soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

stage 1 of oauth removal, switch to sanctum pat tokens

Browse Source
This commit is contained in:
Codex Agent
2025-11-06 20:35:58 +01:00
parent c9783bd57b
commit 776da57ca9
47 changed files with 1571 additions and 2555 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
routes/api.php
View File

@@ -15,6 +15,7 @@ use App\Http\Controllers\Api\Tenant\ProfileController;
use App\Http\Controllers\Api\Tenant\SettingsController;
use App\Http\Controllers\Api\Tenant\TaskCollectionController;
use App\Http\Controllers\Api\Tenant\TaskController;
use App\Http\Controllers\Api\Tenant\TenantAdminTokenController;
use App\Http\Controllers\Api\Tenant\TenantFeedbackController;
use App\Http\Controllers\Api\TenantBillingController;
use App\Http\Controllers\Api\TenantPackageController;
@@ -36,6 +37,23 @@ Route::prefix('v1')->name('api.v1.')->group(function () {
Route::post('/oauth/token', [OAuthController::class, 'token'])->name('oauth.token');
});
Route::prefix('tenant-auth')->name('tenant-auth.')->group(function () {
Route::post('/login', [TenantAdminTokenController::class, 'store'])
->middleware('throttle:tenant-auth')
->name('login');
Route::middleware([EncryptCookies::class, AddQueuedCookiesToResponse::class, StartSession::class])->group(function () {
Route::post('/exchange', [TenantAdminTokenController::class, 'exchange'])
->middleware('throttle:tenant-auth')
->name('exchange');
});
Route::middleware(['auth:sanctum', 'tenant.admin'])->group(function () {
Route::post('/logout', [TenantAdminTokenController::class, 'destroy'])->name('logout');
Route::get('/me', [TenantAdminTokenController::class, 'me'])->name('me');
});
});
Route::middleware('throttle:100,1')->group(function () {
Route::get('/events/{token}', [EventPublicController::class, 'event'])->name('events.show');
Route::get('/events/{token}/stats', [EventPublicController::class, 'stats'])->name('events.stats');
@@ -61,7 +79,7 @@ Route::prefix('v1')->name('api.v1.')->group(function () {
->name('gallery.photos.asset');
});
Route::middleware(['tenant.token', 'tenant.isolation', 'throttle:tenant-api'])->prefix('tenant')->group(function () {
Route::middleware(['auth:sanctum', 'tenant.admin', 'tenant.isolation', 'throttle:tenant-api'])->prefix('tenant')->group(function () {
Route::get('profile', [ProfileController::class, 'show'])->name('tenant.profile.show');
Route::put('profile', [ProfileController::class, 'update'])->name('tenant.profile.update');
Route::get('onboarding', [OnboardingController::class, 'show'])->name('tenant.onboarding.show');