Skip to content

refactor(1-B): middleware — remove dead pipeline middleware, fix auth routing#1472

Merged
herpaderpaldent merged 10 commits into
5.xfrom
web/refactor/middleware
Apr 28, 2026
Merged

refactor(1-B): middleware — remove dead pipeline middleware, fix auth routing#1472
herpaderpaldent merged 10 commits into
5.xfrom
web/refactor/middleware

Conversation

@herpaderpaldent
Copy link
Copy Markdown
Contributor

@herpaderpaldent herpaderpaldent commented Apr 24, 2026
edited
Loading

Summary

Removes dead pipeline-based middleware inherited from the old affiliation system and tidies up authentication routing. ACL sub-routes and moderation middleware are intentionally out of scope — they will be replaced wholesale in the upcoming Control Groups Overhaul (Phase 1.5-J) together with the new typed controllers and UI.

Changes

Deleted (dead pipeline middleware)

  • CheckContactsAndAffiliation — superseded by CheckAuthorization in the auth package
  • CheckPermissionAndAffiliation — superseded by CheckAuthorization in the auth package
  • CheckACLPermission — no longer needed; ACL routes will be re-gated via DI in Phase 1.5-J

Updated

  • Authenticate — fix redirect to use login named route (L11 convention)
  • WebServiceProvider — deregister removed middleware aliases
  • routes/routes.php — remove stale middleware references from non-ACL routes
  • routes/Routes/Corporation/Wallet.php — clean up stale comment
  • LoginController / LogoutController — align with L11 conventions

Test

  • RouteTest — update access control route assertions to reflect the middleware removal

What is intentionally NOT in this PR

Deferred concern Where it will be handled
ACL sub-route guards (CheckAffiliationForApplication etc.) Phase 1.5-J — controllers own their guards via constructor DI
Moderation middleware Phase 1.5-J — replaced by typed controllers + auth actions
New CheckAuthorization integration on ACL routes Phase 1.5-J — together with the full route restructure

Testing

composer run test passes locally — 184 tests, PHPStan clean, 100% type coverage.

@what-the-diff
Copy link
Copy Markdown

what-the-diff Bot commented Apr 24, 2026

PR Summary

  • Authorization Middleware Overhaul:
    The middleware governing permissions was updated for better consistency and improved security. Everywhere the outdated CheckPermissionOrCorporationRole was used, we've replaced it with CheckAuthorization. This not only increases the granularity of access control but also simplifies and streamlines the permission handling process across all routes.

  • Accommodating New Login/Logout Process:
    New routes were added for login and logout, with associated LoginController and LogoutController. The middleware has also been updated to better handle affiliation and permissions.

  • Improved Code Readability and Consistency:
    This update also focused on code cleanup and formatting. We've fixed numerous inconsistencies across our codebase, which will make the code more readable and maintainable. Irrelevant comments, middleware classes and references have been removed.

  • Improved Sidebar Navigation:
    A new utility, SidebarPermissionChecker, has been added. Each option in the sidebar menu will now be displayed based on user permissions and roles, creating a more user-centric navigation experience.

  • New Affiliation ID Service:
    A new service, GetAffiliatedIds, has been created. This component encapsulates the logic involved in fetching affiliated IDs based on user permission and roles, allowing for more controlled access and data management.

  • Configuration and Corporation Routes Security Enhancement:
    The process for altering configuration has been fortified by requiring the new authorization middleware for all changes. This security enhancement also extends to routes related to corporations, member compliance, tracking, wallet, and recruitment.

Base automatically changed from web/feat/laravel11-baseline to 5.x April 27, 2026 09:54
herpaderpaldent and others added 3 commits April 27, 2026 12:09
@herpaderpaldent
Refactor middleware: replace affiliation pipeline with CheckAuthoriza…
25e7afc 
…tion

- Remove CheckContactsAndAffiliation and CheckPermissionAndAffiliation (pipeline-based
  middleware replaced by simpler auth.CheckAuthorization from the auth package)
- Authenticate: fix redirect route name auth.login → login
- CheckACLPermission: rewrite to use RoleMembership.can_moderate instead of Role.moderators
- CheckAffiliationForApplication: rewrite to use new GetAffiliatedIds service
- CheckRequiredScopes: fix redirectTo() return type; extract render() as separate action
- HandleInertiaRequests: update SidebarEntries call to getFilteredEntries()
- Add LoginController and LogoutController (new dedicated auth controllers)
- GetAffiliatedIds: new service wrapping CanUserService for permission-based ID resolution
- SidebarEntries: refactor filter() → getFilteredEntries(), extract SidebarPermissionChecker
- SidebarPermissionChecker: new dedicated permission checker for sidebar visibility
- WebServiceProvider: remove deleted middleware imports, apply Pint formatting
- routes/: add login/logout named routes, apply CheckAuthorization middleware throughout,
  remove references to deleted middleware classes

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

# Conflicts:
#	routes/Routes/Character/Assets.php
#	routes/Routes/Character/Contact.php
#	routes/Routes/Character/Contract.php
#	routes/Routes/Character/CorporationHistory.php
#	routes/Routes/Character/Mails.php
#	routes/Routes/Character/Skills.php
#	routes/Routes/Character/Wallet.php
#	routes/Routes/Corporation/MemberCompliance.php
#	routes/Routes/Corporation/Wallet.php
#	routes/routes.php
#	src/Http/Controllers/Auth/LoginController.php
#	src/Http/Controllers/Auth/LogoutController.php
#	src/Http/Middleware/Authenticate.php
#	src/Http/Middleware/CheckACLPermission.php
#	src/Http/Middleware/CheckAffiliationForApplication.php
#	src/Http/Middleware/CheckRequiredScopes.php
#	src/Http/Middleware/Locale.php
#	src/Services/GetAffiliatedIds.php
#	src/Services/Sidebar/SidebarEntries.php
#	src/Services/Sidebar/SidebarPermissionChecker.php
#	src/WebServiceProvider.php
@herpaderpaldent
Fix styling
1b930ad
@herpaderpaldent
fix: propagate CI trigger fix from 1-A branch
f4e2af8 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@herpaderpaldent herpaderpaldent force-pushed the web/refactor/middleware branch from 1e1a8eb to f4e2af8 Compare April 27, 2026 10:13
@herpaderpaldent herpaderpaldent changed the title refactor(1-B): middleware — CheckAuthorization, login/logout controllers, GetAffiliatedIds service refactor(1-B): middleware — remove dead pipeline middleware, fix auth routing Apr 28, 2026
herpaderpaldent and others added 2 commits April 28, 2026 07:01
@herpaderpaldent
ci: trigger CI run after 1-A merge
a817640 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@herpaderpaldent
ci: replace auto-commit Pint bot with check-only mode
4250c08 
GITHUB_TOKEN commits do not trigger other workflows (by design), so
the auto-commit pattern causes the Laravel CI to silently skip after
every styling fix. Switch to --test mode: fail fast, force devs to
run 'composer run lint' locally before pushing.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@herpaderpaldent herpaderpaldent merged commit f319afb into 5.x Apr 28, 2026
3 checks passed
@herpaderpaldent herpaderpaldent deleted the web/refactor/middleware branch April 28, 2026 06:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@herpaderpaldent