Move our /api routes into /ajax under web.php. The /api routes werent authenticated and may not have been using the logged in users details

2025-04-26 15:48:27 +10:00 · 2025-04-26 15:48:27 +10:00 · b6dbaed606
commit b6dbaed606
parent 5f8eb2bb91
8 changed files with 21 additions and 41 deletions
--- a/app/Http/Controllers/AjaxController.php
+++ b/app/Http/Controllers/AjaxController.php
@ -10,7 +10,7 @@ use Illuminate\Support\Collection;
 use App\Classes\LDAP\Server;
-class APIController extends Controller
+class AjaxController extends Controller
 {
 	/**
 	 * Get the LDAP server BASE DNs
--- a/app/Http/Middleware/AllowAnonymous.php
+++ b/app/Http/Middleware/AllowAnonymous.php
@ -17,7 +17,9 @@ class AllowAnonymous
 	 */
 	public function handle(Request $request,Closure $next): mixed
 	{
-		if (((! Cookie::has('username_encrypt')) || (! Cookie::has('password_encrypt'))) && (! config('pla.allow_guest',FALSE)))
+		if ((! config('pla.allow_guest',FALSE))
 			&& ($request->path() !== 'login')
 			&& ((! Cookie::has('username_encrypt')) || (! Cookie::has('password_encrypt'))))
 			return redirect()
 				->to('/login');
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@ -1,6 +1,5 @@
 <?php
 use Illuminate\Cookie\Middleware\EncryptCookies;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
@ -10,7 +9,6 @@ use App\Http\Middleware\{AllowAnonymous,ApplicationSession,CheckUpdate,SwapinAut
 return Application::configure(basePath: dirname(__DIR__))
 	->withRouting(
 		web: __DIR__.'/../routes/web.php',
 		api: __DIR__.'/../routes/api.php',
 		commands: __DIR__.'/../routes/console.php',
 		health: '/up',
 	)
@ -18,19 +16,13 @@ return Application::configure(basePath: dirname(__DIR__))
 		$middleware->appendToGroup(
 			group: 'web',
 			middleware: [
 				AllowAnonymous::class,
 				ApplicationSession::class,
 				SwapinAuthUser::class,
 				ViewVariables::class,
 				CheckUpdate::class,
 			]);
 		$middleware->prependToGroup('api', [
 			EncryptCookies::class,
 			ApplicationSession::class,
 			SwapinAuthUser::class,
 			AllowAnonymous::class,
 		]);
 		$middleware->trustProxies(at: [
 			'10.0.0.0/8',
 			'127.0.0.0/8',
--- a/public/js/custom.js
+++ b/public/js/custom.js
@ -59,7 +59,7 @@ $(document).ready(function() {
 	if (typeof basedn !== 'undefined') {
 		sources = basedn;
 	} else {
-		sources = { url: 'api/bases' };
+		sources = { url: 'ajax/bases' };
 	}
 	// Attach the fancytree widget to an existing <div id="tree"> element
@ -95,7 +95,7 @@ $(document).ready(function() {
 		source: sources,
 		lazyLoad: function(event,data) {
 			data.result = {
-				url: '/api/children',
+				url: '/ajax/children',
 				data: {key: data.node.data.item,depth: 1}
 			};
--- a/resources/views/components/attribute/widget/options.blade.php
+++ b/resources/views/components/attribute/widget/options.blade.php
@ -91,7 +91,7 @@
 									// Get a list of attributes already on the page, so we dont double up
 									$.ajax({
 										method: 'POST',
-										url: '{{ url('api/schema/objectclass/attrs') }}/'+item,
+										url: '{{ url('ajax/schema/objectclass/attrs') }}/'+item,
 										cache: false,
 										success: function(data) {
 											// Render any must attributes
@ -156,7 +156,7 @@
 										$.ajax({
 											method: 'POST',
-											url: '{{ url('api/schema/objectclass/attrs') }}/'+item,
+											url: '{{ url('ajax/schema/objectclass/attrs') }}/'+item,
 											cache: false,
 											success: function(data) {
 												var attrs = [];
--- a/resources/views/frames/schema.blade.php
+++ b/resources/views/frames/schema.blade.php
@ -58,7 +58,7 @@
 					return false;
 				$.ajax({
-					url: '{{ url('api/schema/view') }}',
+					url: '{{ url('ajax/schema/view') }}',
 					method: 'POST',
 					data: { type: type },
 					dataType: 'html',
--- a/routes/api.php
+++ b/routes/api.php
@ -1,23 +0,0 @@
 <?php
 use Illuminate\Support\Facades\Route;
 use App\Http\Controllers\APIController;
 /*
 |--------------------------------------------------------------------------
 | API Routes
 |--------------------------------------------------------------------------
 |
 | Here is where you can register API routes for your application. These
 | routes are loaded by the RouteServiceProvider within a group which
 | is assigned the "api" middleware group. Enjoy building your API!
 |
 */
 Route::controller(APIController::class)->group(function() {
 	Route::get('bases','bases');
 	Route::get('children','children');
 	Route::post('schema/view','schema_view');
 	Route::post('schema/objectclass/attrs/{id}','schema_objectclass_attrs');
 });
--- a/routes/web.php
+++ b/routes/web.php
@ -2,7 +2,7 @@
 use Illuminate\Support\Facades\Route;
-use App\Http\Controllers\HomeController;
+use App\Http\Controllers\{AjaxController,HomeController};
 use App\Http\Controllers\Auth\LoginController;
 use App\Http\Middleware\AllowAnonymous;
@ -57,4 +57,13 @@ Route::controller(HomeController::class)->group(function() {
 		Route::view('modal/export/{dn}','modals.entry-export');
 		Route::view('modal/userpassword-check/{dn}','modals.entry-userpassword-check');
 	});
-});
+});
 Route::controller(AjaxController::class)
 	->prefix('ajax')
 	->group(function() {
 		Route::get('bases','bases');
 		Route::get('children','children');
 		Route::post('schema/view','schema_view');
 		Route::post('schema/objectclass/attrs/{id}','schema_objectclass_attrs');
 	});