soeren/ai-stylegallery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Galerien sind nun eine Entität - es kann mehrere geben

Browse Source 
- Neues Sparkbooth-Upload-Feature: Endpoint /api/sparkbooth/upload (Token-basiert pro Galerie), Controller Api/SparkboothUploadController, Migration 2026_01_21_000001_add_upload_fields_to_galleries_table.php mit Upload-Flags/Token/Expiry;
    Galerie-Modell und Factory/Seeder entsprechend erweitert.
  - Filament: Neue Setup-Seite SparkboothSetup (mit View) zur schnellen Galerie- und Token-Erstellung inkl. QR/Endpoint/Snippet;
    Galerie-Link-Views nutzen jetzt simple-qrcode (Composer-Dependency hinzugefügt) und bieten PNG-Download.
  - Galerie-Tabelle: Slug/Pfad-Spalten entfernt, Action „Link-Details“ mit Modal; Created-at-Spalte hinzugefügt.
  - Zugriffshärtung: Galerie-IDs in API (ImageController, Download/Print) geprüft; GalleryAccess/Middleware + Gallery-Modell/Slug-UUID
    eingeführt; GalleryAccess-Inertia-Seite.
  - UI/UX: LoadingSpinner/StyledImageDisplay verbessert, Delete-Confirm, Übersetzungen ergänzt.
This commit is contained in:
soeren
2025-12-04 07:52:50 +01:00
parent 52dc61ca16
commit f5da8ed877
49 changed files with 2243 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
app/Filament/Pages/GlobalSettings.php
View File

@@ -5,6 +5,8 @@ namespace App\Filament\Pages;
use App\Services\PrinterService;
use App\Settings\GeneralSettings;
use BackedEnum;
use Carbon\Carbon;
use Filament\Forms\Components\DateTimePicker;
use Filament\Forms\Components\Select;
use Filament\Forms\Components\TextInput;
use Filament\Forms\Components\Toggle;
@@ -14,6 +16,7 @@ use Filament\Notifications\Notification;
use Filament\Pages\Page;
use Filament\Schemas\Schema;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Hash;
use UnitEnum;
class GlobalSettings extends Page implements HasForms
@@ -40,7 +43,10 @@ class GlobalSettings extends Page implements HasForms
public function mount(GeneralSettings $settings): void
{
$this->form->fill($settings->toArray());
$data = $settings->toArray();
$data['gallery_password'] = null;
$this->form->fill($data);
}
public function form(Schema $schema): Schema
@@ -59,6 +65,24 @@ class GlobalSettings extends Page implements HasForms
TextInput::make('gallery_heading')
->label(__('filament.resource.setting.form.gallery_heading'))
->required(),
Toggle::make('require_gallery_password')
->label(__('filament.resource.setting.form.require_gallery_password'))
->helperText(__('filament.resource.setting.form.require_gallery_password_help')),
TextInput::make('gallery_password')
->label(__('filament.resource.setting.form.gallery_password'))
->password()
->revealable()
->helperText(__('filament.resource.setting.form.gallery_password_help'))
->dehydrated(true),
DateTimePicker::make('gallery_expires_at')
->label(__('filament.resource.setting.form.gallery_expires_at'))
->native(false)
->seconds(false),
TextInput::make('gallery_access_duration_minutes')
->label(__('filament.resource.setting.form.gallery_access_duration_minutes'))
->numeric()
->minValue(1)
->helperText(__('filament.resource.setting.form.gallery_access_duration_help')),
TextInput::make('new_image_timespan_minutes')
->label(__('filament.resource.setting.form.new_image_timespan_minutes'))
->numeric()
@@ -92,11 +116,39 @@ class GlobalSettings extends Page implements HasForms
$data['custom_printer_address'] = null;
}
$data['require_gallery_password'] = (bool) Arr::get($data, 'require_gallery_password', false);
$data['new_image_timespan_minutes'] = (int) Arr::get($data, 'new_image_timespan_minutes', 0);
$data['image_refresh_interval'] = (int) Arr::get($data, 'image_refresh_interval', 0);
$data['max_number_of_copies'] = (int) Arr::get($data, 'max_number_of_copies', 0);
$data['show_print_button'] = (bool) Arr::get($data, 'show_print_button', false);
$data['custom_printer_address'] = $data['custom_printer_address'] ?: null;
$duration = Arr::get($data, 'gallery_access_duration_minutes');
$data['gallery_access_duration_minutes'] = $duration === null || $duration === '' ? null : (int) $duration;
$expiresAt = Arr::get($data, 'gallery_expires_at');
$data['gallery_expires_at'] = $expiresAt ? Carbon::parse($expiresAt) : null;
$newPassword = Arr::get($data, 'gallery_password');
$currentHash = $settings->gallery_password_hash;
if (! $data['require_gallery_password']) {
$data['gallery_password_hash'] = null;
} else {
$data['gallery_password_hash'] = $newPassword
? Hash::make($newPassword)
: $currentHash;
if (! $data['gallery_password_hash']) {
Notification::make()
->title(__('filament.resource.setting.form.gallery_password_missing'))
->danger()
->send();
return;
}
}
unset($data['gallery_password']);
$settings->fill($data)->save();

