Merge pull request 'fix(auth): 補 StartSession middleware 給 OAuth routes' (#24) from security/auth-p2-lockout-oauth-state into master
Deploy Production / deploy (push) Successful in 12s

Reviewed-on: #24
This commit was merged in pull request #24.
This commit is contained in:
2026-06-02 17:47:57 +00:00
+5 -3
View File
@@ -30,9 +30,11 @@ Route::get('/diving-offers/{id}/reviews', [ReviewController::class, 'publicList
Route::post('/member/register', [AuthController::class, 'registerMember']);
Route::middleware('throttle:10,1')->post('/member/login', [AuthController::class, 'loginMember']);
// Google 第三方登入(僅會員)
Route::get('/auth/google/redirect', [\App\Http\Controllers\API\SocialAuthController::class, 'redirectToGoogle']);
Route::get('/auth/google/callback', [\App\Http\Controllers\API\SocialAuthController::class, 'handleGoogleCallback']);
// Google 第三方登入(僅會員)— 需要 StartSession 支援 OAuth state
Route::middleware([\Illuminate\Session\Middleware\StartSession::class])->group(function () {
Route::get('/auth/google/redirect', [\App\Http\Controllers\API\SocialAuthController::class, 'redirectToGoogle']);
Route::get('/auth/google/callback', [\App\Http\Controllers\API\SocialAuthController::class, 'handleGoogleCallback']);
});
// 會員專屬 API(需登入)
Route::middleware(['auth:sanctum'])->prefix('member')->group(function () {