Files
2026-06-24 17:20:43 +09:00

46 lines
1.8 KiB
PHP

<?php
use App\Http\Middleware\AuditLog;
use App\Http\Middleware\EnsureMfaIsVerified;
use App\Http\Middleware\EnsurePasswordIsNotExpired;
use App\Http\Middleware\ForceHttps;
use App\Http\Middleware\HandleInertiaRequests;
use App\Http\Middleware\IpWhitelist;
use App\Http\Middleware\SecurityHeaders;
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
use Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets;
use Illuminate\Http\Request;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware): void {
// Глобальные меры защиты: принудительный HTTPS (ИАФ.5) и заголовки
// безопасности (ЗИС) применяются ко всем запросам.
$middleware->append(ForceHttps::class);
$middleware->append(SecurityHeaders::class);
$middleware->web(append: [
HandleInertiaRequests::class,
AddLinkHeadersForPreloadedAssets::class,
]);
// Псевдонимы для назначения мер на отдельные маршруты/группы.
$middleware->alias([
'mfa' => EnsureMfaIsVerified::class,
'password.fresh' => EnsurePasswordIsNotExpired::class,
'audit' => AuditLog::class,
'ip.whitelist' => IpWhitelist::class,
]);
})
->withExceptions(function (Exceptions $exceptions): void {
$exceptions->shouldRenderJsonWhen(
fn (Request $request) => $request->is('api/*'),
);
})->create();