feat: add AuthController, protect routes, move API to web middleware
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+33
-8
@@ -1,15 +1,40 @@
|
||||
<?php
|
||||
|
||||
use App\Http\Controllers\AuthController;
|
||||
use App\Http\Controllers\IbadahController;
|
||||
use App\Http\Controllers\MiskinController;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
Route::get('/', function () {
|
||||
return view('welcome');
|
||||
});
|
||||
// Auth routes (public, redirect to /map if already logged in)
|
||||
Route::get('/login', [AuthController::class, 'showLogin'])->name('login')->middleware('guest');
|
||||
Route::post('/login', [AuthController::class, 'login'])->middleware('guest');
|
||||
Route::post('/logout', [AuthController::class, 'logout'])->name('logout')->middleware('auth');
|
||||
|
||||
Route::get('/map', function () {
|
||||
return view('map');
|
||||
});
|
||||
// All other routes require authentication
|
||||
Route::middleware('auth')->group(function () {
|
||||
|
||||
Route::get('/data', function () {
|
||||
return view('data');
|
||||
// Web pages
|
||||
Route::get('/', fn() => view('welcome'));
|
||||
Route::get('/map', fn() => view('map'));
|
||||
Route::get('/data', fn() => view('data'));
|
||||
|
||||
// API routes moved here for session + CSRF middleware
|
||||
Route::prefix('api')->group(function () {
|
||||
|
||||
// Rumah Ibadah — read: all roles, write: administrator + pengurus_ibadah
|
||||
Route::get('/ibadah', [IbadahController::class, 'index']);
|
||||
Route::middleware('role:administrator|pengurus_ibadah')->group(function () {
|
||||
Route::post('/ibadah', [IbadahController::class, 'store']);
|
||||
Route::put('/ibadah/{id}', [IbadahController::class, 'update']);
|
||||
Route::delete('/ibadah/{id}', [IbadahController::class, 'destroy']);
|
||||
});
|
||||
|
||||
// Rumah Miskin — read: all roles, write: administrator + petugas_pendataan
|
||||
Route::get('/miskin', [MiskinController::class, 'index']);
|
||||
Route::middleware('role:administrator|petugas_pendataan')->group(function () {
|
||||
Route::post('/miskin', [MiskinController::class, 'store']);
|
||||
Route::put('/miskin/{id}', [MiskinController::class, 'update']);
|
||||
Route::delete('/miskin/{id}', [MiskinController::class, 'destroy']);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user