Fix a fallback route issue causing API calls to return unauth responses and not 404s

The fallback handler isn't scoped to a specific group, so the way this was setup caused requests to non-existent API routes to actually try and return the base view for Vue. This caused a mess of issues because that view is behind the middleware that expect sessions to be set, thus leading to very confusing authentication errors rather than a 404 response.

Author: DaneEveritt

app/Providers/RouteServiceProvider.php

@@ -22,16 +22,16 @@ class RouteServiceProvider extends ServiceProvider
     public function map()
     {
         Route::middleware(['web', 'auth', 'csrf'])
-             ->namespace($this->namespace . '\Base')
-             ->group(base_path('routes/base.php'));
+            ->namespace($this->namespace . '\Base')
+            ->group(base_path('routes/base.php'));
 
         Route::middleware(['web', 'auth', 'admin', 'csrf'])->prefix('/admin')
-             ->namespace($this->namespace . '\Admin')
-             ->group(base_path('routes/admin.php'));
+            ->namespace($this->namespace . '\Admin')
+            ->group(base_path('routes/admin.php'));
 
         Route::middleware(['web', 'csrf'])->prefix('/auth')
-             ->namespace($this->namespace . '\Auth')
-             ->group(base_path('routes/auth.php'));
+            ->namespace($this->namespace . '\Auth')
+            ->group(base_path('routes/auth.php'));
 
         Route::middleware(['web', 'csrf', 'auth', 'server', 'subuser.auth', 'node.maintenance'])
             ->prefix('/api/server/{server}')
@@ -51,7 +51,7 @@ public function map()
             ->group(base_path('routes/api-remote.php'));
 
         Route::middleware(['web', 'daemon-old'])->prefix('/daemon')
-             ->namespace($this->namespace . '\Daemon')
-             ->group(base_path('routes/daemon.php'));
+            ->namespace($this->namespace . '\Daemon')
+            ->group(base_path('routes/daemon.php'));
     }
 }

routes/base.php

@@ -1,17 +1,8 @@
 <?php
 
-Route::get('/', 'IndexController@index')->name('index');
+Route::get('/', 'IndexController@index')->name('index')->fallback();
 Route::get('/account', 'IndexController@index')->name('account');
 
-/*
-|--------------------------------------------------------------------------
-| Account Controller Routes
-|--------------------------------------------------------------------------
-|
-| Endpoint: /account
-|
-*/
-
 /*
 |--------------------------------------------------------------------------
 | Account API Controller Routes
@@ -23,9 +14,7 @@
 Route::group(['prefix' => 'account/api'], function () {
     Route::get('/', 'ClientApiController@index')->name('account.api');
     Route::get('/new', 'ClientApiController@create')->name('account.api.new');
-
     Route::post('/new', 'ClientApiController@store');
-
     Route::delete('/revoke/{identifier}', 'ClientApiController@delete')->name('account.api.revoke');
 });
 
@@ -43,5 +32,5 @@
     Route::post('/totp/disable', 'SecurityController@delete')->name('account.two_factor.disable');
 });
 
-// Catch any other combinations of routes and pass them off to the Vuejs component.
-Route::fallback('IndexController@index');
+Route::get('/{vue}', 'IndexController@index')
+    ->where('vue', '^(?!(\/)?(api|admin|daemon)).+');