withRouting( web: __DIR__.'/../routes/domains.php', // 도메인 라우팅은 routes에서 처리 commands: __DIR__.'/../routes/console.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware): void { // ✅ Reverse Proxy 신뢰(정확한 client ip, https 판단) $middleware->trustProxies(at: [ '192.168.100.0/24', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', ]); // ✅ trustHosts는 요청 시점에 config 기반으로 적용 $middleware->prepend(\App\Http\Middleware\TrustedHostsFromConfig::class); // ✅ CSRF 예외 처리 $middleware->validateCsrfTokens(except: [ 'auth/register/danal/result', #다날인증 'mypage/info/danal/result', #다날인증 'pay/danal/card/return', #다날카드 결제 'pay/danal/vact/return', #다날가상계좌 'pay/danal/vact/noti', #다날가상계좌 'pay/danal/phone/return', #다날휴대폰 결제 'pay/danal/phone/cancel', #다날휴대폰 결제취소 'pay/danal/cancel', ]); // ✅ alias 등록 $middleware->alias([ 'legacy.auth' => \App\Http\Middleware\LegacyAuth::class, 'legacy.guest' => \App\Http\Middleware\LegacyGuest::class, 'admin.ip' => \App\Http\Middleware\AdminIpAllowlist::class, 'admin.role' => \App\Http\Middleware\AdminRole::class, ]); // ✅ guest redirect (auth 미들웨어가 login 라우트 찾다 터지는거 방지) $middleware->redirectGuestsTo(function (Request $request) { $adminHost = (string) config('app.admin_domain', ''); return ($adminHost !== '' && $request->getHost() === $adminHost) ? '/login' : '/auth/login'; }); }) ->withExceptions(function (Exceptions $exceptions): void { $exceptions->render(function (InvalidSignatureException $e, $request) { return redirect('/')->with('alert', '잘못된 접근입니다.'); }); }) ->create();