Pterodactyl-Panel/routes/auth.php

<?php

/*
|--------------------------------------------------------------------------
| Authentication Routes
|--------------------------------------------------------------------------
|
| Endpoint: /auth
|
*/
Route::group(['middleware' => 'guest'], function () {
    // These routes are defined so that we can continue to reference them programatically.
    // They all route to the same controller function which passes off to Vuejs.
    Route::get('/login', 'LoginController@index')->name('auth.login');
    Route::get('/password', 'LoginController@index')->name('auth.forgot-password');
    Route::get('/password/reset/{token}', 'LoginController@index')->name('auth.reset');

    // Apply a throttle to authentication action endpoints, in addition to the
    // recaptcha endpoints to slow down manual attack spammers even more. 🤷‍
    //
    // @see \Pterodactyl\Providers\RouteServiceProvider
    Route::middleware(['throttle:authentication'])->group(function () {
        // Login endpoints.
        Route::post('/login', 'LoginController@login')->middleware('recaptcha');
        Route::post('/login/checkpoint', 'LoginCheckpointController')->name('auth.login-checkpoint');

        // Forgot password route. A post to this endpoint will trigger an
        // email to be sent containing a reset token.
        Route::post('/password', 'ForgotPasswordController@sendResetLinkEmail')
            ->name('auth.post.forgot-password')
            ->middleware('recaptcha');
    });

    // Password reset routes. This endpoint is hit after going through
    // the forgot password routes to acquire a token (or after an account
    // is created).
    Route::post('/password/reset', 'ResetPasswordController')->name('auth.reset-password');

    // Catch any other combinations of routes and pass them off to the Vuejs component.
    Route::fallback('LoginController@index');
});

/*
|--------------------------------------------------------------------------
| Routes Accessible only when logged in
|--------------------------------------------------------------------------
|
| Endpoint: /auth
|
*/
Route::post('/logout', 'LoginController@logout')->name('auth.logout')->middleware('auth', 'csrf');
Add language switching support 2016-01-21 04:39:02 +01:00			`<?php`

Push updates to login page, mostly UI enhancements. 2017-11-18 22:09:58 +01:00			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Authentication Routes`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Endpoint: /auth`
			`\|`
			`*/`
			`Route::group(['middleware' => 'guest'], function () {`
Finalize login page! 2018-04-08 22:46:32 +02:00			`// These routes are defined so that we can continue to reference them programatically.`
			`// They all route to the same controller function which passes off to Vuejs.`
			`Route::get('/login', 'LoginController@index')->name('auth.login');`
			`Route::get('/password', 'LoginController@index')->name('auth.forgot-password');`
			`Route::get('/password/reset/{token}', 'LoginController@index')->name('auth.reset');`

Use more standardized rate limiting in Laravel; apply limits to auth routes 2021-10-23 21:17:16 +02:00			`// Apply a throttle to authentication action endpoints, in addition to the`
			`// recaptcha endpoints to slow down manual attack spammers even more. 🤷‍`
			`//`
			`// @see \Pterodactyl\Providers\RouteServiceProvider`
			`Route::middleware(['throttle:authentication'])->group(function () {`
			`// Login endpoints.`
			`Route::post('/login', 'LoginController@login')->middleware('recaptcha');`
			`Route::post('/login/checkpoint', 'LoginCheckpointController')->name('auth.login-checkpoint');`
Cleanup login/reset functionality, address security issue with 2FA pathways 2018-04-07 23:17:51 +02:00
Use more standardized rate limiting in Laravel; apply limits to auth routes 2021-10-23 21:17:16 +02:00			`// Forgot password route. A post to this endpoint will trigger an`
			`// email to be sent containing a reset token.`
			`Route::post('/password', 'ForgotPasswordController@sendResetLinkEmail')`
			`->name('auth.post.forgot-password')`
			`->middleware('recaptcha');`
			`});`
Cleanup login/reset functionality, address security issue with 2FA pathways 2018-04-07 23:17:51 +02:00
			`// Password reset routes. This endpoint is hit after going through`
			`// the forgot password routes to acquire a token (or after an account`
			`// is created).`
Fix recaptcha handling during login & password reset flows; closes #2064 2020-08-02 06:08:35 +02:00			`Route::post('/password/reset', 'ResetPasswordController')->name('auth.reset-password');`
Code cleanup 2018-04-08 23:00:52 +02:00
			`// Catch any other combinations of routes and pass them off to the Vuejs component.`
			`Route::fallback('LoginController@index');`
Push updates to login page, mostly UI enhancements. 2017-11-18 22:09:58 +01:00			`});`

			`/*`
			`\|--------------------------------------------------------------------------`
Spelling in comments 2018-05-13 17:10:51 +02:00			`\| Routes Accessible only when logged in`
Push updates to login page, mostly UI enhancements. 2017-11-18 22:09:58 +01:00			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Endpoint: /auth`
			`\|`
			`*/`
(security) use POST for logout rather than GET see https://github.com/pterodactyl/panel/security/advisories/GHSA-m49f-hcxp-6hm6 2021-10-23 22:00:21 +02:00			`Route::post('/logout', 'LoginController@logout')->name('auth.logout')->middleware('auth', 'csrf');`