107
app/Filament/Pages/SparkboothSetup.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
namespace App\Filament\Pages;
use App\Models\Gallery;
use BackedEnum;
use Filament\Forms\Components\TextInput;
use Filament\Forms\Components\Toggle;
use Filament\Forms\Concerns\InteractsWithForms;
use Filament\Forms\Contracts\HasForms;
use Filament\Notifications\Notification;
use Filament\Pages\Page;
use Filament\Schemas\Schema;
use Illuminate\Support\Str;
use UnitEnum;
class SparkboothSetup extends Page implements HasForms
{
use InteractsWithForms;
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-camera';
protected static string|UnitEnum|null $navigationGroup = 'Admin';
protected static ?int $navigationSort = 10;
protected string $view = 'filament.pages.sparkbooth-setup';
public ?array $data = [];
public ?array $result = null;
public function getTitle(): string
{
return 'Sparkbooth Setup';
}
public function form(Schema $schema): Schema
{
return $schema
->schema([
TextInput::make('name')
->label('Event-Name')
->required(),
TextInput::make('title')
->label('Galerie Titel')
->required(),
TextInput::make('images_path')
->label('Upload-Pfad')
->helperText('Relativ zu public/storage, z.B. uploads/event-xyz')
->default(fn () => 'uploads/'.Str::slug('event-'.Str::random(4)))
->required(),
Toggle::make('allow_print')
->label('Drucken erlauben')
->default(true),
Toggle::make('allow_ai_styles')
->label('AI-Stile erlauben')
->default(true),
Toggle::make('upload_enabled')
->label('Uploads aktivieren')
->default(true),
])
->statePath('data');
}
public function save(): void
{
$data = $this->form->getState();
$gallery = new Gallery([
'name' => $data['name'],
'title' => $data['title'],
'images_path' => trim($data['images_path'], '/'),
'is_public' => true,
'allow_ai_styles' => (bool) $data['allow_ai_styles'],
'allow_print' => (bool) $data['allow_print'],
'upload_enabled' => (bool) $data['upload_enabled'],
]);
$gallery->slug = Str::uuid()->toString();
$plainToken = Str::random(40);
$gallery->setUploadToken($plainToken);
$gallery->save();
$this->result = [
'gallery' => $gallery->only(['id', 'name', 'slug', 'images_path']),
'upload_token' => $plainToken,
'upload_url' => route('api.sparkbooth.upload'),
'gallery_url' => route('gallery.show', $gallery),
];
Notification::make()
->title('Galerie erstellt und Upload-Token generiert.')
->success()
->send();
}
protected function getFormActions(): array
{
return [
\Filament\Actions\Action::make('save')
->label('Setup erstellen')
->submit('save'),
];
}
}

86
app/Filament/Resources/Galleries/GalleryResource.php Normal file
View File

@@ -0,0 +1,86 @@
<?php
namespace App\Filament\Resources\Galleries;
use App\Filament\Resources\Galleries\Pages\CreateGallery;
use App\Filament\Resources\Galleries\Pages\EditGallery;
use App\Filament\Resources\Galleries\Pages\ListGalleries;
use App\Filament\Resources\Galleries\Schemas\GalleryForm;
use App\Filament\Resources\Galleries\Tables\GalleriesTable;
use App\Models\Gallery;
use BackedEnum;
use Filament\Resources\Resource;
use Filament\Schemas\Schema;
use Filament\Support\Icons\Heroicon;
use Filament\Tables\Table;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use UnitEnum;
class GalleryResource extends Resource
{
protected static ?string $model = Gallery::class;
protected static string|BackedEnum|null $navigationIcon = Heroicon::OutlinedRectangleStack;
protected static UnitEnum|string|null $navigationGroup = 'Content';
public static function getNavigationGroup(): ?string
{
return __('filament.navigation.groups.content');
}
public static function form(Schema $schema): Schema
{
return GalleryForm::configure($schema);
}
public static function table(Table $table): Table
{
return GalleriesTable::configure($table);
}
public static function getRelations(): array
{
return [
//
];
}
public static function getPages(): array
{
return [
'index' => ListGalleries::route('/'),
'create' => CreateGallery::route('/create'),
'edit' => EditGallery::route('/{record}/edit'),
];
}
public static function mutateFormDataBeforeCreate(array $data): array
{
$data = self::mutatePassword($data);
$data['slug'] = $data['slug'] ?: Str::uuid()->toString();
return $data;
}
public static function mutateFormDataBeforeSave(array $data): array
{
$data = self::mutatePassword($data);
$data['slug'] = $data['slug'] ?: Str::uuid()->toString();
return $data;
}
private static function mutatePassword(array $data): array
{
$password = $data['password'] ?? null;
unset($data['password']);
if (! empty($password)) {
$data['password_hash'] = Hash::make($password);
}
return $data;
}
}

11
app/Filament/Resources/Galleries/Pages/CreateGallery.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
namespace App\Filament\Resources\Galleries\Pages;
use App\Filament\Resources\Galleries\GalleryResource;
use Filament\Resources\Pages\CreateRecord;
class CreateGallery extends CreateRecord
{
protected static string $resource = GalleryResource::class;
}

19
app/Filament/Resources/Galleries/Pages/EditGallery.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
namespace App\Filament\Resources\Galleries\Pages;
use App\Filament\Resources\Galleries\GalleryResource;
use Filament\Actions\DeleteAction;
use Filament\Resources\Pages\EditRecord;
class EditGallery extends EditRecord
{
protected static string $resource = GalleryResource::class;
protected function getHeaderActions(): array
{
return [
DeleteAction::make(),
];
}
}

19
app/Filament/Resources/Galleries/Pages/ListGalleries.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
namespace App\Filament\Resources\Galleries\Pages;
use App\Filament\Resources\Galleries\GalleryResource;
use Filament\Actions\CreateAction;
use Filament\Resources\Pages\ListRecords;
class ListGalleries extends ListRecords
{
protected static string $resource = GalleryResource::class;
protected function getHeaderActions(): array
{
return [
CreateAction::make(),
];
}
}

