From 024a6f2a47b795da36f19f571c29ed4507b14902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=83=86=E3=82=AF=E3=83=8B=E3=82=AB=E3=83=AB=E8=AB=8F?= =?UTF-8?q?=E8=A8=AA=E5=AD=90?= Date: Fri, 15 Oct 2021 15:49:43 +0900 Subject: [PATCH] =?UTF-8?q?adminAPI=E3=81=AE=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Http/Controllers/Api/AdminController.php | 27 +++- backend/app/Http/Kernel.php | 3 + backend/app/Http/Middleware/AuthAdmin.php | 21 +++ backend/app/Http/Middleware/AuthChild.php | 21 +++ backend/app/Http/Middleware/AuthFather.php | 21 +++ backend/database/factories/AdminFactory.php | 3 +- backend/database/factories/ChildFactory.php | 3 +- backend/database/factories/FatherFactory.php | 3 +- .../database/seeders/AdminsTableSeeder.php | 1 + backend/routes/api.php | 150 +++++++++--------- 10 files changed, 169 insertions(+), 84 deletions(-) create mode 100644 backend/app/Http/Middleware/AuthAdmin.php create mode 100644 backend/app/Http/Middleware/AuthChild.php create mode 100644 backend/app/Http/Middleware/AuthFather.php diff --git a/backend/app/Http/Controllers/Api/AdminController.php b/backend/app/Http/Controllers/Api/AdminController.php index 4cc436e6..d9abffb1 100644 --- a/backend/app/Http/Controllers/Api/AdminController.php +++ b/backend/app/Http/Controllers/Api/AdminController.php @@ -12,9 +12,19 @@ use App\Models\LoginLimits; class AdminController extends Controller { public function login (Request $r) { + if (null === $r->server('HTTP_USER_AGENT')) { + return ['status_code' => 400, 'error_message' => ['不正なuser_agent。']]; + } + + if (null !== ($ll = LoginLimits::where('user_agent', $r->server('HTTP_USER_AGENT'))->first())) { + if ($ll->fail_number >= 10) { + return ['status_code' => 400, 'error_message' => ['10回連続で失敗しましたので、10分、ログインロックになりました。']]; + } + } + $validate = Validator::make($r->all(), [ 'email' => 'required|max:255|email', - 'password' => 'required|min:8|max:72' + 'password' => 'required|min:8|max:72', ]); if ($validate->fails()) { @@ -23,18 +33,23 @@ class AdminController extends Controller { } // 存在しない場合 - if (null === ($admin = Admin::select('id')->where('email', $r->email)->where('password', $r->password)->first())) { - return ['status_code' => 400, 'error_message' => ['ログインに失敗しました。10回連続で失敗すると、一定期間ログインできなくなります。']]; + if (null === ($admin = Admin::select('id', 'email', 'password')->where('email', $r->email)->first())) { + return ['status_code' => 400, 'error_message' => ['このアカウントが存在しません。']]; } // パスワードが異なる場合 - // if (!Hash::check($r->password, $admin->password)) { - if ($r->password != $admin->password) { + if (!Hash::check($r->password, $admin->password)) { + if ($ll = LoginLimits::where('user_agent', $r->server('HTTP_USER_AGENT'))->first()) { + LoginLimits::create(['user_agent' => $r->server('HTTP_USER_AGENT'), 'fail_number' => $ll->fail_number+1]); + } + else { + LoginLimits::create(['user_agent' => $r->server('HTTP_USER_AGENT'), 'fail_number' => 1]); + } return ['status_code' => 400, 'error_message' => ['ログインに失敗しました。10回連続で失敗すると、一定期間ログインできなくなります。']]; } // 親一覧の取得に成功 - session(['email' => $r->email, 'password' => $r->password]); + session(['email' => $admin->email]); return ['status_code' => 200]; } } diff --git a/backend/app/Http/Kernel.php b/backend/app/Http/Kernel.php index 30020a50..78c1eb1c 100644 --- a/backend/app/Http/Kernel.php +++ b/backend/app/Http/Kernel.php @@ -54,6 +54,9 @@ class Kernel extends HttpKernel */ protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class, + 'auth.admins' => \App\Http\Middleware\AuthAdmin::class, + 'auth.children' => \App\Http\Middleware\AuthChild::class, + 'auth.fathers' => \App\Http\Middleware\AuthFather::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, diff --git a/backend/app/Http/Middleware/AuthAdmin.php b/backend/app/Http/Middleware/AuthAdmin.php new file mode 100644 index 00000000..dbcac856 --- /dev/null +++ b/backend/app/Http/Middleware/AuthAdmin.php @@ -0,0 +1,21 @@ +expectsJson()) { + return route('adminlogin'); + } + } +} diff --git a/backend/app/Http/Middleware/AuthChild.php b/backend/app/Http/Middleware/AuthChild.php new file mode 100644 index 00000000..d62b4046 --- /dev/null +++ b/backend/app/Http/Middleware/AuthChild.php @@ -0,0 +1,21 @@ +expectsJson()) { + return route('childrenlogin'); + } + } +} diff --git a/backend/app/Http/Middleware/AuthFather.php b/backend/app/Http/Middleware/AuthFather.php new file mode 100644 index 00000000..af9947b3 --- /dev/null +++ b/backend/app/Http/Middleware/AuthFather.php @@ -0,0 +1,21 @@ +expectsJson()) { + return route('fatherlogin'); + } + } +} diff --git a/backend/database/factories/AdminFactory.php b/backend/database/factories/AdminFactory.php index d2b89b4d..738dbfbb 100644 --- a/backend/database/factories/AdminFactory.php +++ b/backend/database/factories/AdminFactory.php @@ -3,6 +3,7 @@ namespace Database\Factories; use \App\Models\Admin; +use Illuminate\Support\Facades\Hash; use Illuminate\Database\Eloquent\Factories\Factory; class AdminFactory extends Factory @@ -23,7 +24,7 @@ class AdminFactory extends Factory { return [ 'email' => $this->faker->email, - 'password' => $this->faker->password, + 'password' => Hash::make('password'), 'created_at' => $this->faker->dateTime, 'updated_at' => $this->faker->dateTime, ]; diff --git a/backend/database/factories/ChildFactory.php b/backend/database/factories/ChildFactory.php index 346eb6e2..f4316a42 100644 --- a/backend/database/factories/ChildFactory.php +++ b/backend/database/factories/ChildFactory.php @@ -3,6 +3,7 @@ namespace Database\Factories; use App\Models\Child; +use Illuminate\Support\Facades\Hash; use Illuminate\Database\Eloquent\Factories\Factory; class ChildFactory extends Factory @@ -31,7 +32,7 @@ class ChildFactory extends Factory 'identity' => $this->faker->text(20), 'email' => $this->faker->email, 'tel' => $tel[rand(0, 2)], - 'password' => $this->faker->password, + 'password' => Hash::make('password'), 'last_name' => $this->faker->lastName, 'first_name' => $this->faker->firstName, 'image' => $this->faker->imageUrl, diff --git a/backend/database/factories/FatherFactory.php b/backend/database/factories/FatherFactory.php index 2571794f..9cf4e1aa 100644 --- a/backend/database/factories/FatherFactory.php +++ b/backend/database/factories/FatherFactory.php @@ -3,6 +3,7 @@ namespace Database\Factories; use App\Models\Father; +use Illuminate\Support\Facades\Hash; use Illuminate\Database\Eloquent\Factories\Factory; class FatherFactory extends Factory @@ -29,7 +30,7 @@ class FatherFactory extends Factory return [ 'email' => $this->faker->email, - 'password' => $this->faker->password, + 'password' => Hash::make('password'), 'company' => $this->faker->company, 'image' => $this->faker->imageUrl, 'profile' => $this->faker->realText(49), diff --git a/backend/database/seeders/AdminsTableSeeder.php b/backend/database/seeders/AdminsTableSeeder.php index f7f44217..d140b15b 100644 --- a/backend/database/seeders/AdminsTableSeeder.php +++ b/backend/database/seeders/AdminsTableSeeder.php @@ -15,5 +15,6 @@ class AdminsTableSeeder extends Seeder public function run() { \App\Models\Admin::factory()->count(10)->create(); + \App\Models\Admin::create(['email' => 'chankan77@gmail.com', 'password' => 'password']); } } diff --git a/backend/routes/api.php b/backend/routes/api.php index 520b2e1f..21da7a07 100644 --- a/backend/routes/api.php +++ b/backend/routes/api.php @@ -16,7 +16,7 @@ use Illuminate\Support\Facades\Route; // AdminController //// 不明 -Route::post('/admin/login', '\App\Http\Controllers\Api\AdminController@login')->name('login'); +Route::post('/admin/login', '\App\Http\Controllers\Api\AdminController@login')->name('adminlogin'); // ContactsController //// 不明 @@ -24,114 +24,114 @@ Route::post('/contacts/register', '\App\Http\Controllers\Api\ContactsController@ // FathersController //// 不明 -Route::post('/fathers/registerMain/', '\App\Http\Controllers\Api\FathersController@registerMain'); -Route::post('/fathers/requestPassword/', '\App\Http\Controllers\Api\FathersController@requestPassword'); -// Route::post('/fathers/login/', '\App\Http\Controllers\Api\FathersController@login'); +Route::post('/fathers/registerMain/', '\App\Http\Controllers\Api\FathersController@registerMain')->name('fatherregistermain'); +Route::post('/fathers/requestPassword/', '\App\Http\Controllers\Api\FathersController@requestPassword')->name('fatherrequestpassword'); +// Route::post('/fathers/login/', '\App\Http\Controllers\Api\FathersController@login')->name('fatherlogin'); //// admin -Route::get('/admin/fathers/list/', '\App\Http\Controllers\Api\FathersController@list')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/fathers/search', '\App\Http\Controllers\Api\FathersController@search')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/fathers/updateImage/{father_id}', '\App\Http\Controllers\Api\FathersController@updateImage')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/fathers/updateProfile/{father_id}', '\App\Http\Controllers\Api\FathersController@updateProfile')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/fathers/updatePassword/{father_id}', '\App\Http\Controllers\Api\FathersController@updatePassword')->middleware(['auth:admins', 'throttle:10,10']); -Route::post('/admin/fathers/detail/{father_id}', '\App\Http\Controllers\Api\FathersController@detail')->middleware(['auth:admins', 'throttle:10,10']); -Route::delete('/admin/fathers/delete/', '\App\Http\Controllers\Api\FathersController@withdrawal')->middleware(['auth:admins', 'throttle:10,10']); -Route::post('/admin/fathers/registerTemporary/', '\App\Http\Controllers\Api\FathersController@registerTemporary')->middleware(['auth:admins', 'throttle:10,10']); +Route::get('/admin/fathers/list/', '\App\Http\Controllers\Api\FathersController@list')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/fathers/search', '\App\Http\Controllers\Api\FathersController@search')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/fathers/updateImage/{father_id}', '\App\Http\Controllers\Api\FathersController@updateImage')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/fathers/updateProfile/{father_id}', '\App\Http\Controllers\Api\FathersController@updateProfile')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/fathers/updatePassword/{father_id}', '\App\Http\Controllers\Api\FathersController@updatePassword')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::post('/admin/fathers/detail/{father_id}', '\App\Http\Controllers\Api\FathersController@detail')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::delete('/admin/fathers/delete/', '\App\Http\Controllers\Api\FathersController@withdrawal')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::post('/admin/fathers/registerTemporary/', '\App\Http\Controllers\Api\FathersController@registerTemporary')->middleware(['auth.admins:admins', 'throttle:10,10']); //// fathers -Route::put('/fathers/updateImage/{father_id}', '\App\Http\Controllers\Api\FathersController@updateImage'); -Route::put('/fathers/updateProfile/{father_id}', '\App\Http\Controllers\Api\FathersController@updateProfile'); -Route::put('/fathers/updatePassword/{father_id}', '\App\Http\Controllers\Api\FathersController@updatePassword'); -Route::delete('/fathers/withdrawal/', '\App\Http\Controllers\Api\FathersController@withdrawal'); +Route::put('/fathers/updateImage/{father_id}', '\App\Http\Controllers\Api\FathersController@updateImage')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::put('/fathers/updateProfile/{father_id}', '\App\Http\Controllers\Api\FathersController@updateProfile')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::put('/fathers/updatePassword/{father_id}', '\App\Http\Controllers\Api\FathersController@updatePassword')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::delete('/fathers/withdrawal/', '\App\Http\Controllers\Api\FathersController@withdrawal')->middleware(['auth.fathers:fathers', 'throttle:10,10']); //// children -Route::get('/children/fathers/listOfChild/', '\App\Http\Controllers\Api\FathersController@listOfChild'); -Route::get('/children/fathers/detail/{father_id}', '\App\Http\Controllers\Api\FathersController@detail'); +Route::get('/children/fathers/listOfChild/', '\App\Http\Controllers\Api\FathersController@listOfChild')->middleware(['auth.children:children', 'throttle:10,10']); +Route::get('/children/fathers/detail/{father_id}', '\App\Http\Controllers\Api\FathersController@detail')->middleware(['auth.children:children', 'throttle:10,10']); // ChildrenController //// 不明 -Route::post('/children/registerTemporary/', '\App\Http\Controllers\Api\ChildrenController@registerTemporary'); -Route::post('/children/registerMain/', '\App\Http\Controllers\Api\ChildrenController@registerMain'); -// Route::post('/children/requestPassword/', '\App\Http\Controllers\Api\ChildrenController@requestPassword'); -// Route::post('/children/login/', '\App\Http\Controllers\Api\ChildrenController@login'); +Route::post('/children/registerTemporary/', '\App\Http\Controllers\Api\ChildrenController@registerTemporary')->name('childrenregistertemporary'); +Route::post('/children/registerMain/', '\App\Http\Controllers\Api\ChildrenController@registerMain')->name('childrenregistermain'); +// Route::post('/children/requestPassword/', '\App\Http\Controllers\Api\ChildrenController@requestPassword')->name('childrenrequestpassword'); +// Route::post('/children/login/', '\App\Http\Controllers\Api\ChildrenController@login')->name('childrenlogin'); //// admin -Route::get('/admin/children/list', '\App\Http\Controllers\Api\ChildrenController@list')->middleware(['auth:admins', 'throttle:10,10']); -Route::post('/admin/children/search', '\App\Http\Controllers\Api\ChildrenController@search')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/children/updateProfile/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateProfile')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/children/updateImage/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateImage')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/children/updatePassword/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updatePassword')->middleware(['auth:admins', 'throttle:10,10']); -Route::get('/admin/children/detail/{child_id}', '\App\Http\Controllers\Api\ChildrenController@detail')->middleware(['auth:admins', 'throttle:10,10']); -Route::delete('/admin/children/delete/{child_id}', '\App\Http\Controllers\Api\ChildrenController@withdrawal')->middleware(['auth:admins', 'throttle:10,10']); +Route::get('/admin/children/list', '\App\Http\Controllers\Api\ChildrenController@list')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::post('/admin/children/search', '\App\Http\Controllers\Api\ChildrenController@search')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/children/updateProfile/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateProfile')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/children/updateImage/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateImage')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/children/updatePassword/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updatePassword')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::get('/admin/children/detail/{child_id}', '\App\Http\Controllers\Api\ChildrenController@detail')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::delete('/admin/children/delete/{child_id}', '\App\Http\Controllers\Api\ChildrenController@withdrawal')->middleware(['auth.admins:admins', 'throttle:10,10']); //// fathers -Route::get('/fathers/children/listOfFather/', '\App\Http\Controllers\Api\ChildrenController@listOfFather'); -Route::get('/fathers/children/listOfMeeting/', '\App\Http\Controllers\Api\ChildrenController@listOfMeeting'); -Route::post('/fathers/children/listOfMeetingNotifyUnapprovel/', '\App\Http\Controllers\Api\ChildrenController@listOfMeetingNotifyUnapprovel'); -Route::post('/fathers/children/listOfMeetingNotifyApprovel/', '\App\Http\Controllers\Api\ChildrenController@listOfMeetingNotifyApprovel'); -Route::get('/fathers/children/detail/{child_id}', '\App\Http\Controllers\Api\ChildrenController@detail'); +Route::get('/fathers/children/listOfFather/', '\App\Http\Controllers\Api\ChildrenController@listOfFather')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/children/listOfMeeting/', '\App\Http\Controllers\Api\ChildrenController@listOfMeeting')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::post('/fathers/children/listOfMeetingNotifyUnapprovel/', '\App\Http\Controllers\Api\ChildrenController@listOfMeetingNotifyUnapprovel')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::post('/fathers/children/listOfMeetingNotifyApprovel/', '\App\Http\Controllers\Api\ChildrenController@listOfMeetingNotifyApprovel')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/children/detail/{child_id}', '\App\Http\Controllers\Api\ChildrenController@detail')->middleware(['auth.fathers:fathers', 