X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/3b31ac75ec41b3990cea770a9e48e2066bd8e9a3..refs/pull/5685/head:/app/App/Providers/RouteServiceProvider.php

diff --git a/app/App/Providers/RouteServiceProvider.php b/app/App/Providers/RouteServiceProvider.php
index 913dfa435..97c3e7c77 100644
--- a/app/App/Providers/RouteServiceProvider.php
+++ b/app/App/Providers/RouteServiceProvider.php
@@ -2,9 +2,12 @@
 
 namespace BookStack\App\Providers;
 
+use BookStack\Facades\Theme;
+use BookStack\Theming\ThemeEvents;
 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
 use Illuminate\Http\Request;
+use Illuminate\Routing\Router;
 use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Facades\Route;
 
@@ -21,10 +24,8 @@ class RouteServiceProvider extends ServiceProvider
 
     /**
      * Define your route model bindings, pattern filters, etc.
-     *
-     * @return void
      */
-    public function boot()
+    public function boot(): void
     {
         $this->configureRateLimiting();
 
@@ -38,16 +39,21 @@ class RouteServiceProvider extends ServiceProvider
      * Define the "web" routes for the application.
      *
      * These routes all receive session state, CSRF protection, etc.
-     *
-     * @return void
      */
-    protected function mapWebRoutes()
+    protected function mapWebRoutes(): void
     {
         Route::group([
             'middleware' => 'web',
             'namespace'  => $this->namespace,
-        ], function ($router) {
+        ], function (Router $router) {
             require base_path('routes/web.php');
+            Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB, $router);
+        });
+
+        Route::group([
+            'middleware' => ['web', 'auth'],
+        ], function (Router $router) {
+            Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB_AUTH, $router);
         });
     }
 
@@ -55,10 +61,8 @@ class RouteServiceProvider extends ServiceProvider
      * Define the "api" routes for the application.
      *
      * These routes are typically stateless.
-     *
-     * @return void
      */
-    protected function mapApiRoutes()
+    protected function mapApiRoutes(): void
     {
         Route::group([
             'middleware' => 'api',
@@ -71,13 +75,22 @@ class RouteServiceProvider extends ServiceProvider
 
     /**
      * Configure the rate limiters for the application.
-     *
-     * @return void
      */
-    protected function configureRateLimiting()
+    protected function configureRateLimiting(): void
     {
         RateLimiter::for('api', function (Request $request) {
             return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
         });
+
+        RateLimiter::for('public', function (Request $request) {
+            return Limit::perMinute(10)->by($request->ip());
+        });
+
+        RateLimiter::for('exports', function (Request $request) {
+            $user = user();
+            $attempts = $user->isGuest() ? 4 : 10;
+            $key = $user->isGuest() ? $request->ip() : $user->id;
+            return Limit::perMinute($attempts)->by($key);
+        });
     }
 }