Currently there is no protection and anyone can add files calling the POST /nova-tiptap/api/files.
This PR fixes this security issue, adding a middleware to protect API routes.
I also changed how routes are registered by following what is generated using the nova:resource-tool command.
Hi there - first of all thank you for your PR.
Could you please in the future check the box "Allow edits by maintainers" so I can make changes right inside your PR?
Currently there is no protection and anyone can add files calling the
POST /nova-tiptap/api/files
. This PR fixes this security issue, adding a middleware to protect API routes.I also changed how routes are registered by following what is generated using the
nova:resource-tool
command.