From 15b29db0edb0a12c0fa45c404e57b0d5f1789465 Mon Sep 17 00:00:00 2001
From: Italo <DarkGhostHunter@Gmail.com>
Date: Mon, 18 Mar 2024 19:38:29 -0300
Subject: [PATCH] [2.x] Adds ability to modify registered routes. (#77)

---
 README.md           | 12 +++++++++---
 src/Http/Routes.php |  5 +++--
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index c4487fc..ffdb09a 100644
--- a/README.md
+++ b/README.md
@@ -136,28 +136,34 @@ From here you're ready to work with WebAuthn Authentication. The following steps
 
 WebAuthn uses exclusive routes to register and authenticate users. Creating these routes and controller may be cumbersome, specially if it's your first time in the WebAuthn realm, so these are installed automatically at `Http\Controllers\WebAuthn` when using `webauthn:install`.
 
-Go into your `web.php` routes file and register a default set of routes with the `\Laragear\WebAuthn\Http\Routes::register()` method.
+Go into your `web.php` routes file and register a default set of routes with the `\Laragear\WebAuthn\Http\Routes::register()` method. Since WebAuthn doesn't require protection for CSRF/XSRF tokens, you may disable it for these routes.
 
 ```php
 // web.php
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
 use Illuminate\Support\Facades\Route;
 use Laragear\WebAuthn\Http\Routes as WebAuthnRoutes;
 
 Route::view('welcome');
 
 // WebAuthn Routes
-WebAuthnRoutes::register();
+WebAuthnRoutes::register()->withoutMiddleware(VerifyCsrfToken::class);
 ```
 
+> [!TIP]
+> 
+> The [`@laragear/webpass` javascript helper](#5-use-the-javascript-helper) supports adding CSRF/XSRF tokens.
+
 The method allows to use different attestation and assertion paths, and even each of the controllers.
 
 ```php
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
 use Laragear\WebAuthn\Http\Routes as WebAuthnRoutes;
 
 WebAuthnRoutes::register(
     attest: 'auth/register',
     assert: 'auth/login'
-);
+)->withoutMiddleware(VerifyCsrfToken::class);
 ```
 
 > [!INFO]
diff --git a/src/Http/Routes.php b/src/Http/Routes.php
index 35fe0b5..753e426 100644
--- a/src/Http/Routes.php
+++ b/src/Http/Routes.php
@@ -2,6 +2,7 @@
 
 namespace Laragear\WebAuthn\Http;
 
+use Illuminate\Routing\RouteRegistrar;
 use Illuminate\Support\Facades\Route;
 
 class Routes
@@ -14,8 +15,8 @@ public static function register(
         string $attestController = 'App\Http\Controllers\WebAuthn\WebAuthnRegisterController',
         string $assert = 'webauthn/login',
         string $assertController = 'App\Http\Controllers\WebAuthn\WebAuthnLoginController',
-    ): void {
-        Route::middleware('web')
+    ): RouteRegistrar {
+        return Route::middleware('web')
             ->group(static function () use ($assert, $assertController, $attest, $attestController): void {
                 Route::controller($attestController)
                     ->group(static function () use ($attest): void {