Changeset View
Changeset View
Standalone View
Standalone View
src/routes/api.php
Show First 20 Lines • Show All 51 Lines • ▼ Show 20 Lines | function () { | ||||
Route::post('signup/init', [API\SignupController::class, 'init']); | Route::post('signup/init', [API\SignupController::class, 'init']); | ||||
Route::get('signup/invitations/{id}', [API\SignupController::class, 'invitation']); | Route::get('signup/invitations/{id}', [API\SignupController::class, 'invitation']); | ||||
Route::get('signup/plans', [API\SignupController::class, 'plans']); | Route::get('signup/plans', [API\SignupController::class, 'plans']); | ||||
Route::post('signup/verify', [API\SignupController::class, 'verify']); | Route::post('signup/verify', [API\SignupController::class, 'verify']); | ||||
Route::post('signup', [API\SignupController::class, 'signup']); | Route::post('signup', [API\SignupController::class, 'signup']); | ||||
} | } | ||||
); | ); | ||||
/* | |||||
* Reduced privileges for 2fa | |||||
* | |||||
* With just a qr-code + login you can register a new 2fa device and use it, but not access the API with the qr-code only. | |||||
Lint: Generic.Files.LineLength.TooLong: Line exceeds 120 characters; contains 122 characters | |||||
*/ | |||||
Route::group( | Route::group( | ||||
[ | [ | ||||
'domain' => \config('app.website_domain'), | 'domain' => \config('app.website_domain'), | ||||
'middleware' => 'auth:api', | 'middleware' => ['auth:api', 'scope:mfa,api'], | ||||
'prefix' => 'v4' | 'prefix' => 'v4' | ||||
], | ], | ||||
function () { | function () { | ||||
Route::post('companion/register', [API\V4\CompanionAppsController::class, 'register']); | |||||
Route::post('auth-attempts/{id}/confirm', [API\V4\AuthAttemptsController::class, 'confirm']); | Route::post('auth-attempts/{id}/confirm', [API\V4\AuthAttemptsController::class, 'confirm']); | ||||
Route::post('auth-attempts/{id}/deny', [API\V4\AuthAttemptsController::class, 'deny']); | Route::post('auth-attempts/{id}/deny', [API\V4\AuthAttemptsController::class, 'deny']); | ||||
Route::get('auth-attempts/{id}/details', [API\V4\AuthAttemptsController::class, 'details']); | Route::get('auth-attempts/{id}/details', [API\V4\AuthAttemptsController::class, 'details']); | ||||
Route::get('auth-attempts', [API\V4\AuthAttemptsController::class, 'index']); | Route::get('auth-attempts', [API\V4\AuthAttemptsController::class, 'index']); | ||||
Route::get('companion/pairing', [API\V4\CompanionAppsController::class, 'pairing']); | |||||
Route::apiResource('companion', API\V4\CompanionAppsController::class); | |||||
Route::post('companion/register', [API\V4\CompanionAppsController::class, 'register']); | Route::post('companion/register', [API\V4\CompanionAppsController::class, 'register']); | ||||
Route::post('companion/revoke', [API\V4\CompanionAppsController::class, 'revokeAll']); | } | ||||
); | |||||
/* | |||||
* Pairing a new 2fa device should only be possible if: | |||||
* * You have a backup 2fa qr-code | |||||
* * You generated a new 2fa qr-code | |||||
* * (Require to login again?) | |||||
*/ | |||||
// Route::group( | |||||
// [ | |||||
// 'domain' => \config('app.website_domain'), | |||||
// 'middleware' => ['auth:api-no2fa', 'scopes:2fa'], | |||||
// 'prefix' => 'v4' | |||||
// ], | |||||
// function () { | |||||
// Route::post('companion/register', [API\V4\CompanionAppsController::class, 'register']); | |||||
// } | |||||
// ); | |||||
//TODO creating a new QR code should only be possible after requiring a login again. Or maybe that should be when pairing? | |||||
Lint: Generic.Files.LineLength.TooLong Line exceeds 120 characters; contains 122 characters Lint: Generic.Files.LineLength.TooLong: Line exceeds 120 characters; contains 122 characters | |||||
Route::group( | |||||
[ | |||||
'domain' => \config('app.website_domain'), | |||||
'middleware' => ['auth:api', 'scope:api'], | |||||
'prefix' => 'v4' | |||||
], | |||||
function () { | |||||
// This is used from webmail | |||||
Route::apiResource('companions', API\V4\CompanionAppsController::class); | |||||
// This must not be accessible with the 2fa token, | |||||
// to prevent an attacker from pairing a new device with a stolen token. | |||||
Route::get('companions/{id}/pairing', [API\V4\CompanionAppsController::class, 'pairing']); | |||||
// Route::post('companions/revoke', [API\V4\CompanionAppsController::class, 'revokeAll']); | |||||
Route::apiResource('domains', API\V4\DomainsController::class); | Route::apiResource('domains', API\V4\DomainsController::class); | ||||
Route::get('domains/{id}/confirm', [API\V4\DomainsController::class, 'confirm']); | Route::get('domains/{id}/confirm', [API\V4\DomainsController::class, 'confirm']); | ||||
Route::get('domains/{id}/skus', [API\V4\DomainsController::class, 'skus']); | Route::get('domains/{id}/skus', [API\V4\DomainsController::class, 'skus']); | ||||
Route::get('domains/{id}/status', [API\V4\DomainsController::class, 'status']); | Route::get('domains/{id}/status', [API\V4\DomainsController::class, 'status']); | ||||
Route::post('domains/{id}/config', [API\V4\DomainsController::class, 'setConfig']); | Route::post('domains/{id}/config', [API\V4\DomainsController::class, 'setConfig']); | ||||
if (\config('app.with_files')) { | if (\config('app.with_files')) { | ||||
▲ Show 20 Lines • Show All 188 Lines • Show Last 20 Lines |
Line exceeds 120 characters; contains 122 characters