74
app/Filament/Resources/Galleries/Schemas/GalleryForm.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
namespace App\Filament\Resources\Galleries\Schemas;
use Filament\Forms\Components\DateTimePicker;
use Filament\Forms\Components\TextInput;
use Filament\Forms\Components\Toggle;
use Filament\Schemas\Components\Section;
use Filament\Schemas\Components\View;
use Filament\Schemas\Schema;
use Illuminate\Support\Facades\URL;
class GalleryForm
{
public static function configure(Schema $schema): Schema
{
return $schema
->components([
Section::make('Details')
->columns(2)
->schema([
TextInput::make('name')
->label('Name')
->required(),
TextInput::make('slug')
->label('Slug')
->disabled()
->dehydrated(true)
->helperText('Wird automatisch erzeugt'),
TextInput::make('title')
->label('Titel')
->required(),
TextInput::make('images_path')
->label('Bilder-Pfad')
->helperText('Relativer Pfad unter public/storage')
->required(),
Toggle::make('is_public')
->label('Öffentlich')
->default(true),
Toggle::make('allow_ai_styles')
->label('AI-Stile erlauben')
->default(true),
Toggle::make('allow_print')
->label('Drucken erlauben')
->default(true),
Toggle::make('require_password')
->label('Passwortschutz aktiv')
->default(false),
TextInput::make('password')
->label('Neues Passwort')
->password()
->revealable()
->dehydrated(false)
->helperText('Leer lassen, um das bestehende Passwort zu behalten.'),
DateTimePicker::make('expires_at')
->label('Ablaufdatum')
->native(false)
->seconds(false),
TextInput::make('access_duration_minutes')
->label('Zugriffsdauer (Minuten)')
->numeric()
->minValue(1)
->nullable()
->helperText('Optional: Zeitfenster nach dem ersten Unlock.'),
]),
View::make('filament.components.gallery-link')
->columnSpanFull()
->visible(fn (?object $record) => (bool) $record?->id)
->viewData(fn (?object $record) => [
'url' => $record ? URL::route('gallery.show', $record) : null,
]),
]);
}
}

63
app/Filament/Resources/Galleries/Tables/GalleriesTable.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
namespace App\Filament\Resources\Galleries\Tables;
use Filament\Actions\Action;
use Filament\Actions\BulkActionGroup;
use Filament\Actions\DeleteBulkAction;
use Filament\Actions\EditAction;
use Filament\Tables\Columns\IconColumn;
use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Table;
class GalleriesTable
{
public static function configure(Table $table): Table
{
return $table
->columns([
TextColumn::make('title')
->label('Titel')
->sortable()
->searchable(),
IconColumn::make('allow_ai_styles')
->label('AI-Stile')
->boolean(),
IconColumn::make('allow_print')
->label('Drucken')
->boolean(),
IconColumn::make('require_password')
->label('Passwort')
->boolean(),
TextColumn::make('expires_at')
->label('Läuft ab')
->dateTime()
->sortable(),
TextColumn::make('created_at')
->label('Erstellt am')
->dateTime('d.m.Y H:i')
->sortable(),
])
->filters([
//
])
->recordActions([
EditAction::make(),
Action::make('link_details')
->label('Link-Details')
->icon('heroicon-o-link')
->modalHeading('Link-Details')
->modalContent(fn ($record) => view('filament.components.gallery-link-modal', [
'record' => $record,
'url' => route('gallery.show', $record),
]))
->modalSubmitAction(false)
->modalCancelAction(false),
])
->toolbarActions([
BulkActionGroup::make([
DeleteBulkAction::make(),
]),
]);
}
}

