                $router->get('status', 'GeneralController@status');
+            });
+        });
+    }
+}

resources/assets/js/cachet.js

@@ -16,9 +16,6 @@ $(function () {
         beforeSend: function (xhr) {
             xhr.setRequestHeader('Accept', 'application/json');
             // xhr.setRequestHeader('Content-Type', 'application/json; charset=utf-8');
-          if (typeof window.apiKey !== 'undefined') {
-            xhr.setRequestHeader('X-Cachet-Token', window.apiKey);
-          }
         },
         statusCode: {
             401: function () {

resources/views/layout/dashboard.blade.php

@@ -62,7 +62,4 @@
 </body>
 @yield('js')
 <script src="{{ mix('dist/js/all.js') }}"></script>
-<script type="text/javascript">
-    window.apiKey = "{{ auth()->user()->api_key }}";
-</script>
 </html>