Merge branch 'main' into feat/apiroute-v2

This commit is contained in:
Jean-Marc Strauven
2026-01-02 17:49:51 +01:00
committed by GitHub
4 changed files with 494 additions and 521 deletions

View File

@@ -6,7 +6,7 @@
"keywords": ["laravel", "api", "rest", "starter-kit", "sanctum"],
"license": "MIT",
"require": {
"php": "^8.2",
"php": "^8.3",
"dedoc/scramble": "^0.12",
"grazulex/laravel-apiroute": "^2.0",
"laravel/framework": "^12.0",
@@ -21,8 +21,8 @@
"laravel/pint": "^1.24",
"mockery/mockery": "^1.6",
"nunomaduro/collision": "^8.6",
"pestphp/pest": "^3.0",
"pestphp/pest-plugin-laravel": "^3.0"
"pestphp/pest": "^4.0",
"pestphp/pest-plugin-laravel": "^4.0"
},
"autoload": {
"psr-4": {

989
composer.lock generated

File diff suppressed because it is too large Load Diff

View File

@@ -14,5 +14,19 @@
|
*/
// Routes are now loaded automatically from config/apiroute.php
// See routes/api/v1.php for version 1 routes
// Version 1 - Current stable version
ApiRoute::version('v1', function () {
// Public routes with auth rate limiter (5/min - brute force protection)
Route::middleware('throttle:auth')->group(function () {
Route::post('register', [AuthController::class, 'register'])->name('api.v1.register');
Route::post('login', [AuthController::class, 'login'])->name('api.v1.login');
});
// Protected routes with authenticated rate limiter (120/min)
Route::middleware(['auth:sanctum', 'throttle:authenticated'])->group(function () {
Route::post('logout', [AuthController::class, 'logout'])->name('api.v1.logout');
Route::get('me', [AuthController::class, 'me'])->name('api.v1.me');
});
})
->current()
->rateLimit(60); // Global rate limit: 60 requests/minute for v1

View File

@@ -1,6 +1,4 @@
<?php
use Illuminate\Support\Facades\Route;
// Web routes disabled - API only application
// Scramble documentation available at /docs/api