[2.x] Adds ability to modify registered routes. (#77)

Laragear · Mar 18, 2024 · 15b29db · 15b29db
1 parent a067268
commit 15b29db
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -136,28 +136,34 @@ From here you're ready to work with WebAuthn Authentication. The following steps
 
 WebAuthn uses exclusive routes to register and authenticate users. Creating these routes and controller may be cumbersome, specially if it's your first time in the WebAuthn realm, so these are installed automatically at `Http\Controllers\WebAuthn` when using `webauthn:install`.
 
-Go into your `web.php` routes file and register a default set of routes with the `\Laragear\WebAuthn\Http\Routes::register()` method.
+Go into your `web.php` routes file and register a default set of routes with the `\Laragear\WebAuthn\Http\Routes::register()` method. Since WebAuthn doesn't require protection for CSRF/XSRF tokens, you may disable it for these routes.
 
 ```php
 // web.php
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
 use Illuminate\Support\Facades\Route;
 use Laragear\WebAuthn\Http\Routes as WebAuthnRoutes;
 
 Route::view('welcome');
 
 // WebAuthn Routes
-WebAuthnRoutes::register();
+WebAuthnRoutes::register()->withoutMiddleware(VerifyCsrfToken::class);
 ```
 
+> [!TIP]
+> 
+> The [`@laragear/webpass` javascript helper](#5-use-the-javascript-helper) supports adding CSRF/XSRF tokens.
+
 The method allows to use different attestation and assertion paths, and even each of the controllers.
 
 ```php
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
 use Laragear\WebAuthn\Http\Routes as WebAuthnRoutes;
 
 WebAuthnRoutes::register(
     attest: 'auth/register',
     assert: 'auth/login'
-);
+)->withoutMiddleware(VerifyCsrfToken::class);
 ```
 
 > [!INFO]

diff --git a/src/Http/Routes.php b/src/Http/Routes.php
@@ -2,6 +2,7 @@
 
 namespace Laragear\WebAuthn\Http;
 
+use Illuminate\Routing\RouteRegistrar;
 use Illuminate\Support\Facades\Route;
 
 class Routes
@@ -14,8 +15,8 @@ public static function register(
         string $attestController = 'App\Http\Controllers\WebAuthn\WebAuthnRegisterController',
         string $assert = 'webauthn/login',
         string $assertController = 'App\Http\Controllers\WebAuthn\WebAuthnLoginController',
-    ): void {
-        Route::middleware('web')
+    ): RouteRegistrar {
+        return Route::middleware('web')
             ->group(static function () use ($assert, $assertController, $attest, $attestController): void {
                 Route::controller($attestController)
                     ->group(static function () use ($attest): void {