StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use more logical route binding to not reveal resources on the API unless authenticated.

Browse source
This commit is contained in:
Dane Everitt 2018-01-20 15:33:04 -06:00
parent 17544481b5
commit 3e327b8b0e
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 72 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/Http/Kernel.php
View file

@ -19,6 +19,7 @@ use Pterodactyl\Http\Middleware\AccessingValidServer;
use Illuminate\View\Middleware\ShareErrorsFromSession;
use Pterodactyl\Http\Middleware\RedirectIfAuthenticated;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser;
@ -68,7 +69,7 @@ class Kernel extends HttpKernel
],
'api' => [
'throttle:120,1',
SubstituteBindings::class,
ApiSubstituteBindings::class,
SetSessionDriver::class,
AuthenticateKey::class,
AuthenticateUser::class,