bookstack/app/App/Providers/RouteServiceProvider.php

<?php

namespace BookStack\App\Providers;

use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Http\Request;
use Illuminate\Routing\Router;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\Route;

class RouteServiceProvider extends ServiceProvider
{
    /**
     * The path to the "home" route for your application.
     *
     * This is used by Laravel authentication to redirect users after login.
     *
     * @var string
     */
    public const HOME = '/';

    /**
     * Define your route model bindings, pattern filters, etc.
     */
    public function boot(): void
    {
        $this->configureRateLimiting();

        $this->routes(function () {
            $this->mapWebRoutes();
            $this->mapApiRoutes();
        });
    }

    /**
     * Define the "web" routes for the application.
     *
     * These routes all receive session state, CSRF protection, etc.
     */
    protected function mapWebRoutes(): void
    {
        Route::group([
            'middleware' => 'web',
            'namespace'  => $this->namespace,
        ], function (Router $router) {
            require base_path('routes/web.php');
            Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB, $router);
        });

        Route::group([
            'middleware' => ['web', 'auth'],
        ], function (Router $router) {
            Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB_AUTH, $router);
        });
    }

    /**
     * Define the "api" routes for the application.
     *
     * These routes are typically stateless.
     */
    protected function mapApiRoutes(): void
    {
        Route::group([
            'middleware' => 'api',
            'namespace'  => $this->namespace . '\Api',
            'prefix'     => 'api',
        ], function ($router) {
            require base_path('routes/api.php');
        });
    }

    /**
     * Configure the rate limiters for the application.
     */
    protected function configureRateLimiting(): void
    {
        RateLimiter::for('api', function (Request $request) {
            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
        });

        RateLimiter::for('public', function (Request $request) {
            return Limit::perMinute(10)->by($request->ip());
        });

        RateLimiter::for('exports', function (Request $request) {
            $user = user();
            $attempts = $user->isGuest() ? 4 : 10;
            $key = $user->isGuest() ? $request->ip() : $user->id;
            return Limit::perMinute($attempts)->by($key);
        });
    }
}
Initial commit 2015-07-13 03:01:42 +08:00			`<?php`

Played around with a new app structure 2023-05-18 00:56:55 +08:00			`namespace BookStack\App\Providers;`
Initial commit 2015-07-13 03:01:42 +08:00
LogicalTheme: Added events for registering web routes Added to allow easier registration of routes. Added for normal web and authed routes. Included testing to cover. 2023-11-17 21:45:57 +08:00			`use BookStack\Facades\Theme;`
			`use BookStack\Theming\ThemeEvents;`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`use Illuminate\Cache\RateLimiting\Limit;`
Initial commit 2015-07-13 03:01:42 +08:00			`use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`use Illuminate\Http\Request;`
LogicalTheme: Added events for registering web routes Added to allow easier registration of routes. Added for normal web and authed routes. Included testing to cover. 2023-11-17 21:45:57 +08:00			`use Illuminate\Routing\Router;`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`use Illuminate\Support\Facades\RateLimiter;`
Standardised facade usage to use via their FQCN Done via Laravel Shift Workbench 2021-09-26 22:37:55 +08:00			`use Illuminate\Support\Facades\Route;`
Initial commit 2015-07-13 03:01:42 +08:00
			`class RouteServiceProvider extends ServiceProvider`
			`{`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`/**`
			`* The path to the "home" route for your application.`
			`*`
			`* This is used by Laravel authentication to redirect users after login.`
			`*`
			`* @var string`
			`*/`
			`public const HOME = '/';`

Initial commit 2015-07-13 03:01:42 +08:00			`/**`
			`* Define your route model bindings, pattern filters, etc.`
			`*/`
Framework: Upgrade from Laravel 9 to 10 Following Laravel guidance and GitHub diff. Not yet in tested state with app-specific changes made. 2024-03-16 23:12:14 +08:00			`public function boot(): void`
Initial commit 2015-07-13 03:01:42 +08:00			`{`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`$this->configureRateLimiting();`
Initial commit 2015-07-13 03:01:42 +08:00
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`$this->routes(function () {`
			`$this->mapWebRoutes();`
			`$this->mapApiRoutes();`
			`});`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`}`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`/**`
			`* Define the "web" routes for the application.`
			`*`
			`* These routes all receive session state, CSRF protection, etc.`
			`*/`
Framework: Upgrade from Laravel 9 to 10 Following Laravel guidance and GitHub diff. Not yet in tested state with app-specific changes made. 2024-03-16 23:12:14 +08:00			`protected function mapWebRoutes(): void`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`{`
			`Route::group([`
			`'middleware' => 'web',`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`'namespace' => $this->namespace,`
LogicalTheme: Added events for registering web routes Added to allow easier registration of routes. Added for normal web and authed routes. Included testing to cover. 2023-11-17 21:45:57 +08:00			`], function (Router $router) {`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`require base_path('routes/web.php');`
LogicalTheme: Added events for registering web routes Added to allow easier registration of routes. Added for normal web and authed routes. Included testing to cover. 2023-11-17 21:45:57 +08:00			`Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB, $router);`
			`});`

			`Route::group([`
			`'middleware' => ['web', 'auth'],`
			`], function (Router $router) {`
			`Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB_AUTH, $router);`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`});`
			`}`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`/**`
			`* Define the "api" routes for the application.`
			`*`
			`* These routes are typically stateless.`
			`*/`
Framework: Upgrade from Laravel 9 to 10 Following Laravel guidance and GitHub diff. Not yet in tested state with app-specific changes made. 2024-03-16 23:12:14 +08:00			`protected function mapApiRoutes(): void`
Initial commit 2015-07-13 03:01:42 +08:00			`{`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`Route::group([`
			`'middleware' => 'api',`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`'namespace' => $this->namespace . '\Api',`
			`'prefix' => 'api',`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`], function ($router) {`
			`require base_path('routes/api.php');`
Initial commit 2015-07-13 03:01:42 +08:00			`});`
			`}`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00
			`/**`
			`* Configure the rate limiters for the application.`
			`*/`
Framework: Upgrade from Laravel 9 to 10 Following Laravel guidance and GitHub diff. Not yet in tested state with app-specific changes made. 2024-03-16 23:12:14 +08:00			`protected function configureRateLimiting(): void`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`{`
			`RateLimiter::for('api', function (Request $request) {`
Followed Laravel 9 update steps and file changes 2023-02-07 00:58:29 +08:00			`return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`});`
Routes: Added throttling to a range of auth-related endpoints Some already throttled in some means, but this adds a simple ip-based non-request-specific layer to many endpoints. Related to #4993 2024-05-20 21:00:58 +08:00
			`RateLimiter::for('public', function (Request $request) {`
			`return Limit::perMinute(10)->by($request->ip());`
			`});`
Exports: Added rate limits for UI exports Just as a measure to prevent potential abuse of these potentially longer-running endpoints. Adds test to cover for ZIP exports, but applied to all formats. 2025-01-01 23:42:59 +08:00
			`RateLimiter::for('exports', function (Request $request) {`
			`$user = user();`
			`$attempts = $user->isGuest() ? 4 : 10;`
			`$key = $user->isGuest() ? $request->ip() : $user->id;`
			`return Limit::perMinute($attempts)->by($key);`
			`});`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-31 04:29:59 +08:00			`}`
Initial commit 2015-07-13 03:01:42 +08:00			`}`