[RELEASE] demo 晉升至 main
本次生產環境發布合併了 demo 分支的已驗收變更,主要包含以下功能: 1. 實作 Web 管理後台「單一帳號僅能單一設備登入」的安全防禦機制。 2. 於 '/dashboard' 及 '/admin' 路由群組中套用 'auth.session' 中極簡安全校驗。 3. 確保機台端 (IoT) 使用的 Stateless Bearer Token API 完全不受 Session 機制干擾。
This commit is contained in:
commit
4b6b431a91
@ -27,6 +27,9 @@ class AuthenticatedSessionController extends Controller
|
||||
{
|
||||
$request->authenticate();
|
||||
|
||||
// 剔除該帳號在其他設備上的所有 Session 連線
|
||||
Auth::logoutOtherDevices($request->password);
|
||||
|
||||
$request->session()->regenerate();
|
||||
|
||||
return redirect()->intended(RouteServiceProvider::HOME);
|
||||
|
||||
@ -30,9 +30,9 @@ Route::get('/t/{slug}', [App\Http\Controllers\Guest\PassCodeController::class, '
|
||||
|
||||
Route::get('/dashboard', function () {
|
||||
return redirect()->route('admin.dashboard');
|
||||
})->middleware(['auth', 'verified'])->name('dashboard');
|
||||
})->middleware(['auth', 'auth.session', 'verified'])->name('dashboard');
|
||||
|
||||
Route::middleware(['auth', 'verified', 'tenant.access'])->prefix('admin')->name('admin.')->group(function () {
|
||||
Route::middleware(['auth', 'auth.session', 'verified', 'tenant.access'])->prefix('admin')->name('admin.')->group(function () {
|
||||
// 1. 儀表板
|
||||
Route::get('/dashboard', [App\Http\Controllers\Admin\DashboardController::class, 'index'])->name('dashboard');
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user