45 lines
1.4 KiB
PHP
45 lines
1.4 KiB
PHP
<?php
|
|
|
|
/** @var App\Core\App $app */
|
|
$app = require_once __DIR__ . '/../bootstrap/app.php';
|
|
|
|
use App\Controllers\HomeController;
|
|
use App\Controllers\AuthController;
|
|
use App\Controllers\Admin\DashboardController;
|
|
use App\Middleware\SecurityHeaders;
|
|
use App\Middleware\RateLimit;
|
|
use App\Middleware\CsrfProtection;
|
|
use App\Middleware\Authenticate;
|
|
|
|
// Register Global Web Middlewares on Route groups
|
|
$app->router->group([
|
|
'middleware' => [SecurityHeaders::class]
|
|
], function($router) {
|
|
|
|
// Public index redirection
|
|
$router->get('/', [HomeController::class, 'index']);
|
|
|
|
// Auth routes throttled via Rate Limiter
|
|
$router->group([
|
|
'middleware' => [RateLimit::class]
|
|
], function($r) {
|
|
$r->get('/login', [AuthController::class, 'showLogin']);
|
|
$r->post('/login', [AuthController::class, 'login']);
|
|
$r->get('/register', [AuthController::class, 'showRegister']);
|
|
$r->post('/register', [AuthController::class, 'register']);
|
|
});
|
|
|
|
// Protected Admin routes requiring Session Auth & CSRF tokens
|
|
$router->group([
|
|
'prefix' => '/admin',
|
|
'middleware' => [Authenticate::class, CsrfProtection::class]
|
|
], function($r) {
|
|
$r->get('/dashboard', [DashboardController::class, 'index']);
|
|
});
|
|
|
|
// Logout endpoint
|
|
$router->get('/logout', [AuthController::class, 'logout']);
|
|
});
|
|
|
|
$app->run();
|