mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-17 16:40:31 +00:00
HolgerHatGarKeineNode
7531f28f22
Replaces the custom-scheme auto-redirect (which triggers Chrome's confirmation prompt) with a verified Android App Link handoff: - public/.well-known/assetlinks.json for space.einundzwanzig.mobile (debug cert fingerprint; add the release cert before store builds) - GET /app/auth handoff: opens the app directly when the App Link is verified; renders a button-based fallback page otherwise - POST /api/mobile/token: trades a NIP-55-signed login event for a Sanctum token — used when Amber's callback opens the app directly - complete/confirm/signedCallback now redirect to the handoff URL
72 lines
2.6 KiB
PHP
72 lines
2.6 KiB
PHP
<?php
|
|
|
|
use App\Http\Controllers\Auth\VerifyEmailController;
|
|
use App\Http\Controllers\LnurlAuthController;
|
|
use App\Http\Controllers\MobileAuthController;
|
|
use App\Livewire\Actions\Logout;
|
|
use Illuminate\Support\Facades\Route;
|
|
|
|
Route::middleware('guest')
|
|
->group(function () {
|
|
Route::livewire('/login', 'auth.login')
|
|
->name('login');
|
|
|
|
Route::livewire('/forgot-password', 'auth.forgot-password')
|
|
->name('password.request');
|
|
|
|
Route::livewire('/reset-password/{token}', 'auth.reset-password')
|
|
->name('password.reset');
|
|
|
|
Route::get('/auth/complete-lightning/{k1}', [LnurlAuthController::class, 'completeLogin'])
|
|
->where('k1', '[a-f0-9]{64}')
|
|
->name('auth.ln.complete');
|
|
});
|
|
|
|
Route::middleware('auth')
|
|
->group(function () {
|
|
Route::livewire('/verify-email', 'auth.verify-email')
|
|
->name('verification.notice');
|
|
|
|
Route::get('verify-email/{id}/{hash}', VerifyEmailController::class)
|
|
->middleware(['signed', 'throttle:6,1'])
|
|
->name('verification.verify');
|
|
|
|
Route::livewire('/confirm-password', 'auth.confirm-password')
|
|
->name('password.confirm');
|
|
});
|
|
|
|
/*
|
|
* Mobile app auth flow: works for guests (login via Lightning/Nostr) and
|
|
* for already authenticated users (confirmation screen), so it lives
|
|
* outside the guest group.
|
|
*/
|
|
Route::livewire('/auth/mobile', 'auth.mobile-login')
|
|
->middleware('throttle:30,1')
|
|
->name('auth.mobile');
|
|
|
|
Route::get('/auth/mobile/complete/{k1}', [MobileAuthController::class, 'complete'])
|
|
->where('k1', '[a-f0-9]{64}')
|
|
->middleware('throttle:30,1')
|
|
->name('auth.mobile.complete');
|
|
|
|
// NIP-55 signer callback (Amber): k1 in the path, the signer appends the
|
|
// URL-encoded signed event after the trailing slash. With verified App
|
|
// Links this URL opens the app directly; this web route is the fallback.
|
|
Route::get('/auth/mobile/signed/{payload}', [MobileAuthController::class, 'signedCallback'])
|
|
->where('payload', '.*')
|
|
->middleware('throttle:30,1')
|
|
->name('auth.mobile.signed');
|
|
|
|
// App handoff: verified Android App Link — opens the app with the token.
|
|
// In the browser (unverified install) it renders a button-based fallback.
|
|
Route::get('/app/auth', [MobileAuthController::class, 'handoff'])
|
|
->middleware('throttle:30,1')
|
|
->name('auth.mobile.handoff');
|
|
|
|
Route::post('/auth/mobile/confirm', [MobileAuthController::class, 'confirm'])
|
|
->middleware(['auth', 'throttle:30,1'])
|
|
->name('auth.mobile.confirm');
|
|
|
|
Route::post('logout', Logout::class)
|
|
->name('logout');
|