1
1
mirror of https://github.com/pterodactyl/panel.git synced 2024-11-25 18:42:31 +01:00

Update routes to use CSRF protection

This commit is contained in:
Dane Everitt 2016-01-12 21:50:43 -05:00
parent 98b3355158
commit 2def94c958
5 changed files with 18 additions and 40 deletions

View File

@ -13,7 +13,8 @@ class AdminRoutes {
'as' => 'admin.index',
'middleware' => [
'auth',
'admin'
'admin',
'csrf'
],
'uses' => 'Admin\BaseController@getIndex'
]);
@ -22,7 +23,8 @@ class AdminRoutes {
'prefix' => 'admin/accounts',
'middleware' => [
'auth',
'admin'
'admin',
'csrf'
]
], function () use ($router) {
@ -66,7 +68,8 @@ class AdminRoutes {
'prefix' => 'admin/servers',
'middleware' => [
'auth',
'admin'
'admin',
'csrf'
]
], function () use ($router) {
@ -148,7 +151,8 @@ class AdminRoutes {
'prefix' => 'admin/nodes',
'middleware' => [
'auth',
'admin'
'admin',
'csrf'
]
], function () use ($router) {
@ -204,7 +208,8 @@ class AdminRoutes {
'prefix' => 'admin/locations',
'middleware' => [
'auth',
'admin'
'admin',
'csrf'
]
], function () use ($router) {
$router->get('/', [

View File

@ -12,7 +12,8 @@ class AuthRoutes {
$router->group([
'prefix' => 'auth',
'middleware' => [
'guest'
'guest',
'csrf'
]
], function () use ($router) {

View File

@ -31,7 +31,8 @@ class BaseRoutes {
$router->group([
'profix' => 'account',
'middleware' => [
'auth'
'auth',
'csrf'
]
], function () use ($router) {
$router->get('account', [
@ -50,7 +51,8 @@ class BaseRoutes {
$router->group([
'prefix' => 'account/totp',
'middleware' => [
'auth'
'auth',
'csrf'
]
], function () use ($router) {
$router->get('/', [

View File

@ -1,31 +0,0 @@
<?php
namespace Pterodactyl\Http\Routes;
use Illuminate\Routing\Router;
class RestRoutes {
public function map(Router $router) {
$router->group([
'prefix' => 'api/v1',
'middleware' => [
'api'
]
], function () use ($router) {
// Users endpoint for API
$router->group(['prefix' => 'users'], function () use ($router) {
// Returns all users
$router->get('/', [
'uses' => 'API\UserController@getAllUsers'
]);
// Return listing of user [with only specified fields]
$router->get('/{id}/{fields?}', [
'uses' => 'API\UserController@getUser'
])->where('id', '[0-9]+');
});
});
}
}

View File

@ -11,7 +11,8 @@ class ServerRoutes {
'prefix' => 'server/{server}',
'middleware' => [
'auth',
'server'
'server',
'csrf'
]
], function ($server) use ($router) {
// Index View for Server