148
app/Http/Controllers/Api/ImageController.php
View File

@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Api;
use App\Api\Plugins\PluginLoader;
use App\Http\Controllers\Controller;
use App\Models\ApiProvider;
use App\Models\Gallery;
use App\Models\Image;
use App\Models\Style;
use App\Settings\GeneralSettings;
@@ -19,35 +20,48 @@ class ImageController extends Controller
public function index(Request $request)
{
$publicUploadsPath = public_path('storage/uploads');
$gallery = $this->resolveGallery($request);
if (! $gallery) {
return response()->json(['error' => 'Gallery not found.'], 404);
}
$imagesPath = trim($gallery->images_path, '/');
$publicUploadsPath = public_path('storage/'.$imagesPath);
// Ensure the directory exists
if (! File::exists($publicUploadsPath)) {
File::makeDirectory($publicUploadsPath, 0755, true);
}
// Get files from the public/storage/uploads directory
// Get files from the gallery-specific directory
$diskFiles = File::files($publicUploadsPath);
$diskImagePaths = [];
foreach ($diskFiles as $file) {
// Store path relative to public/storage/
$diskImagePaths[] = 'uploads/'.$file->getFilename();
$diskImagePaths[] = $imagesPath.'/'.$file->getFilename();
}
$dbImagePaths = Image::pluck('path')->toArray();
$dbImagePaths = Image::where('gallery_id', $gallery->id)->pluck('path')->toArray();
// Add images from disk that are not in the database
$imagesToAdd = array_diff($diskImagePaths, $dbImagePaths);
foreach ($imagesToAdd as $path) {
Image::create(['path' => $path, 'is_public' => true]);
Image::create([
'gallery_id' => $gallery->id,
'path' => $path,
'is_public' => true,
]);
}
// Remove images from database that are not on disk
$imagesToRemove = array_diff($dbImagePaths, $diskImagePaths);
Image::whereIn('path', $imagesToRemove)->delete();
Image::where('gallery_id', $gallery->id)
->whereIn('path', $imagesToRemove)
->delete();
// Fetch images from the database after synchronization
$query = Image::orderBy('updated_at', 'desc');
$query = Image::where('gallery_id', $gallery->id)->orderBy('updated_at', 'desc');
// If user is not authenticated, filter by is_public, but also include their temporary images
if (! auth()->check()) {
@@ -85,11 +99,15 @@ class ImageController extends Controller
{
$request->validate([
'image' => 'required|image|mimes:jpeg,png,bmp,gif,webp|max:10240', // Max 10MB
'gallery' => 'required|string|exists:galleries,slug',
]);
$gallery = Gallery::where('slug', $request->string('gallery'))->firstOrFail();
$imagesPath = trim($gallery->images_path, '/');
$file = $request->file('image');
$fileName = uniqid().'.'.$file->getClientOriginalExtension();
$destinationPath = public_path('storage/uploads');
$destinationPath = public_path('storage/'.$imagesPath);
// Ensure the directory exists
if (! File::exists($destinationPath)) {
@@ -97,9 +115,10 @@ class ImageController extends Controller
}
$file->move($destinationPath, $fileName);
$relativePath = 'uploads/'.$fileName; // Path relative to public/storage/
$relativePath = $imagesPath.'/'.$fileName; // Path relative to public/storage/
$image = Image::create([
'gallery_id' => $gallery->id,
'path' => $relativePath,
'is_public' => true,
]);
@@ -136,9 +155,19 @@ class ImageController extends Controller
$request->validate([
'image_id' => 'required|exists:images,id',
'style_id' => 'nullable|exists:styles,id',
'gallery' => 'required|string|exists:galleries,slug',
]);
$image = Image::find($request->image_id);
$gallery = $this->resolveGallery($request);
$image = Image::query()
->where('id', $request->integer('image_id'))
->where('gallery_id', optional($gallery)->id)
->first();
if (! $image) {
return response()->json(['error' => __('api.image_not_found')], 404);
}
$style = null;
if ($request->style_id) {
@@ -217,9 +246,13 @@ class ImageController extends Controller
{
$request->validate([
'image_id' => 'required|exists:images,id',
'gallery' => 'required|string|exists:galleries,slug',
]);
$image = Image::find($request->image_id);
$gallery = $this->resolveGallery($request);
$image = Image::where('id', $request->integer('image_id'))
->where('gallery_id', optional($gallery)->id)
->first();
if (! $image) {
return response()->json(['error' => __('api.image_not_found')], 404);
@@ -233,6 +266,16 @@ class ImageController extends Controller
public function deleteImage(Image $image)
{
request()->validate([
'gallery' => 'required|string|exists:galleries,slug',
]);
$gallery = $this->resolveGallery(request());
if ($gallery && (int) $image->gallery_id !== (int) $gallery->id) {
return response()->json(['error' => __('api.image_not_found')], 404);
}
try {
// Delete from the public/storage directory
File::delete(public_path('storage/'.$image->path));
@@ -244,14 +287,46 @@ class ImageController extends Controller
}
}
public function deleteStyled(Request $request, Image $image)
{
$request->validate([
'gallery' => 'required|string|exists:galleries,slug',
]);
$gallery = $this->resolveGallery($request);
if ($gallery && (int) $image->gallery_id !== (int) $gallery->id) {
return response()->json(['error' => __('api.image_not_found')], 404);
}
if (! $image->is_temp) {
return response()->json(['error' => __('api.image_not_found')], 404);
}
try {
File::delete(public_path('storage/'.$image->path));
$image->delete();
return response()->json(['message' => __('api.image_deleted_successfully')]);
} catch (\Exception $e) {
return response()->json(['error' => $e->getMessage()], 500);
}
}
public function getStatus(Request $request)
{
$request->validate([
'image_id' => 'required|exists:images,id',
'api_provider_name' => 'required|string',
'gallery' => 'sometimes|string|exists:galleries,slug',
]);
$image = Image::find($request->image_id);
$gallery = $this->resolveGallery($request);
$image = Image::query()
->where('id', $request->integer('image_id'))
->when($gallery, fn ($q) => $q->where('gallery_id', $gallery->id))
->first();
$apiProvider = ApiProvider::where('name', $request->api_provider_name)->first();
if (! $image || ! $apiProvider) {
@@ -268,14 +343,26 @@ class ImageController extends Controller
}
}
public function fetchStyledImage(string $promptId)
public function fetchStyledImage(Request $request, string $promptId)
{
$request->validate([
'gallery' => 'required|string|exists:galleries,slug',
]);
$gallery = $this->resolveGallery($request);
Log::info('fetchStyledImage called.', ['prompt_id' => $promptId]);
try {
// Find the image associated with the prompt_id, eagerly loading relationships
$image = Image::with(['style.aiModel' => function ($query) {
$imageQuery = Image::with(['style.aiModel' => function ($query) {
$query->with('primaryApiProvider');
}])->where('comfyui_prompt_id', $promptId)->first();
}])->where('comfyui_prompt_id', $promptId);
if ($gallery) {
$imageQuery->where('gallery_id', $gallery->id);
}
$image = $imageQuery->first();
if (! $image) {
Log::warning('fetchStyledImage: Image not found for prompt_id.', ['prompt_id' => $promptId]);
@@ -325,18 +412,20 @@ class ImageController extends Controller
$decodedImage = base64_decode(preg_replace('#^data:image/\w+;base64, #i', '', $base64Image));
$newImageName = 'styled_'.uniqid().'.png';
$newImagePathRelative = 'uploads/'.$newImageName;
$galleryPath = trim($image->gallery?->images_path ?: 'uploads', '/');
$newImagePathRelative = $galleryPath.'/'.$newImageName;
$newImageFullPath = public_path('storage/'.$newImagePathRelative);
if (! File::exists(public_path('storage/uploads'))) {
File::makeDirectory(public_path('storage/uploads'), 0755, true);
Log::info('Created uploads directory.', ['path' => public_path('storage/uploads')]);
if (! File::exists(public_path('storage/'.$galleryPath))) {
File::makeDirectory(public_path('storage/'.$galleryPath), 0755, true);
Log::info('Created uploads directory.', ['path' => public_path('storage/'.$galleryPath)]);
}
File::put($newImageFullPath, $decodedImage); // Save using File facade
Log::info('Image saved to disk.', ['path' => $newImageFullPath]);
$newImage = Image::create([
'gallery_id' => $image->gallery_id,
'path' => $newImagePathRelative, // Store relative path
'original_image_id' => $image->id,
'style_id' => $style->id,
@@ -416,4 +505,25 @@ class ImageController extends Controller
return response()->json(['comfyui_url' => rtrim($apiProvider->api_url, '/')]);
}
private function resolveGallery(Request $request): ?Gallery
{
$routeGallery = $request->route('gallery');
if ($routeGallery instanceof Gallery) {
return $routeGallery;
}
$slug = $routeGallery;
if (! $slug) {
$slug = $request->query('gallery');
}
if (! $slug) {
return Gallery::first();
}
return Gallery::where('slug', $slug)->first();
}
}

