From d9090d3bf88504b6f293cfe36d1d52f717cebc01 Mon Sep 17 00:00:00 2001 From: Djery-Tom Date: Wed, 16 Feb 2022 15:08:12 +0100 Subject: [PATCH] Remove security on NanoSante pdf-viewer endpoint --- routes/web.php | 95 ++++++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/routes/web.php b/routes/web.php index f32745e..fa6223f 100755 --- a/routes/web.php +++ b/routes/web.php @@ -202,52 +202,55 @@ $router->get('/geocode', 'HelperController@getGoogleGeocoding'); /** * Routes for NanoSante Service */ - $router->group(['prefix' => '/'.config('services.nano_sante_service.name'),'middleware' => 'auth:api'], function () use ($router){ - // Insurances routes - $router->group(['prefix' => '/insurances'], function () use ($router) { - $router->get('', 'NanoSanteServiceController@get'); - $router->get('networks', 'NanoSanteServiceController@get'); - $router->put('{id}/add-beneficiaries', 'NanoSanteServiceController@put'); - $router->put('{id}/delete-beneficiaries', 'NanoSanteServiceController@put'); - $router->put('{id}/stop', 'NanoSanteServiceController@put'); - $router->put('{id}/renew', 'NanoSanteServiceController@put'); - - // Subscriptions $router->put('{id}/stop', 'InsuranceController@stopInsurance'); - - $router->group(['prefix' => '/subscriptions'], function () use ($router) { - $router->post('bonus-amount', 'NanoSanteServiceController@post'); - $router->post('upload-images', 'NanoSanteServiceController@postWithFiles'); - $router->post('', 'NanoSanteServiceController@post'); -// $router->put('{id}/validate', 'NanoSanteServiceController@put'); -// $router->put('{id}/reject', 'NanoSanteServiceController@put'); - $router->put('{id}/pay', 'NanoSanteServiceController@put'); - $router->get('', 'NanoSanteServiceController@get'); - }); - }); - - // Insurances routes - $router->group(['prefix' => '/insured'], function () use ($router) { - //Search - $router->get('', 'NanoSanteServiceController@get'); - }); - - $router->get('drugs-and-devices', 'NanoSanteServiceController@get'); - $router->post('drugs-and-devices', 'NanoSanteServiceController@post'); - $router->get('provider-classes', 'NanoSanteServiceController@get'); - $router->get('acts', 'NanoSanteServiceController@get'); - - $router->get('health-care-sheets', 'NanoSanteServiceController@get'); - $router->put('health-care-sheets', 'NanoSanteServiceController@put'); - $router->post('health-care-sheets/performances-amount', 'NanoSanteServiceController@post'); - $router->post('health-care-sheets/consultation', 'NanoSanteServiceController@post'); - $router->post('health-care-sheets/execution', 'NanoSanteServiceController@post'); - $router->get('health-care-sheets/{id}', 'NanoSanteServiceController@get'); - $router->put('health-care-sheets/{id}', 'NanoSanteServiceController@put'); - - $router->get('generate-invoice', 'NanoSanteServiceController@get'); - $router->get('invoices', 'NanoSanteServiceController@get'); + $router->group(['prefix' => '/'.config('services.nano_sante_service.name')], function () use ($router){ $router->get('pdf-viewer', 'NanoSanteServiceController@get'); - $router->get('authorizations-care-requests', 'NanoSanteServiceController@get'); - $router->post('authorizations-care-requests', 'NanoSanteServiceController@post'); + $router->group(['middleware' => 'auth:api'], function () use ($router){ + // Insurances routes + $router->group(['prefix' => '/insurances'], function () use ($router) { + $router->get('', 'NanoSanteServiceController@get'); + $router->get('networks', 'NanoSanteServiceController@get'); + $router->put('{id}/add-beneficiaries', 'NanoSanteServiceController@put'); + $router->put('{id}/delete-beneficiaries', 'NanoSanteServiceController@put'); + $router->put('{id}/stop', 'NanoSanteServiceController@put'); + $router->put('{id}/renew', 'NanoSanteServiceController@put'); + + // Subscriptions $router->put('{id}/stop', 'InsuranceController@stopInsurance'); + + $router->group(['prefix' => '/subscriptions'], function () use ($router) { + $router->post('bonus-amount', 'NanoSanteServiceController@post'); + $router->post('upload-images', 'NanoSanteServiceController@postWithFiles'); + $router->post('', 'NanoSanteServiceController@post'); +// $router->put('{id}/validate', 'NanoSanteServiceController@put'); +// $router->put('{id}/reject', 'NanoSanteServiceController@put'); + $router->put('{id}/pay', 'NanoSanteServiceController@put'); + $router->get('', 'NanoSanteServiceController@get'); + }); + }); + + // Insurances routes + $router->group(['prefix' => '/insured'], function () use ($router) { + //Search + $router->get('', 'NanoSanteServiceController@get'); + }); + + $router->get('drugs-and-devices', 'NanoSanteServiceController@get'); + $router->post('drugs-and-devices', 'NanoSanteServiceController@post'); + $router->get('provider-classes', 'NanoSanteServiceController@get'); + $router->get('acts', 'NanoSanteServiceController@get'); + + $router->get('health-care-sheets', 'NanoSanteServiceController@get'); + $router->put('health-care-sheets', 'NanoSanteServiceController@put'); + $router->post('health-care-sheets/performances-amount', 'NanoSanteServiceController@post'); + $router->post('health-care-sheets/consultation', 'NanoSanteServiceController@post'); + $router->post('health-care-sheets/execution', 'NanoSanteServiceController@post'); + $router->get('health-care-sheets/{id}', 'NanoSanteServiceController@get'); + $router->put('health-care-sheets/{id}', 'NanoSanteServiceController@put'); + + $router->get('generate-invoice', 'NanoSanteServiceController@get'); + $router->get('invoices', 'NanoSanteServiceController@get'); + + $router->get('authorizations-care-requests', 'NanoSanteServiceController@get'); + $router->post('authorizations-care-requests', 'NanoSanteServiceController@post'); + }); });