Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix a fallback route issue causing API calls to return unauth responses and not 404s

Browse source 
The fallback handler isn't scoped to a specific group, so the way this was setup caused requests to non-existent API routes to actually try and return the base view for Vue. This caused a mess of issues because that view is behind the middleware that expect sessions to be set, thus leading to very confusing authentication errors rather than a 404 response.
This commit is contained in:
Dane Everitt 2019-03-23 17:41:43 -07:00
parent 743ae040be
commit d59c38eb4e
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
2 changed files with 11 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/Providers/RouteServiceProvider.php
View file

@ -22,16 +22,16 @@ class RouteServiceProvider extends ServiceProvider
public function map() public function map()
{ {
Route::middleware(['web', 'auth', 'csrf']) Route::middleware(['web', 'auth', 'csrf'])
->namespace($this->namespace . '\Base') ->namespace($this->namespace . '\Base')
->group(base_path('routes/base.php')); ->group(base_path('routes/base.php'));
Route::middleware(['web', 'auth', 'admin', 'csrf'])->prefix('/admin') Route::middleware(['web', 'auth', 'admin', 'csrf'])->prefix('/admin')
->namespace($this->namespace . '\Admin') ->namespace($this->namespace . '\Admin')
->group(base_path('routes/admin.php')); ->group(base_path('routes/admin.php'));
Route::middleware(['web', 'csrf'])->prefix('/auth') Route::middleware(['web', 'csrf'])->prefix('/auth')
->namespace($this->namespace . '\Auth') ->namespace($this->namespace . '\Auth')
->group(base_path('routes/auth.php')); ->group(base_path('routes/auth.php'));
Route::middleware(['web', 'csrf', 'auth', 'server', 'subuser.auth', 'node.maintenance']) Route::middleware(['web', 'csrf', 'auth', 'server', 'subuser.auth', 'node.maintenance'])
->prefix('/api/server/{server}') ->prefix('/api/server/{server}')
@ -51,7 +51,7 @@ class RouteServiceProvider extends ServiceProvider
->group(base_path('routes/api-remote.php')); ->group(base_path('routes/api-remote.php'));
Route::middleware(['web', 'daemon-old'])->prefix('/daemon') Route::middleware(['web', 'daemon-old'])->prefix('/daemon')
->namespace($this->namespace . '\Daemon') ->namespace($this->namespace . '\Daemon')
->group(base_path('routes/daemon.php')); ->group(base_path('routes/daemon.php'));
} }
} }

17
routes/base.php
View file

@ -1,17 +1,8 @@
<?php <?php
Route::get('/', 'IndexController@index')->name('index'); Route::get('/', 'IndexController@index')->name('index')->fallback();
Route::get('/account', 'IndexController@index')->name('account'); Route::get('/account', 'IndexController@index')->name('account');
/*
|--------------------------------------------------------------------------
| Account Controller Routes
|--------------------------------------------------------------------------
|
| Endpoint: /account
|
*/
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Account API Controller Routes | Account API Controller Routes
@ -23,9 +14,7 @@ Route::get('/account', 'IndexController@index')->name('account');
Route::group(['prefix' => 'account/api'], function () { Route::group(['prefix' => 'account/api'], function () {
Route::get('/', 'ClientApiController@index')->name('account.api'); Route::get('/', 'ClientApiController@index')->name('account.api');
Route::get('/new', 'ClientApiController@create')->name('account.api.new'); Route::get('/new', 'ClientApiController@create')->name('account.api.new');
Route::post('/new', 'ClientApiController@store'); Route::post('/new', 'ClientApiController@store');
Route::delete('/revoke/{identifier}', 'ClientApiController@delete')->name('account.api.revoke'); Route::delete('/revoke/{identifier}', 'ClientApiController@delete')->name('account.api.revoke');
}); });
@ -43,5 +32,5 @@ Route::group(['prefix' => 'account/two_factor'], function () {
Route::post('/totp/disable', 'SecurityController@delete')->name('account.two_factor.disable'); Route::post('/totp/disable', 'SecurityController@delete')->name('account.two_factor.disable');
}); });
// Catch any other combinations of routes and pass them off to the Vuejs component. Route::get('/{vue}', 'IndexController@index')
Route::fallback('IndexController@index'); ->where('vue', '^(?!(\/)?(api|admin|daemon)).+');