diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php new file mode 100644 index 0000000..a9649df --- /dev/null +++ b/app/Http/Kernel.php @@ -0,0 +1,83 @@ + + */ + protected $middleware = [ + // \App\Http\Middleware\TrustHosts::class, + \App\Http\Middleware\TrustProxies::class, + \Illuminate\Http\Middleware\HandleCors::class, + \App\Http\Middleware\PreventRequestsDuringMaintenance::class, + \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, + \App\Http\Middleware\TrimStrings::class, + \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, + ]; + + + /** + * The application's route middleware groups. + * + * @var array> + */ + protected $middlewareGroups = [ + 'web' => [ + \App\Http\Middleware\EncryptCookies::class, + \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, + \Illuminate\Session\Middleware\StartSession::class, + \App\Http\Middleware\AuthenticateMagic::class, + \Illuminate\View\Middleware\ShareErrorsFromSession::class, + \App\Http\Middleware\VerifyCsrfToken::class, + \Illuminate\Routing\Middleware\SubstituteBindings::class, + ], + + 'api' => [ + \App\Http\Middleware\EncryptCookies::class, + //\Illuminate\Session\Middleware\StartSession::class, + //\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, + 'throttle:api', + //\Illuminate\Routing\Middleware\SubstituteBindings::class, + //\Illuminate\Session\Middleware\AuthenticateSession::class, // Опционально + //\Illuminate\Auth\Middleware\Authenticate::class.':sanctum', // Глобальная аутентификация + //Кастомный посредник аутентификации, который наследует стандартному посреднику аутентификации с передачей guarda sanctum. Сначала в кастомном посреднике будет проведена аутентификация sanctum, если будет выброшена ошибка, она будет обработана кастомным посредником (с возвратом сообщения об ошибке и корректного статуса). Без этой реализации стандартный посредник аутентификации пытался редиректить на роут login, которого не должно быть при обращении к api ендпоинту + \App\Http\Middleware\AuthenticateMagicApi::class.':sanctum', + \Illuminate\Routing\Middleware\ThrottleRequests::class.':api', + \Illuminate\Routing\Middleware\SubstituteBindings::class, + ], + ]; + + /** + * The application's middleware aliases. + * + * Aliases may be used instead of class names to conveniently assign middleware to routes and groups. + * + * @var array + */ + protected $middlewareAliases = [ + 'auth' => \App\Http\Middleware\Authenticate::class, + 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, + 'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class, + 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, + 'can' => \Illuminate\Auth\Middleware\Authorize::class, + 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, + 'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class, + 'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class, + 'signed' => \App\Http\Middleware\ValidateSignature::class, + 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, + 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class, + //Посредник проверки доступных ролей в приложении + 'checkPermission' => \App\Http\Middleware\CheckUserPermission::class, + //Посредник проверки доступа к приложению + 'checkAppAccess' => \App\Http\Middleware\CheckUserAppAccess::class, + ]; +}