fix: root + read:sensive could read senstive data with a middlewarew

2024-12-09 11:10:35 +01:00
parent ff74fb7385
commit 3fa7d03db7
10 changed files with 74 additions and 70 deletions
--- a/routes/api.php
+++ b/routes/api.php
@@ -26,7 +26,7 @@ Route::group([
    Route::get('/disable', [OtherController::class, 'disable_api']);
 });
 Route::group([
-    'middleware' => ['auth:sanctum', ApiAllowed::class],
+    'middleware' => ['auth:sanctum', ApiAllowed::class, 'api.sensitive'],
    'prefix' => 'v1',
 ], function () {
    Route::get('/version', [OtherController::class, 'version'])->middleware(['api.ability:read']);