Skip to content

Commit b0d5a2a

Browse files
soyukasoyuka
committedOct 4, 2024
fix(laravel): register global middleware to secure non-rest routes
·
v4.1.0v4.0.3
1 parent 6d4e248 commit b0d5a2a

File tree

2 files changed

+18
-9
lines changed

2 files changed

+18
-9
lines changed
 

‎src/Laravel/ApiPlatformProvider.php

+16-5
Original file line numberDiff line numberDiff line change
@@ -1261,6 +1261,7 @@ public function boot(ResourceNameCollectionFactoryInterface $resourceNameCollect
12611261
return;
12621262
}
12631263

1264+
$globalMiddlewares = $config->get('api-platform.routes.middleware');
12641265
$routeCollection = new RouteCollection();
12651266
foreach ($resourceNameCollectionFactory->create() as $resourceClass) {
12661267
foreach ($resourceMetadataFactory->create($resourceClass) as $resourceMetadata) {
@@ -1273,7 +1274,7 @@ public function boot(ResourceNameCollectionFactoryInterface $resourceNameCollect
12731274
->setDefaults(['_api_operation_name' => $operation->getName(), '_api_resource_class' => $operation->getClass()]);
12741275

12751276
$route->middleware(ApiPlatformMiddleware::class.':'.$operation->getName());
1276-
$route->middleware($config->get('api-platform.routes.middleware'));
1277+
$route->middleware($globalMiddlewares);
12771278
$route->middleware($operation->getMiddleware());
12781279

12791280
$routeCollection->add($route);
@@ -1283,20 +1284,26 @@ public function boot(ResourceNameCollectionFactoryInterface $resourceNameCollect
12831284

12841285
$prefix = $config->get('api-platform.defaults.route_prefix') ?? '';
12851286
$route = new Route(['GET'], $prefix.'/contexts/{shortName?}{_format?}', [ContextAction::class, '__invoke']);
1286-
$route->name('api_jsonld_context')->middleware(ApiPlatformMiddleware::class);
1287+
$route->name('api_jsonld_context');
1288+
$route->middleware(ApiPlatformMiddleware::class);
1289+
$route->middleware($globalMiddlewares);
12871290
$routeCollection->add($route);
12881291
$route = new Route(['GET'], $prefix.'/docs{_format?}', function (Request $request, Application $app) {
12891292
$documentationAction = $app->make(DocumentationController::class);
12901293

12911294
return $documentationAction->__invoke($request);
12921295
});
1293-
$route->name('api_doc')->middleware(ApiPlatformMiddleware::class);
1296+
$route->name('api_doc');
1297+
$route->middleware(ApiPlatformMiddleware::class);
1298+
$route->middleware($globalMiddlewares);
12941299
$routeCollection->add($route);
12951300

12961301
$route = new Route(['GET'], $prefix.'/.well-known/genid/{id}', function (): void {
12971302
throw new NotExposedHttpException('This route is not exposed on purpose. It generates an IRI for a collection resource without identifier nor item operation.');
12981303
});
1299-
$route->name('api_genid')->middleware(ApiPlatformMiddleware::class);
1304+
$route->name('api_genid');
1305+
$route->middleware(ApiPlatformMiddleware::class);
1306+
$route->middleware($globalMiddlewares);
13001307
$routeCollection->add($route);
13011308

13021309
if ($config->get('api-platform.graphql.enabled')) {
@@ -1305,13 +1312,15 @@ public function boot(ResourceNameCollectionFactoryInterface $resourceNameCollect
13051312

13061313
return $entrypointAction->__invoke($request);
13071314
});
1315+
$route->middleware($globalMiddlewares);
13081316
$routeCollection->add($route);
13091317

13101318
$route = new Route(['GET'], $prefix.'/graphiql', function (Application $app) {
13111319
$controller = $app->make(GraphiQlController::class);
13121320

13131321
return $controller->__invoke();
13141322
});
1323+
$route->middleware($globalMiddlewares);
13151324
$routeCollection->add($route);
13161325
}
13171326

@@ -1321,7 +1330,9 @@ public function boot(ResourceNameCollectionFactoryInterface $resourceNameCollect
13211330
return $entrypointAction->__invoke($request);
13221331
});
13231332
$route->where('index', 'index');
1324-
$route->name('api_entrypoint')->middleware(ApiPlatformMiddleware::class);
1333+
$route->name('api_entrypoint');
1334+
$route->middleware(ApiPlatformMiddleware::class);
1335+
$route->middleware($globalMiddlewares);
13251336
$routeCollection->add($route);
13261337

13271338
$router->setRoutes($routeCollection);

‎src/Laravel/config/api-platform.php

+2-4
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,10 @@
1010
'version' => '1.0.0',
1111

1212
'routes' => [
13+
// Global middleware applied to every API Platform routes
14+
// 'middleware' => []
1315
],
1416

15-
/*
16-
* Where are ApiResource defined
17-
* TODO: link the docs on how to plug on eloquent models or create apiResource like controllers :D
18-
*/
1917
'resources' => [
2018
app_path('Models'),
2119
],

0 commit comments

Comments
 (0)
Please sign in to comment.