fix api security issues and update pages issue
This commit is contained in:
+13
-8
@@ -126,8 +126,8 @@ use App\Http\Controllers\Api\Staff\TimeOffNotificationController;
|
||||
use App\Http\Controllers\Api\System\AccessDeniedController;
|
||||
use App\Http\Controllers\Api\Certificates\CertificateController;
|
||||
// Public auth aliases without the `/v1` prefix.
|
||||
Route::post('login', [AuthController::class, 'login']);
|
||||
Route::post('register', [RegisterController::class, 'store']);
|
||||
Route::post('login', [AuthController::class, 'login'])->middleware('throttle:10,1');
|
||||
Route::post('register', [RegisterController::class, 'store'])->middleware('throttle:5,1');
|
||||
|
||||
/*
|
||||
| LanguageTool proxy for legacy and current clients.
|
||||
@@ -160,12 +160,15 @@ Route::prefix('winners/competitions')->group(function () {
|
||||
});
|
||||
|
||||
Route::get('confirm_authorized_user', [AuthorizedUserInviteController::class, 'confirm'])
|
||||
->middleware('throttle:20,1')
|
||||
->name('api.invite.confirm');
|
||||
Route::get('set_authorized_user_password/{authorizedUserId}', [AuthorizedUserInviteController::class, 'setPasswordForm'])
|
||||
->whereNumber('authorizedUserId')
|
||||
->middleware('throttle:20,1')
|
||||
->name('api.invite.set-password-form');
|
||||
Route::post('set_authorized_user_password/{authorizedUserId}', [AuthorizedUserInviteController::class, 'savePassword'])
|
||||
->whereNumber('authorizedUserId')
|
||||
->middleware('throttle:10,1')
|
||||
->name('api.invite.set-password');
|
||||
|
||||
/*
|
||||
@@ -184,13 +187,13 @@ Route::permanentRedirect('administrator/attendance-templates', '/api/v1/administ
|
||||
|
||||
Route::prefix('v1')->group(function () {
|
||||
// Public auth aliases without the `/auth` prefix.
|
||||
Route::post('login', [AuthController::class, 'login']);
|
||||
Route::post('register', [RegisterController::class, 'store']);
|
||||
Route::post('login', [AuthController::class, 'login'])->middleware('throttle:10,1');
|
||||
Route::post('register', [RegisterController::class, 'store'])->middleware('throttle:5,1');
|
||||
|
||||
Route::prefix('auth')->group(function () {
|
||||
Route::get('register/captcha', [RegisterController::class, 'captcha']);
|
||||
Route::post('register', [RegisterController::class, 'store']);
|
||||
Route::post('login', [AuthController::class, 'login']);
|
||||
Route::get('register/captcha', [RegisterController::class, 'captcha'])->middleware('throttle:30,1');
|
||||
Route::post('register', [RegisterController::class, 'store'])->middleware('throttle:5,1');
|
||||
Route::post('login', [AuthController::class, 'login'])->middleware('throttle:10,1');
|
||||
Route::post('refresh', [AuthController::class, 'refresh'])->middleware('jwt.auth');
|
||||
Route::post('logout', [AuthController::class, 'logout'])->middleware('auth:api');
|
||||
Route::get('me', [AuthController::class, 'me'])->middleware('auth:api');
|
||||
@@ -208,7 +211,7 @@ Route::prefix('v1')->group(function () {
|
||||
Route::post('contact', [PageController::class, 'submitContact']);
|
||||
});
|
||||
|
||||
Route::post('contact', [SupportContactController::class, 'send']);
|
||||
Route::post('contact', [SupportContactController::class, 'send'])->middleware('throttle:5,1');
|
||||
|
||||
/*
|
||||
| Badge scan kiosk (public, throttled). Logs: authenticated staff.
|
||||
@@ -1151,6 +1154,8 @@ Route::prefix('v1')->group(function () {
|
||||
|
||||
Route::prefix('grading')->group(function () {
|
||||
Route::get('overview', [GradingApiController::class, 'overview']);
|
||||
Route::get('decisions', [GradingApiController::class, 'allDecisions']);
|
||||
Route::post('decisions/generate', [GradingApiController::class, 'generateAllDecisions']);
|
||||
Route::get('scores/{type}/{classSectionId}/{studentId}', [GradingApiController::class, 'show']);
|
||||
Route::put('scores', [GradingApiController::class, 'update']);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user