['guest', 'rejectIfDemoMode']], function () { Route::post('user', [RegisterController::class, 'register'])->name('user.register'); Route::post('user/password/lost', [ForgotPasswordController::class, 'sendResetLinkEmail'])->name('user.password.lost'); Route::post('user/password/reset', [ResetPasswordController::class, 'reset'])->name('password.reset'); Route::post('webauthn/login/options', [WebAuthnLoginController::class, 'options'])->name('webauthn.login.options'); Route::post('webauthn/lost', [WebAuthnDeviceLostController::class, 'sendRecoveryEmail'])->name('webauthn.lost'); }); /** * Routes that can be requested max 10 times per minute by the same IP */ Route::group(['middleware' => ['rejectIfDemoMode', 'throttle:10,1']], function () { Route::post('webauthn/recover', [WebAuthnRecoveryController::class, 'recover'])->name('webauthn.recover'); }); /** * Routes that only work for unauthenticated user (return an error otherwise) * that can be requested max 10 times per minute by the same IP */ Route::group(['middleware' => ['guest', 'throttle:10,1']], function () { Route::post('user/login', [LoginController::class, 'login'])->name('user.login'); Route::post('webauthn/login', [WebAuthnLoginController::class, 'login'])->name('webauthn.login'); Route::get('/socialite/redirect/{driver}', [SocialiteController::class, 'redirect'])->name('socialite.redirect'); Route::get('/socialite/callback/{driver}', [SocialiteController::class, 'callback'])->name('socialite.callback'); }); /** * Routes protected by an authentication guard but rejected when reverse-proxy guard is enabled */ Route::group(['middleware' => ['behind-auth', 'rejectIfReverseProxy']], function () { Route::put('user', [UserController::class, 'update'])->name('user.update'); Route::patch('user/password', [PasswordController::class, 'update'])->name('user.password.update')->middleware('rejectIfDemoMode'); Route::get('user/logout', [LoginController::class, 'logout'])->name('user.logout'); Route::delete('user', [UserController::class, 'delete'])->name('user.delete')->middleware('rejectIfDemoMode'); Route::get('oauth/personal-access-tokens', [PersonalAccessTokenController::class, 'forUser'])->name('passport.personal.tokens.index'); Route::post('oauth/personal-access-tokens', [PersonalAccessTokenController::class, 'store'])->name('passport.personal.tokens.store'); Route::delete('oauth/personal-access-tokens/{token_id}', [PersonalAccessTokenController::class, 'destroy'])->name('passport.personal.tokens.destroy'); Route::post('webauthn/register/options', [WebAuthnRegisterController::class, 'options'])->name('webauthn.register.options'); Route::post('webauthn/register', [WebAuthnRegisterController::class, 'register'])->name('webauthn.register'); Route::get('webauthn/credentials', [WebAuthnManageController::class, 'index'])->name('webauthn.credentials.index'); Route::patch('webauthn/credentials/{credential}/name', [WebAuthnManageController::class, 'rename'])->name('webauthn.credentials.rename'); Route::delete('webauthn/credentials/{credential}', [WebAuthnManageController::class, 'delete'])->name('webauthn.credentials.delete'); }); Route::get('refresh-csrf', function () { return csrf_token(); }); /** * Routes protected by an authentication guard and restricted to administrators */ Route::group(['middleware' => ['behind-auth', 'admin']], function () { Route::get('infos', [SystemController::class, 'infos'])->name('system.infos'); Route::post('testEmail', [SystemController::class, 'testEmail'])->name('system.testEmail'); }); Route::get('latestRelease', [SystemController::class, 'latestRelease'])->name('system.latestRelease'); /** * Route for the main landing view */ Route::get('/{any}', [SinglePageController::class, 'index'])->where('any', '.*')->name('landing');