87
app/Http/Controllers/Api/SparkboothUploadController.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\Gallery;
use App\Models\Image;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\File;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Str;
use Symfony\Component\HttpFoundation\Response;
class SparkboothUploadController extends Controller
{
public function store(Request $request)
{
$request->validate([
'token' => ['required', 'string'],
'file' => ['required', 'file', 'mimes:jpeg,png,gif,bmp,webp', 'max:10240'],
'filename' => ['nullable', 'string'],
]);
$gallery = $this->resolveGalleryByToken($request->string('token'));
if (! $gallery) {
return response()->json(['error' => 'Invalid token.'], Response::HTTP_FORBIDDEN);
}
if (! $gallery->upload_enabled) {
return response()->json(['error' => 'Uploads are disabled for this gallery.'], Response::HTTP_FORBIDDEN);
}
if ($gallery->upload_token_expires_at && now()->greaterThanOrEqualTo($gallery->upload_token_expires_at)) {
return response()->json(['error' => 'Upload token expired.'], Response::HTTP_FORBIDDEN);
}
$file = $request->file('file');
$safeName = $this->buildFilename($file->getClientOriginalExtension(), $request->input('filename'));
$relativePath = trim($gallery->images_path, '/').'/'.$safeName;
$destinationPath = public_path('storage/'.dirname($relativePath));
if (! File::exists($destinationPath)) {
File::makeDirectory($destinationPath, 0755, true);
}
$file->move($destinationPath, basename($relativePath));
$image = Image::create([
'gallery_id' => $gallery->id,
'path' => $relativePath,
'is_public' => true,
]);
return response()->json([
'message' => 'Upload ok',
'image_id' => $image->id,
'url' => asset('storage/'.$relativePath),
]);
}
private function resolveGalleryByToken(string $token): ?Gallery
{
$galleries = Gallery::query()
->whereNotNull('upload_token_hash')
->where('upload_enabled', true)
->get();
foreach ($galleries as $gallery) {
if ($gallery->upload_token_hash && Hash::check($token, $gallery->upload_token_hash)) {
return $gallery;
}
}
return null;
}
private function buildFilename(string $extension, ?string $preferred = null): string
{
$extension = strtolower($extension ?: 'jpg');
$base = $preferred
? Str::slug(pathinfo($preferred, PATHINFO_FILENAME))
: 'sparkbooth_'.now()->format('Ymd_His').'_'.Str::random(6);
return $base.'.'.$extension;
}
}

7
app/Http/Controllers/DownloadController.php
View File

@@ -14,11 +14,16 @@ class DownloadController extends Controller
{
$request->validate([
'image_path' => 'required|string',
'gallery' => 'required|string|exists:galleries,slug',
]);
$gallery = \App\Models\Gallery::where('slug', $request->string('gallery'))->firstOrFail();
$resolvedPath = $this->resolveImagePath($request->input('image_path'));
if (! $resolvedPath || ! File::exists($resolvedPath)) {
$expectedFragment = DIRECTORY_SEPARATOR.trim($gallery->images_path, '/').DIRECTORY_SEPARATOR;
if (! $resolvedPath || ! File::exists($resolvedPath) || ! str_contains($resolvedPath, $expectedFragment)) {
Log::error("DownloadController: Image file not found at {$resolvedPath}");
return response()->json(['error' => 'Image file not found.'], 404);

