bitstream/fuel-price
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25cf022964ce9dd2be31bdd62db927c3ed3e8177
fuel-price/routes/api.php
Ovidiu U 73de53994f
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (8.3) (push) Has been cancelled
Details
tests / ci (8.4) (push) Has been cancelled
Details
tests / ci (8.5) (push) Has been cancelled
Details
fix: prevent sensitive field leaks in /me, add retry logic to Brent price sources 
- Made `/api/auth/me` public and return explicit allowlist (name, email,
  two_factor_confirmed_at, tier, subscription fields) instead of spreading
  `$user->toArray()` which leaked is_admin, stripe_id, pm_type, pm_last_four,
  postcode. Returns `null` when unauthenticated rather than 401.
- Moved `/auth/logout` to remain behind auth:sanctum gate.
- Added 3×200ms retry with exponential backoff to EiaBrentPriceSource and
  FredBrentPriceSource on ConnectionException or 5xx responses. Timeout
  raised from 10s to 30s.
- Both sources now throw typed BrentPriceFetchException on exhausted retries
  instead of silently returning null + logging. Updated tests to assert
  exception message includes HTTP status or "connection failed".
2026-05-01 13:22:36 +01:00

46 lines
1.9 KiB
PHP
Raw Blame History

<?php
use App\Enums\FuelType;
use App\Http\Controllers\Api\AuthController;
use App\Http\Controllers\Api\StationController;
use App\Http\Controllers\Api\StatsController;
use App\Http\Controllers\Api\UserController;
use App\Http\Middleware\VerifyApiKey;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Route;
// Public endpoints (no API key required)
Route::post('/auth/register', [AuthController::class, 'register']);
Route::post('/auth/login', [AuthController::class, 'login']);
Route::get('/auth/me', [AuthController::class, 'me']);
Route::get('/fuel-types', function () {
return Cache::remember('api:fuel-types', now()->addDay(), fn () => collect(FuelType::cases())
->map(fn (FuelType $case) => ['value' => $case->value, 'label' => $case->label()])
->values());
});
Route::get('/stats/live', [StatsController::class, 'live']);
// Protected endpoints (API key required)
Route::middleware(['throttle:60,1', VerifyApiKey::class])->group(function (): void {
Route::get('/stations', [StationController::class, 'index']);
Route::get('/stats/searches', [StatsController::class, 'searches']);
});
// Sanctum-authenticated endpoints
Route::middleware('auth:sanctum')->group(function (): void {
Route::post('/auth/logout', [AuthController::class, 'logout']);
// User dashboard endpoints
Route::get('/user/preferences', [UserController::class, 'preferences']);
Route::put('/user/preferences', [UserController::class, 'updatePreferences']);
Route::get('/user/saved-stations', [UserController::class, 'savedStations']);
Route::post('/user/saved-stations', [UserController::class, 'saveStation']);
Route::delete('/user/saved-stations/{stationId}', [UserController::class, 'removeStation']);
Route::put('/user/profile', [UserController::class, 'updateProfile']);
Route::put('/user/password', [UserController::class, 'updatePassword']);
Route::delete('/user', [UserController::class, 'deleteAccount']);
});
Reference in New Issue View Git Blame Copy Permalink