mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 01:36:00 -04:00
2740603d99
During writing of the update notes, found that the upgrade path would be tricky from a security point of view. If people were pending email confirmation but had an active session, they could technically be actively logged in after the next release. Added middlware as an extra precaution for now.
60 lines
2.2 KiB
PHP
60 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http;
|
|
|
|
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
|
|
|
class Kernel extends HttpKernel
|
|
{
|
|
/**
|
|
* The application's global HTTP middleware stack.
|
|
* These middleware are run during every request to your application.
|
|
*/
|
|
protected $middleware = [
|
|
\BookStack\Http\Middleware\CheckForMaintenanceMode::class,
|
|
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
|
\BookStack\Http\Middleware\TrimStrings::class,
|
|
\BookStack\Http\Middleware\TrustProxies::class,
|
|
];
|
|
|
|
/**
|
|
* The application's route middleware groups.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $middlewareGroups = [
|
|
'web' => [
|
|
\BookStack\Http\Middleware\ControlIframeSecurity::class,
|
|
\BookStack\Http\Middleware\EncryptCookies::class,
|
|
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
|
\Illuminate\Session\Middleware\StartSession::class,
|
|
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
|
\BookStack\Http\Middleware\VerifyCsrfToken::class,
|
|
\BookStack\Http\Middleware\CheckEmailConfirmed::class,
|
|
\BookStack\Http\Middleware\RunThemeActions::class,
|
|
\BookStack\Http\Middleware\Localization::class,
|
|
],
|
|
'api' => [
|
|
\BookStack\Http\Middleware\ThrottleApiRequests::class,
|
|
\BookStack\Http\Middleware\EncryptCookies::class,
|
|
\BookStack\Http\Middleware\StartSessionIfCookieExists::class,
|
|
\BookStack\Http\Middleware\ApiAuthenticate::class,
|
|
\BookStack\Http\Middleware\CheckEmailConfirmed::class,
|
|
],
|
|
];
|
|
|
|
/**
|
|
* The application's route middleware.
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $routeMiddleware = [
|
|
'auth' => \BookStack\Http\Middleware\Authenticate::class,
|
|
'can' => \BookStack\Http\Middleware\CheckUserHasPermission::class,
|
|
'guest' => \BookStack\Http\Middleware\RedirectIfAuthenticated::class,
|
|
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
|
'guard' => \BookStack\Http\Middleware\CheckGuard::class,
|
|
'mfa-setup' => \BookStack\Http\Middleware\AuthenticatedOrPendingMfa::class,
|
|
];
|
|
}
|