110
app/Http/Controllers/GalleryAccessController.php Normal file
View File

@@ -0,0 +1,110 @@
<?php
namespace App\Http\Controllers;
use App\Http\Middleware\EnsureGalleryAccess;
use App\Http\Requests\GalleryAccessRequest;
use App\Models\Gallery;
use App\Settings\GeneralSettings;
use Carbon\Carbon;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Inertia\Inertia;
use Inertia\Response;
class GalleryAccessController extends Controller
{
public function create(Request $request, GeneralSettings $settings, ?Gallery $gallery = null): Response
{
$gallery = $this->resolveGallery($request, $gallery);
if (! $gallery) {
abort(404, 'Gallery not found');
}
$expiresAt = $gallery->expires_at ?? $settings->gallery_expires_at;
$expired = $expiresAt !== null
&& Carbon::now()->greaterThanOrEqualTo(Carbon::parse($expiresAt));
return Inertia::render('GalleryAccess', [
'gallery' => [
'id' => $gallery->id,
'slug' => $gallery->slug,
'title' => $gallery->title,
],
'requiresPassword' => (bool) ($gallery->require_password ?? $settings->require_gallery_password),
'expiresAt' => $expiresAt,
'accessDurationMinutes' => $gallery->access_duration_minutes ?? $settings->gallery_access_duration_minutes,
'expired' => $expired,
'flashMessage' => $request->session()->get('gallery_access_message'),
]);
}
public function store(GalleryAccessRequest $request, GeneralSettings $settings, ?Gallery $gallery = null): RedirectResponse
{
$gallery = $this->resolveGallery($request, $gallery);
if (! $gallery) {
abort(404, 'Gallery not found');
}
if ($this->isExpired($gallery, $settings)) {
return redirect()
->route('gallery.access.show', $gallery)
->with('gallery_access_message', __('api.gallery.expired'));
}
$requiresPassword = $gallery->require_password ?? $settings->require_gallery_password;
$passwordHash = $gallery->password_hash ?? $settings->gallery_password_hash;
if (! $requiresPassword || ! $passwordHash) {
EnsureGalleryAccess::grantForGallery($request, $gallery, $settings);
return redirect()->route('gallery.show', $gallery);
}
if (! Hash::check($request->input('password'), $passwordHash)) {
return redirect()
->route('gallery.access.show', $gallery)
->with('gallery_access_message', __('api.gallery.invalid_password'));
}
EnsureGalleryAccess::grantForGallery($request, $gallery, $settings);
return redirect()->route('gallery.show', $gallery);
}
private function resolveGallery(Request $request, ?Gallery $gallery = null): ?Gallery
{
if ($gallery instanceof Gallery) {
return $gallery;
}
$slug = $request->route('gallery');
if (! $slug) {
return Gallery::first();
}
if ($slug instanceof Gallery) {
return $slug;
}
return Gallery::where('slug', $slug)->first();
}
private function isExpired(?Gallery $gallery, GeneralSettings $settings): bool
{
$expiresAt = $gallery?->expires_at ?? $settings->gallery_expires_at;
if ($expiresAt) {
$expiresAt = Carbon::parse($expiresAt);
return Carbon::now()->greaterThanOrEqualTo($expiresAt);
}
return false;
}
}

33
app/Http/Controllers/HomeController.php
View File

@@ -2,29 +2,48 @@
namespace App\Http\Controllers;
use App\Models\Gallery;
use App\Models\Image;
use App\Settings\GeneralSettings;
use Carbon\Carbon;
use Illuminate\Http\Request;
use Inertia\Inertia;
class HomeController extends Controller
{
public function __construct(private GeneralSettings $settings) {}
public function index()
public function index(Request $request, ?Gallery $gallery = null)
{
$galleryHeading = $this->settings->gallery_heading;
$gallery = $gallery ?: Gallery::first();
if (! $gallery) {
abort(404, 'Gallery not found');
}
$galleryHeading = $gallery->title ?: $this->settings->gallery_heading;
$newImageTimespanMinutes = $this->settings->new_image_timespan_minutes;
$images = Image::all()->map(function ($image) use ($newImageTimespanMinutes) {
$image->is_new = Carbon::parse($image->created_at)->diffInMinutes(Carbon::now()) <= $newImageTimespanMinutes;
$image->path = 'storage/'.$image->path;
$images = Image::where('gallery_id', $gallery->id)
->orderByDesc('updated_at')
->get()
->map(function ($image) use ($newImageTimespanMinutes) {
$image->is_new = Carbon::parse($image->created_at)->diffInMinutes(Carbon::now()) <= $newImageTimespanMinutes;
$image->path = asset('storage/'.$image->path);
return $image;
});
return $image;
});
return Inertia::render('Home', [
'galleryHeading' => $galleryHeading,
'gallery' => [
'id' => $gallery->id,
'slug' => $gallery->slug,
'title' => $galleryHeading,
'allow_ai_styles' => $gallery->allow_ai_styles,
'allow_print' => $gallery->allow_print,
'images_path' => $gallery->images_path,
],
'images' => $images,
]);
}

17
app/Http/Controllers/PrintController.php
View File

@@ -2,6 +2,7 @@
namespace App\Http\Controllers;
use App\Models\Gallery;
use App\Services\PrinterService;
use App\Settings\GeneralSettings;
use Illuminate\Http\Request;
@@ -16,9 +17,25 @@ class PrintController extends Controller
$request->validate([
'image_path' => 'required|string',
'quantity' => 'required|integer|min:1',
'gallery' => 'required|string|exists:galleries,slug',
]);
$gallery = Gallery::where('slug', $request->string('gallery'))->firstOrFail();
if ($gallery && ! $gallery->allow_print) {
return response()->json(['error' => 'Printing is disabled for this gallery.'], 403);
}
$imagePath = public_path(str_replace(url('/'), '', $request->input('image_path')));
if (! str_contains($imagePath, DIRECTORY_SEPARATOR.trim($gallery->images_path, '/').DIRECTORY_SEPARATOR)) {
Log::warning('PrintController: Image path does not belong to gallery.', [
'gallery' => $gallery->slug,
'image_path' => $imagePath,
]);
return response()->json(['error' => 'Image file not found.'], 404);
}
$quantity = $request->input('quantity');
$printerName = $this->settings->selected_printer === '__custom__'