'throttle:10,10']); //// children -Route::get('/children/detail/{child_id}', '\App\Http\Controllers\Api\ChildrenController@detail'); -Route::put('/children/updateImage/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateImage'); -Route::put('/children/updateProfile/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateProfile'); -Route::put('/children/updatePassword/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updatePassword'); -Route::delete('/children/withdrawal/', '\App\Http\Controllers\Api\ChildrenController@withdrawal'); +Route::get('/children/detail/{child_id}', '\App\Http\Controllers\Api\ChildrenController@detail')->middleware(['auth.children:children', 'throttle:10,10']); +Route::put('/children/updateImage/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateImage')->middleware(['auth.children:children', 'throttle:10,10']); +Route::put('/children/updateProfile/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updateProfile')->middleware(['auth.children:children', 'throttle:10,10']); +Route::put('/children/updatePassword/{child_id}', '\App\Http\Controllers\Api\ChildrenController@updatePassword')->middleware(['auth.children:children', 'throttle:10,10']); +Route::delete('/children/withdrawal/', '\App\Http\Controllers\Api\ChildrenController@withdrawal')->middleware(['auth.children:children', 'throttle:10,10']); // MeetingsController //// admin -Route::get('/admin/meetings/list', '\App\Http\Controllers\Api\MeetingsController@list')->middleware(['auth:admins', 'throttle:10,10']); -Route::post('/admin/meetings/search', '\App\Http\Controllers\Api\MeetingsController@search')->middleware(['auth:admins', 'throttle:10,10']); -Route::get('/admin/meetings/detail/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@detail')->middleware(['auth:admins', 'throttle:10,10']); -Route::put('/admin/meetings/update/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@update')->middleware(['auth:admins', 'throttle:10,10']); -Route::delete('/admin/meetings/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@delete')->middleware(['auth:admins', 'throttle:10,10']); +Route::get('/admin/meetings/list', '\App\Http\Controllers\Api\MeetingsController@list')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::post('/admin/meetings/search', '\App\Http\Controllers\Api\MeetingsController@search')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::get('/admin/meetings/detail/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@detail')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::put('/admin/meetings/update/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@update')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::delete('/admin/meetings/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@delete')->middleware(['auth.admins:admins', 'throttle:10,10']); //// fathers -Route::post('/fathers/meetings/register/', '\App\Http\Controllers\Api\MeetingsController@register'); -Route::post('/fathers/meetings/registerFavorite/', '\App\Http\Controllers\Api\MeetingsController@registerFavorite'); -Route::get('/fathers/meetings/listOfCompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfCompleteOfFather'); -Route::get('/fathers/meetings/listOfIncompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfIncompleteOfFather'); -Route::get('/fathers/meetings/listOfFavoriteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfFavoriteOfFather'); -Route::get('/fathers/meetings/listOfNonFavoriteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfNonFavoriteOfFather'); -Route::get('/fathers/meetings/searchOfCompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@searchOfCompleteOfFather'); -Route::get('/fathers/meetings/searchOfIncompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@searchOfIncompleteOfFather'); -Route::get('/fathers/meetings/detail/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@detail'); -Route::put('/fathers/meetings/update/