mirror of
				https://github.com/firefly-iii/firefly-iii.git
				synced 2025-10-25 21:16:47 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			85 lines
		
	
	
		
			3.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			85 lines
		
	
	
		
			3.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| 
 | |
| /*
 | |
|  * sanctum.php
 | |
|  * Copyright (c) 2022 james@firefly-iii.org
 | |
|  *
 | |
|  * This file is part of Firefly III (https://github.com/firefly-iii).
 | |
|  *
 | |
|  * This program is free software: you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU Affero General Public License as
 | |
|  * published by the Free Software Foundation, either version 3 of the
 | |
|  * License, or (at your option) any later version.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU Affero General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU Affero General Public License
 | |
|  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 | |
|  */
 | |
| 
 | |
| declare(strict_types=1);
 | |
| 
 | |
| use FireflyIII\Http\Middleware\EncryptCookies;
 | |
| use FireflyIII\Http\Middleware\VerifyCsrfToken;
 | |
| 
 | |
| return [
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Stateful Domains
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | Requests from the following domains / hosts will receive stateful API
 | |
|     | authentication cookies. Typically, these should include your local
 | |
|     | and production domains which access your API via a frontend SPA.
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'stateful'   => explode(',', env('SANCTUM_STATEFUL_DOMAINS', '')),
 | |
| 
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Sanctum Guards
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | This array contains the authentication guards that will be checked when
 | |
|     | Sanctum is trying to authenticate a request. If none of these guards
 | |
|     | are able to authenticate the request, Sanctum will use the bearer
 | |
|     | token that's present on an incoming request for authentication.
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'guard'      => [env('AUTHENTICATION_GUARD', 'web')],
 | |
| 
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Expiration Minutes
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | This value controls the number of minutes until an issued token will be
 | |
|     | considered expired. If this value is null, personal access tokens do
 | |
|     | not expire. This won't tweak the lifetime of first-party sessions.
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'expiration' => null,
 | |
| 
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Sanctum Middleware
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | When authenticating your first-party SPA with Sanctum you may need to
 | |
|     | customize some of the middleware Sanctum uses while processing the
 | |
|     | request. You may change the middleware listed below as required.
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'middleware' => [
 | |
|         'verify_csrf_token' => VerifyCsrfToken::class,
 | |
|         'encrypt_cookies'   => EncryptCookies::class,
 | |
|     ],
 | |
| ];
 |