288
app/Http/Middleware/EnsureGalleryAccess.php Normal file
View File

@@ -0,0 +1,288 @@
<?php
namespace App\Http\Middleware;
use App\Models\Gallery;
use App\Settings\GeneralSettings;
use Carbon\Carbon;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Crypt;
use Symfony\Component\HttpFoundation\Response;
class EnsureGalleryAccess
{
public const SESSION_GRANTED_BASE = 'gallery_access_granted';
public const SESSION_GRANTED_AT_BASE = 'gallery_access_granted_at';
public const COOKIE_GRANTED_AT_BASE = 'gallery_access_granted_at';
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
$settings = app(GeneralSettings::class);
$gallery = $this->resolveGallery($request);
if ($this->requestedGalleryMissing($request, $gallery)) {
return $this->missingGalleryResponse($request);
}
if ($this->isGalleryExpired($gallery, $settings)) {
return $this->deny($request, __('api.gallery.expired'), $gallery);
}
$hasValidAccess = $this->hasValidAccess($request, $gallery, $settings);
$hasExistingGrant = (bool) ($this->sessionGrantedAt($request, $gallery) ?? $this->cookieGrantedAt($request, $gallery));
if ($hasValidAccess) {
return $next($request);
}
if ($this->accessDuration($gallery, $settings) && $hasExistingGrant) {
return $this->deny($request, __('api.gallery.expired'), $gallery);
}
if (! $this->requiresPassword($gallery, $settings) || ! $this->passwordHash($gallery, $settings)) {
if ($this->accessDuration($gallery, $settings) && ! $hasExistingGrant) {
self::grantForGallery($request, $gallery, $settings);
}
return $next($request);
}
return $this->deny($request, __('api.gallery.password_required'), $gallery);
}
public static function grantForGallery(Request $request, ?Gallery $gallery, GeneralSettings $settings, ?Carbon $grantedAt = null): void
{
$grantedAt = $grantedAt ?: Carbon::now();
$suffix = self::keySuffix($gallery);
if ($request->hasSession()) {
$request->session()->put(self::SESSION_GRANTED_BASE.'_'.$suffix, true);
$request->session()->put(self::SESSION_GRANTED_AT_BASE.'_'.$suffix, $grantedAt->toIso8601String());
}
$cookieMinutes = self::calculateCookieLifetime($gallery, $settings, $grantedAt);
cookie()->queue(
cookie(
self::COOKIE_GRANTED_AT_BASE.'_'.$suffix,
$grantedAt->toIso8601String(),
$cookieMinutes,
path: '/',
secure: config('session.secure', false),
httpOnly: true,
raw: false,
sameSite: config('session.same_site', 'lax')
)
);
}
private function hasValidAccess(Request $request, ?Gallery $gallery, GeneralSettings $settings): bool
{
if ($this->sessionAccessValid($request, $gallery, $settings)) {
return true;
}
$grantedAt = $this->cookieGrantedAt($request, $gallery);
if (! $grantedAt) {
return false;
}
$duration = $this->accessDuration($gallery, $settings);
if ($duration) {
return ! $grantedAt->copy()->addMinutes($duration)->isPast();
}
return (bool) $grantedAt;
}
private function sessionAccessValid(Request $request, ?Gallery $gallery, GeneralSettings $settings): bool
{
if (! $request->hasSession()) {
return false;
}
$suffix = self::keySuffix($gallery);
if (! $request->session()->get(self::SESSION_GRANTED_BASE.'_'.$suffix, false)) {
return false;
}
$grantedAt = $this->sessionGrantedAt($request, $gallery);
if (! $grantedAt) {
return true;
}
$duration = $this->accessDuration($gallery, $settings);
if ($duration) {
$expiresAt = $grantedAt->copy()->addMinutes($duration);
if ($expiresAt->isPast()) {
$request->session()->forget([
self::SESSION_GRANTED_BASE.'_'.$suffix,
self::SESSION_GRANTED_AT_BASE.'_'.$suffix,
]);
return false;
}
}
return true;
}
private function sessionGrantedAt(Request $request, ?Gallery $gallery): ?Carbon
{
if (! $request->hasSession()) {
return null;
}
$value = $request->session()->get(self::SESSION_GRANTED_AT_BASE.'_'.self::keySuffix($gallery));
if (! $value) {
return null;
}
try {
return Carbon::parse($value);
} catch (\Exception) {
return null;
}
}
private function cookieGrantedAt(Request $request, ?Gallery $gallery): ?Carbon
{
$value = $request->cookie(self::COOKIE_GRANTED_AT_BASE.'_'.self::keySuffix($gallery));
if (! $value) {
return null;
}
try {
$value = Crypt::decryptString($value);
} catch (\Exception) {
// Cookie might already be decrypted by web middleware.
}
try {
return Carbon::parse($value);
} catch (\Exception) {
return null;
}
}
private function isGalleryExpired(?Gallery $gallery, GeneralSettings $settings): bool
{
$expiresAt = $this->expiresAt($gallery, $settings);
return $expiresAt !== null && Carbon::now()->greaterThanOrEqualTo($expiresAt);
}
private function deny(Request $request, string $message, ?Gallery $gallery = null): Response
{
if ($request->expectsJson()) {
return response()->json(['message' => $message], Response::HTTP_FORBIDDEN);
}
$routeName = $gallery ? 'gallery.access.show' : 'gallery.access.default';
return redirect()
->route($routeName, $gallery)
->with('gallery_access_message', $message);
}
private static function calculateCookieLifetime(?Gallery $gallery, GeneralSettings $settings, Carbon $grantedAt): int
{
$expiresAt = $gallery?->expires_at ?? $settings->gallery_expires_at;
if ($expiresAt) {
$expiresAt = Carbon::parse($expiresAt);
return max(1, $grantedAt->diffInMinutes($expiresAt));
}
$duration = $gallery?->access_duration_minutes ?? $settings->gallery_access_duration_minutes;
if ($duration) {
return max(1, $duration);
}
return 24 * 60;
}
private function resolveGallery(Request $request): ?Gallery
{
$routeGallery = $request->route('gallery');
if ($routeGallery instanceof Gallery) {
return $routeGallery;
}
$slug = is_string($routeGallery) ? $routeGallery : $request->query('gallery');
if (! $slug) {
return Gallery::first();
}
return Gallery::where('slug', $slug)->first();
}
private function requestedGalleryMissing(Request $request, ?Gallery $gallery): bool
{
if ($gallery) {
return false;
}
return (bool) ($request->route('gallery') || $request->query('gallery'));
}
private function missingGalleryResponse(Request $request): Response
{
if ($request->expectsJson()) {
return response()->json(['message' => 'Gallery not found.'], Response::HTTP_NOT_FOUND);
}
abort(404, 'Gallery not found');
}
private static function keySuffix(?Gallery $gallery): string
{
return $gallery ? 'gallery_'.$gallery->id : 'global';
}
private function expiresAt(?Gallery $gallery, GeneralSettings $settings): ?Carbon
{
$value = $gallery?->expires_at ?? $settings->gallery_expires_at;
if (! $value) {
return null;
}
return Carbon::parse($value);
}
private function accessDuration(?Gallery $gallery, GeneralSettings $settings): ?int
{
return $gallery?->access_duration_minutes ?? $settings->gallery_access_duration_minutes;
}
private function requiresPassword(?Gallery $gallery, GeneralSettings $settings): bool
{
return (bool) ($gallery?->require_password ?? $settings->require_gallery_password);
}
private function passwordHash(?Gallery $gallery, GeneralSettings $settings): ?string
{
return $gallery?->password_hash ?? $settings->gallery_password_hash;
}
}

