Move our /api routes into /ajax under web.php. The /api routes werent authenticated and may not have been using the logged in users details
This commit is contained in:
parent
0083e9158b
commit
21a690c6dd
@ -10,7 +10,7 @@ use Illuminate\Support\Collection;
|
||||
|
||||
use App\Classes\LDAP\Server;
|
||||
|
||||
class APIController extends Controller
|
||||
class AjaxController extends Controller
|
||||
{
|
||||
/**
|
||||
* Get the LDAP server BASE DNs
|
||||
@ -17,7 +17,9 @@ class AllowAnonymous
|
||||
*/
|
||||
public function handle(Request $request,Closure $next): mixed
|
||||
{
|
||||
if (((! Cookie::has('username_encrypt')) || (! Cookie::has('password_encrypt'))) && (! config('pla.allow_guest',FALSE)))
|
||||
if ((! config('pla.allow_guest',FALSE))
|
||||
&& ($request->path() !== 'login')
|
||||
&& ((! Cookie::has('username_encrypt')) || (! Cookie::has('password_encrypt'))))
|
||||
return redirect()
|
||||
->to('/login');
|
||||
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Cookie\Middleware\EncryptCookies;
|
||||
use Illuminate\Foundation\Application;
|
||||
use Illuminate\Foundation\Configuration\Exceptions;
|
||||
use Illuminate\Foundation\Configuration\Middleware;
|
||||
@ -10,7 +9,6 @@ use App\Http\Middleware\{AllowAnonymous,ApplicationSession,CheckUpdate,SwapinAut
|
||||
return Application::configure(basePath: dirname(__DIR__))
|
||||
->withRouting(
|
||||
web: __DIR__.'/../routes/web.php',
|
||||
api: __DIR__.'/../routes/api.php',
|
||||
commands: __DIR__.'/../routes/console.php',
|
||||
health: '/up',
|
||||
)
|
||||
@ -18,19 +16,13 @@ return Application::configure(basePath: dirname(__DIR__))
|
||||
$middleware->appendToGroup(
|
||||
group: 'web',
|
||||
middleware: [
|
||||
AllowAnonymous::class,
|
||||
ApplicationSession::class,
|
||||
SwapinAuthUser::class,
|
||||
ViewVariables::class,
|
||||
CheckUpdate::class,
|
||||
]);
|
||||
|
||||
$middleware->prependToGroup('api', [
|
||||
EncryptCookies::class,
|
||||
ApplicationSession::class,
|
||||
SwapinAuthUser::class,
|
||||
AllowAnonymous::class,
|
||||
]);
|
||||
|
||||
$middleware->trustProxies(at: [
|
||||
'10.0.0.0/8',
|
||||
'127.0.0.0/8',
|
||||
|
||||
4
public/js/custom.js
vendored
4
public/js/custom.js
vendored
@ -59,7 +59,7 @@ $(document).ready(function() {
|
||||
if (typeof basedn !== 'undefined') {
|
||||
sources = basedn;
|
||||
} else {
|
||||
sources = { url: 'api/bases' };
|
||||
sources = { url: 'ajax/bases' };
|
||||
}
|
||||
|
||||
// Attach the fancytree widget to an existing <div id="tree"> element
|
||||
@ -95,7 +95,7 @@ $(document).ready(function() {
|
||||
source: sources,
|
||||
lazyLoad: function(event,data) {
|
||||
data.result = {
|
||||
url: '/api/children',
|
||||
url: '/ajax/children',
|
||||
data: {key: data.node.data.item,depth: 1}
|
||||
};
|
||||
|
||||
|
||||
@ -91,7 +91,7 @@
|
||||
// Get a list of attributes already on the page, so we dont double up
|
||||
$.ajax({
|
||||
method: 'POST',
|
||||
url: '{{ url('api/schema/objectclass/attrs') }}/'+item,
|
||||
url: '{{ url('ajax/schema/objectclass/attrs') }}/'+item,
|
||||
cache: false,
|
||||
success: function(data) {
|
||||
// Render any must attributes
|
||||
@ -156,7 +156,7 @@
|
||||
|
||||
$.ajax({
|
||||
method: 'POST',
|
||||
url: '{{ url('api/schema/objectclass/attrs') }}/'+item,
|
||||
url: '{{ url('ajax/schema/objectclass/attrs') }}/'+item,
|
||||
cache: false,
|
||||
success: function(data) {
|
||||
var attrs = [];
|
||||
|
||||
@ -58,7 +58,7 @@
|
||||
return false;
|
||||
|
||||
$.ajax({
|
||||
url: '{{ url('api/schema/view') }}',
|
||||
url: '{{ url('ajax/schema/view') }}',
|
||||
method: 'POST',
|
||||
data: { type: type },
|
||||
dataType: 'html',
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
use App\Http\Controllers\APIController;
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| API Routes
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| Here is where you can register API routes for your application. These
|
||||
| routes are loaded by the RouteServiceProvider within a group which
|
||||
| is assigned the "api" middleware group. Enjoy building your API!
|
||||
|
|
||||
*/
|
||||
|
||||
Route::controller(APIController::class)->group(function() {
|
||||
Route::get('bases','bases');
|
||||
Route::get('children','children');
|
||||
Route::post('schema/view','schema_view');
|
||||
Route::post('schema/objectclass/attrs/{id}','schema_objectclass_attrs');
|
||||
});
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
use App\Http\Controllers\HomeController;
|
||||
use App\Http\Controllers\{AjaxController,HomeController};
|
||||
use App\Http\Controllers\Auth\LoginController;
|
||||
use App\Http\Middleware\AllowAnonymous;
|
||||
|
||||
@ -57,4 +57,13 @@ Route::controller(HomeController::class)->group(function() {
|
||||
Route::view('modal/export/{dn}','modals.entry-export');
|
||||
Route::view('modal/userpassword-check/{dn}','modals.entry-userpassword-check');
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
Route::controller(AjaxController::class)
|
||||
->prefix('ajax')
|
||||
->group(function() {
|
||||
Route::get('bases','bases');
|
||||
Route::get('children','children');
|
||||
Route::post('schema/view','schema_view');
|
||||
Route::post('schema/objectclass/attrs/{id}','schema_objectclass_attrs');
|
||||
});
|
||||
Loading…
x
Reference in New Issue
Block a user