46 lines
1.8 KiB
PHP
46 lines
1.8 KiB
PHP
<?php
|
|
|
|
use App\Http\Middleware\AuditLog;
|
|
use App\Http\Middleware\EnsureMfaIsVerified;
|
|
use App\Http\Middleware\EnsurePasswordIsNotExpired;
|
|
use App\Http\Middleware\ForceHttps;
|
|
use App\Http\Middleware\HandleInertiaRequests;
|
|
use App\Http\Middleware\IpWhitelist;
|
|
use App\Http\Middleware\SecurityHeaders;
|
|
use Illuminate\Foundation\Application;
|
|
use Illuminate\Foundation\Configuration\Exceptions;
|
|
use Illuminate\Foundation\Configuration\Middleware;
|
|
use Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets;
|
|
use Illuminate\Http\Request;
|
|
|
|
return Application::configure(basePath: dirname(__DIR__))
|
|
->withRouting(
|
|
web: __DIR__.'/../routes/web.php',
|
|
commands: __DIR__.'/../routes/console.php',
|
|
health: '/up',
|
|
)
|
|
->withMiddleware(function (Middleware $middleware): void {
|
|
// Глобальные меры защиты: принудительный HTTPS (ИАФ.5) и заголовки
|
|
// безопасности (ЗИС) применяются ко всем запросам.
|
|
$middleware->append(ForceHttps::class);
|
|
$middleware->append(SecurityHeaders::class);
|
|
|
|
$middleware->web(append: [
|
|
HandleInertiaRequests::class,
|
|
AddLinkHeadersForPreloadedAssets::class,
|
|
]);
|
|
|
|
// Псевдонимы для назначения мер на отдельные маршруты/группы.
|
|
$middleware->alias([
|
|
'mfa' => EnsureMfaIsVerified::class,
|
|
'password.fresh' => EnsurePasswordIsNotExpired::class,
|
|
'audit' => AuditLog::class,
|
|
'ip.whitelist' => IpWhitelist::class,
|
|
]);
|
|
})
|
|
->withExceptions(function (Exceptions $exceptions): void {
|
|
$exceptions->shouldRenderJsonWhen(
|
|
fn (Request $request) => $request->is('api/*'),
|
|
);
|
|
})->create();
|