[RELEASE] demo 晉升至 main

本次生產環境發布合併了 demo 分支的已驗收變更,主要包含以下功能:
1. 實作 Web 管理後台「單一帳號僅能單一設備登入」的安全防禦機制。
2. 於 '/dashboard' 及 '/admin' 路由群組中套用 'auth.session' 中極簡安全校驗。
3. 確保機台端 (IoT) 使用的 Stateless Bearer Token API 完全不受 Session 機制干擾。
This commit is contained in:
sky121113 2026-05-19 16:55:19 +08:00
commit 4b6b431a91
2 changed files with 5 additions and 2 deletions

View File

@ -27,6 +27,9 @@ class AuthenticatedSessionController extends Controller
{
$request->authenticate();
// 剔除該帳號在其他設備上的所有 Session 連線
Auth::logoutOtherDevices($request->password);
$request->session()->regenerate();
return redirect()->intended(RouteServiceProvider::HOME);

View File

@ -30,9 +30,9 @@ Route::get('/t/{slug}', [App\Http\Controllers\Guest\PassCodeController::class, '
Route::get('/dashboard', function () {
return redirect()->route('admin.dashboard');
})->middleware(['auth', 'verified'])->name('dashboard');
})->middleware(['auth', 'auth.session', 'verified'])->name('dashboard');
Route::middleware(['auth', 'verified', 'tenant.access'])->prefix('admin')->name('admin.')->group(function () {
Route::middleware(['auth', 'auth.session', 'verified', 'tenant.access'])->prefix('admin')->name('admin.')->group(function () {
// 1. 儀表板
Route::get('/dashboard', [App\Http\Controllers\Admin\DashboardController::class, 'index'])->name('dashboard');