From 2def94c958330ad267e1a1a8485c3c27fb34ddce Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Tue, 12 Jan 2016 21:50:43 -0500 Subject: [PATCH] Update routes to use CSRF protection --- app/Http/Routes/AdminRoutes.php | 15 ++++++++++----- app/Http/Routes/AuthRoutes.php | 3 ++- app/Http/Routes/BaseRoutes.php | 6 ++++-- app/Http/Routes/RestRoutes.php | 31 ------------------------------- app/Http/Routes/ServerRoutes.php | 3 ++- 5 files changed, 18 insertions(+), 40 deletions(-) delete mode 100644 app/Http/Routes/RestRoutes.php diff --git a/app/Http/Routes/AdminRoutes.php b/app/Http/Routes/AdminRoutes.php index 568cae4b0..2e22b5285 100644 --- a/app/Http/Routes/AdminRoutes.php +++ b/app/Http/Routes/AdminRoutes.php @@ -13,7 +13,8 @@ class AdminRoutes { 'as' => 'admin.index', 'middleware' => [ 'auth', - 'admin' + 'admin', + 'csrf' ], 'uses' => 'Admin\BaseController@getIndex' ]); @@ -22,7 +23,8 @@ class AdminRoutes { 'prefix' => 'admin/accounts', 'middleware' => [ 'auth', - 'admin' + 'admin', + 'csrf' ] ], function () use ($router) { @@ -66,7 +68,8 @@ class AdminRoutes { 'prefix' => 'admin/servers', 'middleware' => [ 'auth', - 'admin' + 'admin', + 'csrf' ] ], function () use ($router) { @@ -148,7 +151,8 @@ class AdminRoutes { 'prefix' => 'admin/nodes', 'middleware' => [ 'auth', - 'admin' + 'admin', + 'csrf' ] ], function () use ($router) { @@ -204,7 +208,8 @@ class AdminRoutes { 'prefix' => 'admin/locations', 'middleware' => [ 'auth', - 'admin' + 'admin', + 'csrf' ] ], function () use ($router) { $router->get('/', [ diff --git a/app/Http/Routes/AuthRoutes.php b/app/Http/Routes/AuthRoutes.php index fa6e9771c..944011cfc 100644 --- a/app/Http/Routes/AuthRoutes.php +++ b/app/Http/Routes/AuthRoutes.php @@ -12,7 +12,8 @@ class AuthRoutes { $router->group([ 'prefix' => 'auth', 'middleware' => [ - 'guest' + 'guest', + 'csrf' ] ], function () use ($router) { diff --git a/app/Http/Routes/BaseRoutes.php b/app/Http/Routes/BaseRoutes.php index 7081db9d4..16a3795df 100644 --- a/app/Http/Routes/BaseRoutes.php +++ b/app/Http/Routes/BaseRoutes.php @@ -31,7 +31,8 @@ class BaseRoutes { $router->group([ 'profix' => 'account', 'middleware' => [ - 'auth' + 'auth', + 'csrf' ] ], function () use ($router) { $router->get('account', [ @@ -50,7 +51,8 @@ class BaseRoutes { $router->group([ 'prefix' => 'account/totp', 'middleware' => [ - 'auth' + 'auth', + 'csrf' ] ], function () use ($router) { $router->get('/', [ diff --git a/app/Http/Routes/RestRoutes.php b/app/Http/Routes/RestRoutes.php deleted file mode 100644 index 0e98cc981..000000000 --- a/app/Http/Routes/RestRoutes.php +++ /dev/null @@ -1,31 +0,0 @@ -group([ - 'prefix' => 'api/v1', - 'middleware' => [ - 'api' - ] - ], function () use ($router) { - // Users endpoint for API - $router->group(['prefix' => 'users'], function () use ($router) { - // Returns all users - $router->get('/', [ - 'uses' => 'API\UserController@getAllUsers' - ]); - - // Return listing of user [with only specified fields] - $router->get('/{id}/{fields?}', [ - 'uses' => 'API\UserController@getUser' - ])->where('id', '[0-9]+'); - }); - }); - } - -} diff --git a/app/Http/Routes/ServerRoutes.php b/app/Http/Routes/ServerRoutes.php index 333bdacd6..a00ec390b 100644 --- a/app/Http/Routes/ServerRoutes.php +++ b/app/Http/Routes/ServerRoutes.php @@ -11,7 +11,8 @@ class ServerRoutes { 'prefix' => 'server/{server}', 'middleware' => [ 'auth', - 'server' + 'server', + 'csrf' ] ], function ($server) use ($router) { // Index View for Server