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@update'); -Route::delete('/fathers/meetings/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@delete'); +Route::post('/fathers/meetings/register/', '\App\Http\Controllers\Api\MeetingsController@register')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::post('/fathers/meetings/registerFavorite/', '\App\Http\Controllers\Api\MeetingsController@registerFavorite')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meetings/listOfCompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfCompleteOfFather')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meetings/listOfIncompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfIncompleteOfFather')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meetings/listOfFavoriteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfFavoriteOfFather')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meetings/listOfNonFavoriteOfFather/', '\App\Http\Controllers\Api\MeetingsController@listOfNonFavoriteOfFather')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meetings/searchOfCompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@searchOfCompleteOfFather')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meetings/searchOfIncompleteOfFather/', '\App\Http\Controllers\Api\MeetingsController@searchOfIncompleteOfFather')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meetings/detail/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@detail')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::put('/fathers/meetings/update/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@update')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::delete('/fathers/meetings/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@delete')->middleware(['auth.fathers:fathers', 'throttle:10,10']); //// children -Route::get('/children/meetings/listOfApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@listOfApprovalOfChild'); -Route::get('/children/meetings/listOfNonApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@listOfNonApprovalOfChild'); -Route::get('/children/meetings/searchOfApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@searchOfApprovalOfChild'); -Route::get('/children/meetings/searchOfNonApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@searchOfNonApprovalOfChild'); -Route::get('/children/meetings/detail/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@detail'); +Route::get('/children/meetings/listOfApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@listOfApprovalOfChild')->middleware(['auth.children:children', 'throttle:10,10']); +Route::get('/children/meetings/listOfNonApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@listOfNonApprovalOfChild')->middleware(['auth.children:children', 'throttle:10,10']); +Route::get('/children/meetings/searchOfApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@searchOfApprovalOfChild')->middleware(['auth.children:children', 'throttle:10,10']); +Route::get('/children/meetings/searchOfNonApprovalOfChild/', '\App\Http\Controllers\Api\MeetingsController@searchOfNonApprovalOfChild')->middleware(['auth.children:children', 'throttle:10,10']); +Route::get('/children/meetings/detail/{meeting_id}', '\App\Http\Controllers\Api\MeetingsController@detail')->middleware(['auth.children:children', 'throttle:10,10']); // MeetingImagesController //// admin -Route::post('/admin/meeting/images/register/', '\App\Http\Controllers\Api\MeetingImagesController@register')->middleware(['auth:admins', 'throttle:10,10']); -Route::delete('/admin/meeting/images/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingImagesController@delete')->middleware(['auth:admins', 'throttle:10,10']); +Route::post('/admin/meeting/images/register/', '\App\Http\Controllers\Api\MeetingImagesController@register')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::delete('/admin/meeting/images/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingImagesController@delete')->middleware(['auth.admins:admins', 'throttle:10,10']); //// fathers -Route::post('/fathers/meeting/images/register/', '\App\Http\Controllers\Api\MeetingImagesController@register'); -Route::delete('/fathers/meeting/images/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingImagesController@delete'); +Route::post('/fathers/meeting/images/register/', '\App\Http\Controllers\Api\MeetingImagesController@register')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::delete('/fathers/meeting/images/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingImagesController@delete')->middleware(['auth.fathers:fathers', 'throttle:10,10']); // MeetingApprovalsController //// admin -Route::post('/admin/meeting/approvals/register/', '\App\Http\Controllers\Api\MeetingApprovalsController@register')->middleware(['auth:admins', 'throttle:10,10']); -Route::delete('/admin/meeting/approvals/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingApprovalsController@delete')->middleware(['auth:admins', 'throttle:10,10']); +Route::post('/admin/meeting/approvals/register/', '\App\Http\Controllers\Api\MeetingApprovalsController@register')->middleware(['auth.admins:admins', 'throttle:10,10']); +Route::delete('/admin/meeting/approvals/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingApprovalsController@delete')->middleware(['auth.admins:admins', 'throttle:10,10']); //// fathers -// Route::post('/fathers/meeting/approvals/register/{meeting_id}', '\App\Http\Controllers\Api\MeetingApprovalsController@register'); -// Route::delete('/fathers/meeting/approvals/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingApprovalsController@delete'); -Route::post('/fathers/meeting/approvals/listChildrenOfMeeting/', '\App\Http\Controllers\Api\MeetingApprovalsController@listChildrenOfMeeting'); -Route::get('/fathers/meeting/approvals/listChildrenOfApprovel/', '\App\Http\Controllers\Api\MeetingApprovalsController@listChildrenOfApprovel'); -Route::get('/fathers/meeting/approvals/listChildrenOfUnapprovel/', '\App\Http\Controllers\Api\MeetingApprovalsController@listChildrenOfUnapprovel'); +// Route::post('/fathers/meeting/approvals/register/{meeting_id}', '\App\Http\Controllers\Api\MeetingApprovalsController@register')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +// Route::delete('/fathers/meeting/approvals/delete/{meeting_id}', '\App\Http\Controllers\Api\MeetingApprovalsController@delete')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::post('/fathers/meeting/approvals/listChildrenOfMeeting/', '\App\Http\Controllers\Api\MeetingApprovalsController@listChildrenOfMeeting')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meeting/approvals/listChildrenOfApprovel/', '\App\Http\Controllers\Api\MeetingApprovalsController@listChildrenOfApprovel')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::get('/fathers/meeting/approvals/listChildrenOfUnapprovel/', '\App\Http\Controllers\Api\MeetingApprovalsController@listChildrenOfUnapprovel')->middleware(['auth.fathers:fathers', 'throttle:10,10']); //// children -Route::post('/children/meeting/approvals/registerApproval/', '\App\Http\Controllers\Api\MeetingApprovalsController@registerApproval'); +Route::post('/children/meeting/approvals/registerApproval/', '\App\Http\Controllers\Api\MeetingApprovalsController@registerApproval')->middleware(['auth.children:children', 'throttle:10,10']); // FatherRelationsController //// fathers -Route::post('/fathers/father/relations/register', '\App\Http\Controllers\Api\FatherRelationsController@register'); -Route::put('/fathers/father/relations/updateHireDate/{child_id}', '\App\Http\Controllers\Api\FatherRelationsController@updateHireDate'); -Route::delete('/fathers/father/relations/deleteRelationChild/{child_id}', '\App\Http\Controllers\Api\FatherRelationsController@deleteRelationChild'); +Route::post('/fathers/father/relations/register', '\App\Http\Controllers\Api\FatherRelationsController@register')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::put('/fathers/father/relations/updateHireDate/{child_id}', '\App\Http\Controllers\Api\FatherRelationsController@updateHireDate')->middleware(['auth.fathers:fathers', 'throttle:10,10']); +Route::delete('/fathers/father/relations/deleteRelationChild/{child_id}', '\App\Http\Controllers\Api\FatherRelationsController@deleteRelationChild')->middleware(['auth.fathers:fathers', 'throttle:10,10']);