Page MenuHomePhorge
Files F117859610

D5304.1775318397.diff
No OneTemporary
Actions

Authored By
Unknown
Size
6 KB
Referenced Files
None
Subscribers
None

D5304.1775318397.diff
View Options

diff --git a/src/routes/api.php b/src/routes/api.php
--- a/src/routes/api.php
+++ b/src/routes/api.php
@@ -3,6 +3,9 @@
use App\Http\Controllers\API;
use Illuminate\Support\Facades\Route;
+Route::get('health/readiness', [API\V4\HealthController::class, 'readiness']);
+Route::get('health/liveness', [API\V4\HealthController::class, 'liveness']);
+
Route::post('oauth/approve', [API\AuthController::class, 'oauthApprove'])
->middleware(['auth:api']);
@@ -14,42 +17,12 @@
static function () {
Route::post('login', [API\AuthController::class, 'login']);
- Route::group(
- ['middleware' => ['auth:api', 'scope:api']],
- static function () {
- Route::get('info', [API\AuthController::class, 'info']);
- Route::post('info', [API\AuthController::class, 'info']);
- Route::get('location', [API\AuthController::class, 'location']);
- Route::post('logout', [API\AuthController::class, 'logout']);
- Route::post('refresh', [API\AuthController::class, 'refresh']);
- }
- );
- }
-);
-
-Route::group(
- [
- 'domain' => \config('app.website_domain'),
- 'middleware' => 'api',
- 'prefix' => 'auth',
- ],
- static function () {
Route::post('password-policy-check', [API\V4\PolicyController::class, 'checkPassword']);
-
Route::post('password-reset/init', [API\PasswordResetController::class, 'init']);
Route::post('password-reset/verify', [API\PasswordResetController::class, 'verify']);
Route::post('password-reset', [API\PasswordResetController::class, 'reset']);
- }
-);
-if (\config('app.with_signup')) {
- Route::group(
- [
- 'domain' => \config('app.website_domain'),
- 'middleware' => 'api',
- 'prefix' => 'auth',
- ],
- static function () {
+ if (\config('app.with_signup')) {
Route::get('signup/domains', [API\SignupController::class, 'domains']);
Route::post('signup/init', [API\SignupController::class, 'init']);
Route::get('signup/invitations/{id}', [API\SignupController::class, 'invitation']);
@@ -58,8 +31,19 @@
Route::post('signup/verify', [API\SignupController::class, 'verify']);
Route::post('signup', [API\SignupController::class, 'signup']);
}
- );
-}
+
+ Route::group(
+ ['middleware' => ['auth:api', 'scope:api']],
+ static function () {
+ Route::get('info', [API\AuthController::class, 'info']);
+ Route::post('info', [API\AuthController::class, 'info']);
+ Route::get('location', [API\AuthController::class, 'location']);
+ Route::post('logout', [API\AuthController::class, 'logout']);
+ Route::post('refresh', [API\AuthController::class, 'refresh']);
+ }
+ );
+ }
+);
Route::group(
[
@@ -80,26 +64,20 @@
if (\config('app.with_files')) {
Route::group(
[
- 'middleware' => ['auth:api', 'scope:fs,api'],
+ 'middleware' => ($middleware = ['auth:api', 'scope:fs,api']),
'prefix' => 'v4',
],
- static function () {
+ static function () use ($middleware) {
Route::apiResource('fs', API\V4\FsController::class);
Route::get('fs/{itemId}/permissions', [API\V4\FsController::class, 'getPermissions']);
Route::post('fs/{itemId}/permissions', [API\V4\FsController::class, 'createPermission']);
Route::put('fs/{itemId}/permissions/{id}', [API\V4\FsController::class, 'updatePermission']);
Route::delete('fs/{itemId}/permissions/{id}', [API\V4\FsController::class, 'deletePermission']);
- }
- );
- Route::group(
- [
- 'middleware' => [],
- 'prefix' => 'v4',
- ],
- static function () {
+
Route::post('fs/uploads/{id}', [API\V4\FsController::class, 'upload'])
- ->middleware(['api']);
- Route::get('fs/downloads/{id}', [API\V4\FsController::class, 'download']);
+ ->withoutMiddleware($middleware)->middleware(['api']);
+ Route::get('fs/downloads/{id}', [API\V4\FsController::class, 'download'])
+ ->withoutMiddleware($middleware);
}
);
}
@@ -144,16 +122,9 @@
Route::get('wallets/{id}/transactions', [API\V4\Admin\WalletsController::class, 'transactions']);
Route::get('stats/chart/{chart}', [API\V4\Admin\StatsController::class, 'chart']);
- }
- );
- Route::group(
- [
- 'domain' => 'admin.' . \config('app.website_domain'),
- 'prefix' => 'v4',
- ],
- static function () {
- Route::get('inspect-request', [API\V4\Admin\UsersController::class, 'inspectRequest']);
+ Route::get('inspect-request', [API\V4\Admin\UsersController::class, 'inspectRequest'])
+ ->withoutMiddleware(['auth:api', 'admin']);
}
);
}
@@ -340,6 +311,3 @@
}
);
}
-
-Route::get('health/readiness', [API\V4\HealthController::class, 'readiness']);
-Route::get('health/liveness', [API\V4\HealthController::class, 'liveness']);
diff --git a/src/tests/Feature/Controller/Admin/UsersTest.php b/src/tests/Feature/Controller/Admin/UsersTest.php
--- a/src/tests/Feature/Controller/Admin/UsersTest.php
+++ b/src/tests/Feature/Controller/Admin/UsersTest.php
@@ -65,6 +65,23 @@
$response->assertStatus(404);
}
+ /**
+ * Test inspect request (GET /api/v4/inspect-request)
+ */
+ public function testInspectRequest(): void
+ {
+ // No authentication required here
+ $this->get("api/v4/inspect-request")
+ ->assertStatus(200)
+ ->assertJson(function ($json) {
+ $json->hasAll(['ip', 'clientIps', 'isFromTrustedProxy', 'headers']);
+ });
+
+ // Normal users have no access to this end-point
+ self::useRegularUrl();
+ $this->get("api/v4/inspect-request")->assertStatus(404);
+ }
+
/**
* Test users searching (/api/v4/users)
*/

File Metadata

Mime Type
text/plain
Expires
Sat, Apr 4, 3:59 PM (30 m, 24 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18830282
Default Alt Text
D5304.1775318397.diff (6 KB)

Event Timeline