84 lines
3.5 KiB
PHP
84 lines
3.5 KiB
PHP
<?php
|
|
|
|
use App\Http\Middleware\ApiDocsAuth;
|
|
use App\Http\Middleware\ApiJwtAuth;
|
|
use App\Http\Middleware\CleanupScheduler;
|
|
use App\Http\Middleware\EnsureBadgeScanLogsAccess;
|
|
use App\Http\Middleware\EnsureClassProgressTeacherPortalAccess;
|
|
use App\Http\Middleware\EnsureParentProgressAccess;
|
|
use App\Http\Middleware\EnsurePrintRequestsAdminAccess;
|
|
use App\Http\Middleware\EnsurePrintRequestsTeacherAccess;
|
|
use App\Http\Middleware\EnsureSchoolYearEditable;
|
|
use App\Http\Middleware\MultiAuth;
|
|
use App\Http\Middleware\PrimeTimezone;
|
|
use App\Http\Middleware\RequirePermission;
|
|
use App\Http\Middleware\SecurityHeaders;
|
|
use App\Http\Middleware\TeacherPortalAuthenticate;
|
|
use App\Services\ApplicationUrlService;
|
|
use Illuminate\Auth\AuthenticationException;
|
|
use Illuminate\Foundation\Application;
|
|
use Illuminate\Foundation\Configuration\Exceptions;
|
|
use Illuminate\Foundation\Configuration\Middleware;
|
|
use Illuminate\Http\Request;
|
|
use PHPOpenSourceSaver\JWTAuth\Http\Middleware\Authenticate;
|
|
use PHPOpenSourceSaver\JWTAuth\Http\Middleware\RefreshToken;
|
|
|
|
return Application::configure(basePath: dirname(__DIR__))
|
|
->withRouting(
|
|
web: __DIR__.'/../routes/web.php',
|
|
api: __DIR__.'/../routes/api.php',
|
|
commands: __DIR__.'/../routes/console.php',
|
|
health: '/up',
|
|
)
|
|
->withMiddleware(function (Middleware $middleware): void {
|
|
$middleware->append(SecurityHeaders::class);
|
|
|
|
$middleware->alias([
|
|
// JWT auth
|
|
'jwt.auth' => Authenticate::class,
|
|
'jwt.refresh' => RefreshToken::class,
|
|
'api.jwt' => ApiJwtAuth::class,
|
|
|
|
// Multi-guard auth (both the new and legacy alias point at the same class)
|
|
'auth.multi' => MultiAuth::class,
|
|
'multi.auth' => MultiAuth::class,
|
|
|
|
// Permission / role gates
|
|
'perm' => RequirePermission::class,
|
|
'require.permission' => RequirePermission::class,
|
|
'admin.access' => EnsurePrintRequestsAdminAccess::class,
|
|
'parent.access' => EnsureParentProgressAccess::class,
|
|
'parent.progress' => EnsureParentProgressAccess::class,
|
|
'teacher.progress' => EnsureClassProgressTeacherPortalAccess::class,
|
|
'class_progress.teacher' => EnsureClassProgressTeacherPortalAccess::class,
|
|
'school_year.editable' => EnsureSchoolYearEditable::class,
|
|
'print_requests.teacher' => EnsurePrintRequestsTeacherAccess::class,
|
|
'print_requests.admin' => EnsurePrintRequestsAdminAccess::class,
|
|
'badge_scan.logs' => EnsureBadgeScanLogsAccess::class,
|
|
|
|
// Docs + teacher portal
|
|
'auth.docs' => ApiDocsAuth::class,
|
|
'teacher.portal.auth' => TeacherPortalAuthenticate::class,
|
|
|
|
// Utility
|
|
'timezone' => PrimeTimezone::class,
|
|
'prime.timezone' => PrimeTimezone::class,
|
|
'cleanup.scheduler' => CleanupScheduler::class,
|
|
]);
|
|
|
|
$middleware->redirectGuestsTo(function (Request $request) {
|
|
if ($request->is('api/*') || $request->expectsJson()) {
|
|
return null;
|
|
}
|
|
|
|
return app(ApplicationUrlService::class)->webLoginUrl();
|
|
});
|
|
})
|
|
->withExceptions(function (Exceptions $exceptions): void {
|
|
$exceptions->render(function (AuthenticationException $e, Request $request) {
|
|
if ($request->is('api/*') || $request->expectsJson()) {
|
|
return response()->json(['message' => 'Unauthorized.'], 401);
|
|
}
|
|
});
|
|
})->create();
|