mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-04-07 05:31:24 +00:00
0d7059fcf6
Cherry-picked from v3.0 branch. Three fixes: 1. Refresh CSRF cookie after logout (auth.js) 2. Clear auth.token and selectedCompany from localStorage on logout (auth.js) 3. Invalidate session and regenerate CSRF token on server-side logout (web.php) Without these, logging out and back in as a different user would fail with CSRF token mismatch and 401 Unauthenticated errors because the browser held stale session cookies and localStorage tokens.
152 lines
6.0 KiB
PHP
152 lines
6.0 KiB
PHP
<?php
|
|
|
|
use App\Http\Controllers\V1\Admin\Auth\LoginController;
|
|
use App\Http\Controllers\V1\Admin\Expense\ShowReceiptController;
|
|
use App\Http\Controllers\V1\Admin\Report\CustomerSalesReportController;
|
|
use App\Http\Controllers\V1\Admin\Report\ExpensesReportController;
|
|
use App\Http\Controllers\V1\Admin\Report\ItemSalesReportController;
|
|
use App\Http\Controllers\V1\Admin\Report\ProfitLossReportController;
|
|
use App\Http\Controllers\V1\Admin\Report\TaxSummaryReportController;
|
|
use App\Http\Controllers\V1\Customer\Auth\LoginController as CustomerLoginController;
|
|
use App\Http\Controllers\V1\Customer\EstimatePdfController as CustomerEstimatePdfController;
|
|
use App\Http\Controllers\V1\Customer\InvoicePdfController as CustomerInvoicePdfController;
|
|
use App\Http\Controllers\V1\Customer\PaymentPdfController as CustomerPaymentPdfController;
|
|
use App\Http\Controllers\V1\Modules\ScriptController;
|
|
use App\Http\Controllers\V1\Modules\StyleController;
|
|
use App\Http\Controllers\V1\PDF\DownloadReceiptController;
|
|
use App\Http\Controllers\V1\PDF\EstimatePdfController;
|
|
use App\Http\Controllers\V1\PDF\InvoicePdfController;
|
|
use App\Http\Controllers\V1\PDF\PaymentPdfController;
|
|
use App\Models\Company;
|
|
use Illuminate\Support\Facades\Route;
|
|
|
|
// Module Asset Includes
|
|
// ----------------------------------------------
|
|
|
|
Route::get('/modules/styles/{style}', StyleController::class);
|
|
|
|
Route::get('/modules/scripts/{script}', ScriptController::class);
|
|
|
|
// Admin Auth
|
|
// ----------------------------------------------
|
|
|
|
Route::post('login', [LoginController::class, 'login']);
|
|
|
|
Route::post('auth/logout', function () {
|
|
Auth::guard('web')->logout();
|
|
|
|
request()->session()->invalidate();
|
|
request()->session()->regenerateToken();
|
|
});
|
|
|
|
// Customer auth
|
|
// ----------------------------------------------
|
|
|
|
Route::post('/{company:slug}/customer/login', CustomerLoginController::class);
|
|
|
|
Route::post('/{company:slug}/customer/logout', function () {
|
|
Auth::guard('customer')->logout();
|
|
});
|
|
|
|
// Report PDF & Expense Endpoints
|
|
// ----------------------------------------------
|
|
|
|
Route::middleware('auth:sanctum')->prefix('reports')->group(function () {
|
|
|
|
// sales report by customer
|
|
// ----------------------------------
|
|
Route::get('/sales/customers/{hash}', CustomerSalesReportController::class);
|
|
|
|
// sales report by items
|
|
// ----------------------------------
|
|
Route::get('/sales/items/{hash}', ItemSalesReportController::class);
|
|
|
|
// report for expenses
|
|
// ----------------------------------
|
|
Route::get('/expenses/{hash}', ExpensesReportController::class);
|
|
|
|
// report for tax summary
|
|
// ----------------------------------
|
|
Route::get('/tax-summary/{hash}', TaxSummaryReportController::class);
|
|
|
|
// report for profit and loss
|
