Perform a bit of code cleanup

DaneEveritt · DaneEveritt · commit 4d3362b24fc1 · 2022-05-22T17:23:48.000-04:00
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -86,6 +86,8 @@ public function login(Request $request): JsonResponse
 
         $this->auth->guard()->login($user, true);
 
+        $request->session()->regenerate();
+
         return $this->sendLoginResponse($user, $request);
     }
 }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -11,7 +11,6 @@
 use Pterodactyl\Http\Middleware\Api\IsValidJson;
 use Pterodactyl\Http\Middleware\VerifyCsrfToken;
 use Pterodactyl\Http\Middleware\VerifyReCaptcha;
-use Pterodactyl\Http\Middleware\AdminAuthenticate;
 use Illuminate\Routing\Middleware\ThrottleRequests;
 use Pterodactyl\Http\Middleware\LanguageMiddleware;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
@@ -65,9 +64,9 @@ class Kernel extends HttpKernel
             RequireTwoFactorAuthentication::class,
         ],
         'api' => [
-            IsValidJson::class,
             EnsureStatefulRequests::class,
             'auth:sanctum',
+            IsValidJson::class,
             RequireTwoFactorAuthentication::class,
             AuthenticateIPAccess::class,
         ],
@@ -93,7 +92,6 @@ class Kernel extends HttpKernel
         'auth' => Authenticate::class,
         'auth.basic' => AuthenticateWithBasicAuth::class,
         'guest' => RedirectIfAuthenticated::class,
-        'admin' => AdminAuthenticate::class,
         'csrf' => VerifyCsrfToken::class,
         'throttle' => ThrottleRequests::class,
         'can' => Authorize::class,
diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
@@ -8,6 +8,7 @@
 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Support\Facades\RateLimiter;
 use Pterodactyl\Http\Middleware\TrimStrings;
+use Pterodactyl\Http\Middleware\AdminAuthenticate;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
 
 class RouteServiceProvider extends ServiceProvider
@@ -33,10 +34,10 @@ public function boot()
         Route::model('database', Database::class);
 
         $this->routes(function () {
-            Route::middleware(['web', 'csrf'])->group(function () {
+            Route::middleware('web')->group(function () {
                 Route::middleware('auth')->group(base_path('routes/base.php'));
                 Route::middleware('guest')->prefix('/auth')->group(base_path('routes/auth.php'));
-                Route::middleware(['auth', 'admin'])->prefix('/admin')->group(base_path('routes/admin.php'));
+                Route::middleware(['auth', AdminAuthenticate::class])->prefix('/admin')->group(base_path('routes/admin.php'));
             });
 
             Route::middleware('api')->group(function () {
diff --git a/resources/scripts/api/http.ts b/resources/scripts/api/http.ts
@@ -11,18 +11,6 @@ const http: AxiosInstance = axios.create({
     },
 });
 
-http.interceptors.request.use(req => {
-    const cookies = document.cookie.split(';').reduce((obj, val) => {
-        const [ key, value ] = val.trim().split('=').map(decodeURIComponent);
-
-        return { ...obj, [key]: value };
-    }, {} as Record<string, string>);
-
-    req.headers['X-XSRF-TOKEN'] = cookies['XSRF-TOKEN'] || 'nil';
-
-    return req;
-});
-
 http.interceptors.request.use(req => {
     if (!req.url?.endsWith('/resources')) {
         store.getActions().progress.startContinuous();
diff --git a/tests/Unit/Http/Middleware/AuthenticateTest.php b/tests/Unit/Http/Middleware/AuthenticateTest.php

Original file line number	Diff line number	Diff line change
`@@ -86,6 +86,8 @@ public function login(Request $request): JsonResponse`
`86`	`86`
`87`	`87`	`$this->auth->guard()->login($user, true);`
`88`	`88`
	`89`	`+ $request->session()->regenerate();`
	`90`	`+`
`89`	`91`	`return $this->sendLoginResponse($user, $request);`
`90`	`92`	`}`
`91`	`93`	`}`