4
app/Http/Middleware/HandleInertiaRequests.php
View File

@@ -36,7 +36,9 @@ class HandleInertiaRequests extends Middleware
'user' => $request->user(),
],
'locale' => app()->getLocale(),
'settings' => app(GeneralSettings::class)->toArray(),
'settings' => tap(app(GeneralSettings::class)->toArray(), function (&$settings) {
unset($settings['gallery_password_hash']);
}),
'translations' => function () use ($request) {
$currentLocale = app()->getLocale(); // Store current locale
$requestedLocale = $request->input('locale', $currentLocale);

28
app/Http/Requests/GalleryAccessRequest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class GalleryAccessRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*/
public function authorize(): bool
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
*/
public function rules(): array
{
return [
'password' => ['required', 'string', 'min:4'],
];
}
}

63
app/Models/Gallery.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\HasMany;
class Gallery extends Model
{
/** @use HasFactory<\Database\Factories\GalleryFactory> */
use HasFactory;
protected $fillable = [
'name',
'slug',
'title',
'images_path',
'is_public',
'allow_ai_styles',
'allow_print',
'require_password',
'password_hash',
'expires_at',
'access_duration_minutes',
'upload_enabled',
'upload_token_hash',
'upload_token_expires_at',
];
protected function casts(): array
{
return [
'is_public' => 'bool',
'allow_ai_styles' => 'bool',
'allow_print' => 'bool',
'require_password' => 'bool',
'expires_at' => 'datetime',
'access_duration_minutes' => 'int',
'upload_enabled' => 'bool',
'upload_token_expires_at' => 'datetime',
];
}
public function images(): HasMany
{
return $this->hasMany(Image::class);
}
public function setUploadToken(string $token): void
{
$this->upload_token_hash = \Illuminate\Support\Facades\Hash::make($token);
}
public function regenerateUploadToken(): string
{
$token = \Illuminate\Support\Str::random(40);
$this->setUploadToken($token);
$this->save();
return $token;
}
}

16
app/Models/Image.php
View File

@@ -4,13 +4,14 @@ namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Concerns\HasUuids;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
class Image extends Model
{
use HasFactory;
protected $fillable = [
'gallery_id',
'path',
'uuid',
'original_image_id',
@@ -20,8 +21,21 @@ class Image extends Model
'comfyui_prompt_id',
];
protected function casts(): array
{
return [
'is_temp' => 'bool',
'is_public' => 'bool',
];
}
public function style()
{
return $this->belongsTo(Style::class);
}
public function gallery(): BelongsTo
{
return $this->belongsTo(Gallery::class);
}
}

9
app/Settings/GeneralSettings.php
View File

@@ -2,12 +2,21 @@
namespace App\Settings;
use DateTimeInterface;
use Spatie\LaravelSettings\Settings;
class GeneralSettings extends Settings
{
public string $gallery_heading = 'Style Gallery';
public bool $require_gallery_password = false;
public ?string $gallery_password_hash = null;
public ?DateTimeInterface $gallery_expires_at = null;
public ?int $gallery_access_duration_minutes = null;
public int $new_image_timespan_minutes = 60;
public int $image_refresh_interval = 30_000;