|
// ----------------------------------
|
|
Route::get('/profit-loss/{hash}', ProfitLossReportController::class);
|
|
|
|
// download expense receipt
|
|
// -------------------------------------------------
|
|
Route::get('/expenses/{expense}/download-receipt', DownloadReceiptController::class);
|
|
Route::get('/expenses/{expense}/receipt', ShowReceiptController::class);
|
|
});
|
|
|
|
// PDF Endpoints
|
|
// ----------------------------------------------
|
|
|
|
Route::middleware('pdf-auth')->group(function () {
|
|
|
|
// invoice pdf
|
|
// -------------------------------------------------
|
|
Route::get('/invoices/pdf/{invoice:unique_hash}', InvoicePdfController::class);
|
|
|
|
// estimate pdf
|
|
// -------------------------------------------------
|
|
Route::get('/estimates/pdf/{estimate:unique_hash}', EstimatePdfController::class);
|
|
|
|
// payment pdf
|
|
// -------------------------------------------------
|
|
Route::get('/payments/pdf/{payment:unique_hash}', PaymentPdfController::class);
|
|
});
|
|
|
|
// customer pdf endpoints for invoice, estimate and Payment
|
|
// -------------------------------------------------
|
|
|
|
Route::prefix('/customer')->group(function () {
|
|
Route::get('/invoices/{email_log:token}', [CustomerInvoicePdfController::class, 'getInvoice']);
|
|
Route::get('/invoices/view/{email_log:token}', [CustomerInvoicePdfController::class, 'getPdf'])->name('invoice');
|
|
|
|
Route::get('/estimates/{email_log:token}', [CustomerEstimatePdfController::class, 'getEstimate']);
|
|
Route::get('/estimates/view/{email_log:token}', [CustomerEstimatePdfController::class, 'getPdf'])->name('estimate');
|
|
|
|
Route::get('/payments/{email_log:token}', [CustomerPaymentPdfController::class, 'getPayment']);
|
|
Route::get('/payments/view/{email_log:token}', [CustomerPaymentPdfController::class, 'getPdf'])->name('payment');
|
|
});
|
|
|
|
// Setup for installation of app
|
|
// ----------------------------------------------
|
|
|
|
Route::get('/installation', function () {
|
|
return view('app');
|
|
})->name('install')
|
|
->middleware(['redirect-if-installed']);
|
|
|
|
// Move other http requests to the Vue App
|
|
// -------------------------------------------------
|
|
|
|
Route::get('/admin/{vue?}', function () {
|
|
return view('app');
|
|
})->where('vue', '[\/\w\.-]*')->name('admin.dashboard')->middleware(['install', 'redirect-if-unauthenticated']);
|
|
|
|
Route::get('{company:slug}/customer/{vue?}', function (Company $company) {
|
|
return view('app')->with([
|
|
'customer_logo' => get_company_setting('customer_portal_logo', $company->id),
|
|
'current_theme' => get_company_setting('customer_portal_theme', $company->id),
|
|
'customer_page_title' => get_company_setting('customer_portal_page_title', $company->id),
|
|
]);
|
|
})->where('vue', '[\/\w\.-]*')->name('customer.dashboard')->middleware(['install']);
|
|
|
|
Route::get('/', function () {
|
|
return view('app');
|
|
})->where('vue', '[\/\w\.-]*')->name('home')->middleware(['install', 'guest']);
|
|
|
|
Route::get('/reset-password/{token}', function () {
|
|
return view('app');
|
|
})->where('vue', '[\/\w\.-]*')->name('reset-password')->middleware(['install', 'guest']);
|
|
|
|
Route::get('/forgot-password', function () {
|
|
return view('app');
|
|
})->where('vue', '[\/\w\.-]*')->name('forgot-password')->middleware(['install', 'guest']);
|
|
|
|
Route::get('/login', function () {
|
|
return view('app');
|
|
})->where('vue', '[\/\w\.-]*')->name('login')->middleware(['install', 'guest']);
|