Files
root 39228168c8
API CI/CD / Validate (composer + pint) (push) Successful in 3m14s
API CI/CD / Test (PHPUnit) (push) Failing after 3m28s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 56s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
add school year and security fix
2026-07-06 00:55:01 -04:00

107 lines
4.5 KiB
PHP

<?php
use App\Http\Middleware\ApiDocsAuth;
use App\Http\Middleware\ApiJwtAuth;
use App\Http\Middleware\CleanupScheduler;
use App\Http\Middleware\EnsureAccountActive;
use App\Http\Middleware\EnsureBadgeScanLogsAccess;
use App\Http\Middleware\EnsureClassProgressTeacherPortalAccess;
use App\Http\Middleware\EnsureParentProgressAccess;
use App\Http\Middleware\EnsurePrintRequestsAdminAccess;
use App\Http\Middleware\EnsurePrintRequestsTeacherAccess;
use App\Http\Middleware\EnsureSchoolYearEditable;
use App\Http\Middleware\MultiAuth;
use App\Http\Middleware\PrimeTimezone;
use App\Http\Middleware\RequirePermission;
use App\Http\Middleware\SecurityHeaders;
use App\Http\Middleware\TeacherPortalAuthenticate;
use App\Services\ApplicationUrlService;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
use Illuminate\Http\Request;
use PHPOpenSourceSaver\JWTAuth\Http\Middleware\Authenticate;
use PHPOpenSourceSaver\JWTAuth\Http\Middleware\RefreshToken;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
api: __DIR__.'/../routes/api.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware): void {
$middleware->append(SecurityHeaders::class);
$middleware->alias([
// JWT auth
'jwt.auth' => Authenticate::class,
'jwt.refresh' => RefreshToken::class,
'api.jwt' => ApiJwtAuth::class,
// Multi-guard auth (both the new and legacy alias point at the same class)
'auth.multi' => MultiAuth::class,
'multi.auth' => MultiAuth::class,
// Account status
'account.active' => EnsureAccountActive::class,
// Permission / role gates
'perm' => RequirePermission::class,
'require.permission' => RequirePermission::class,
'admin.access' => EnsurePrintRequestsAdminAccess::class,
'parent.access' => EnsureParentProgressAccess::class,
'parent.progress' => EnsureParentProgressAccess::class,
'teacher.progress' => EnsureClassProgressTeacherPortalAccess::class,
'class_progress.teacher' => EnsureClassProgressTeacherPortalAccess::class,
'school_year.editable' => EnsureSchoolYearEditable::class,
'print_requests.teacher' => EnsurePrintRequestsTeacherAccess::class,
'print_requests.admin' => EnsurePrintRequestsAdminAccess::class,
'badge_scan.logs' => EnsureBadgeScanLogsAccess::class,
// Docs + teacher portal
'auth.docs' => ApiDocsAuth::class,
'teacher.portal.auth' => TeacherPortalAuthenticate::class,
// Utility
'timezone' => PrimeTimezone::class,
'prime.timezone' => PrimeTimezone::class,
'cleanup.scheduler' => CleanupScheduler::class,
]);
$middleware->redirectGuestsTo(function (Request $request) {
if ($request->is('api/*') || $request->expectsJson()) {
return null;
}
return app(ApplicationUrlService::class)->webLoginUrl();
});
})
->withExceptions(function (Exceptions $exceptions): void {
$exceptions->render(function (AuthenticationException $e, Request $request) {
if ($request->is('api/*') || $request->expectsJson()) {
return response()->json(['message' => 'Unauthorized.'], 401);
}
});
$exceptions->render(function (\Illuminate\Auth\Access\AuthorizationException $e, Request $request) {
if ($request->is('api/*') || $request->expectsJson()) {
return response()->json(['message' => $e->getMessage() ?: 'Forbidden.'], 403);
}
});
$exceptions->render(function (\Symfony\Component\HttpKernel\Exception\HttpExceptionInterface $e, Request $request) {
if ($request->is('api/*') || $request->expectsJson()) {
return response()->json(['message' => $e->getMessage() ?: 'Request failed.'], $e->getStatusCode());
}
});
$exceptions->render(function (\TypeError $e, Request $request) {
if ($request->is('api/*') || $request->expectsJson()) {
return response()->json(['message' => 'Resource not found.'], 404);
}
});
})->create();