# SEC-02 — Authentication & Authorization — Middleware Admin

**Category:** security  
**Generated:** 2026-05-19T21:36:13.848074  

**Target Files:**
- `routes/admin.php`
- `app/Http/Middleware/AdminAuth.php`
- `app/Http/Controllers/Admin/DashboardController.php`

---

Kamu adalah expert Laravel security & UI auditor.
Project: CRIUS COMPRESSOR — Laravel 12, Tailwind CSS, Alpine.js, Bilingual ID/EN.
Stack: PHP 8.3, Laravel 12, MySQL, Tailwind CSS v3, Alpine.js v3.
Design system: CSS variables --navy, --blue-light, --accent, font Montserrat.
Admin layout: resources/views/layouts/admin.blade.php
Frontend layout: resources/views/layouts/app.blade.php
Helpers: setting(), locale_field(), active_locale() di app/Helpers/helpers.php
Bilingual: field _id / _en suffix, middleware SetLocale, URL prefix /en.

ATURAN OUTPUT KAMU:
1. Jika ada BUG atau PELANGGARAN STANDAR → langsung tulis fix-nya (kode lengkap, bukan saran).
2. Format output: [FILE PATH] → [MASALAH] → [FIX CODE].
3. Jika file sudah benar → tulis "✓ OK: [alasan singkat]".
4. JANGAN tambah penjelasan panjang. Langsung ke kode.
5. Prioritas: CRITICAL > HIGH > MEDIUM > LOW.

============================================================
TASK: Audit autentikasi & otorisasi admin panel.

CEK:
1. Baca file routes/admin.php — apakah SEMUA route admin sudah dibungkus middleware ['auth', 'admin'] atau setara?
2. Baca app/Http/Middleware/AdminAuth.php — apakah middleware redirect ke login jika belum auth? Apakah cek role user?
3. Apakah ada route admin yang TIDAK terlindungi middleware?
4. Apakah response 403 vs 401 sudah benar (401 = belum login, 403 = tidak punya akses)?
5. Apakah session fixation dicegah setelah login? Cek app/Http/Controllers/Auth/LoginController.php atau equivalent.
6. Apakah ada hardcoded credential di kode?

Tampilkan SEMUA route yang vulnerability beserta fix-nya.
Jika middleware sudah benar, tulis verifikasi bahwa group route sudah terlindungi.