- Galerien sind nun eine Entität - es kann mehrere geben
- Neues Sparkbooth-Upload-Feature: Endpoint /api/sparkbooth/upload (Token-basiert pro Galerie), Controller Api/SparkboothUploadController, Migration 2026_01_21_000001_add_upload_fields_to_galleries_table.php mit Upload-Flags/Token/Expiry;
Galerie-Modell und Factory/Seeder entsprechend erweitert.
- Filament: Neue Setup-Seite SparkboothSetup (mit View) zur schnellen Galerie- und Token-Erstellung inkl. QR/Endpoint/Snippet;
Galerie-Link-Views nutzen jetzt simple-qrcode (Composer-Dependency hinzugefügt) und bieten PNG-Download.
- Galerie-Tabelle: Slug/Pfad-Spalten entfernt, Action „Link-Details“ mit Modal; Created-at-Spalte hinzugefügt.
- Zugriffshärtung: Galerie-IDs in API (ImageController, Download/Print) geprüft; GalleryAccess/Middleware + Gallery-Modell/Slug-UUID
eingeführt; GalleryAccess-Inertia-Seite.
- UI/UX: LoadingSpinner/StyledImageDisplay verbessert, Delete-Confirm, Übersetzungen ergänzt.
This commit is contained in:
110
app/Http/Controllers/GalleryAccessController.php
Normal file
110
app/Http/Controllers/GalleryAccessController.php
Normal file
@@ -0,0 +1,110 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Http\Middleware\EnsureGalleryAccess;
|
||||
use App\Http\Requests\GalleryAccessRequest;
|
||||
use App\Models\Gallery;
|
||||
use App\Settings\GeneralSettings;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Inertia\Inertia;
|
||||
use Inertia\Response;
|
||||
|
||||
class GalleryAccessController extends Controller
|
||||
{
|
||||
public function create(Request $request, GeneralSettings $settings, ?Gallery $gallery = null): Response
|
||||
{
|
||||
$gallery = $this->resolveGallery($request, $gallery);
|
||||
|
||||
if (! $gallery) {
|
||||
abort(404, 'Gallery not found');
|
||||
}
|
||||
|
||||
$expiresAt = $gallery->expires_at ?? $settings->gallery_expires_at;
|
||||
|
||||
$expired = $expiresAt !== null
|
||||
&& Carbon::now()->greaterThanOrEqualTo(Carbon::parse($expiresAt));
|
||||
|
||||
return Inertia::render('GalleryAccess', [
|
||||
'gallery' => [
|
||||
'id' => $gallery->id,
|
||||
'slug' => $gallery->slug,
|
||||
'title' => $gallery->title,
|
||||
],
|
||||
'requiresPassword' => (bool) ($gallery->require_password ?? $settings->require_gallery_password),
|
||||
'expiresAt' => $expiresAt,
|
||||
'accessDurationMinutes' => $gallery->access_duration_minutes ?? $settings->gallery_access_duration_minutes,
|
||||
'expired' => $expired,
|
||||
'flashMessage' => $request->session()->get('gallery_access_message'),
|
||||
]);
|
||||
}
|
||||
|
||||
public function store(GalleryAccessRequest $request, GeneralSettings $settings, ?Gallery $gallery = null): RedirectResponse
|
||||
{
|
||||
$gallery = $this->resolveGallery($request, $gallery);
|
||||
|
||||
if (! $gallery) {
|
||||
abort(404, 'Gallery not found');
|
||||
}
|
||||
|
||||
if ($this->isExpired($gallery, $settings)) {
|
||||
return redirect()
|
||||
->route('gallery.access.show', $gallery)
|
||||
->with('gallery_access_message', __('api.gallery.expired'));
|
||||
}
|
||||
|
||||
$requiresPassword = $gallery->require_password ?? $settings->require_gallery_password;
|
||||
$passwordHash = $gallery->password_hash ?? $settings->gallery_password_hash;
|
||||
|
||||
if (! $requiresPassword || ! $passwordHash) {
|
||||
EnsureGalleryAccess::grantForGallery($request, $gallery, $settings);
|
||||
|
||||
return redirect()->route('gallery.show', $gallery);
|
||||
}
|
||||
|
||||
if (! Hash::check($request->input('password'), $passwordHash)) {
|
||||
return redirect()
|
||||
->route('gallery.access.show', $gallery)
|
||||
->with('gallery_access_message', __('api.gallery.invalid_password'));
|
||||
}
|
||||
|
||||
EnsureGalleryAccess::grantForGallery($request, $gallery, $settings);
|
||||
|
||||
return redirect()->route('gallery.show', $gallery);
|
||||
}
|
||||
|
||||
private function resolveGallery(Request $request, ?Gallery $gallery = null): ?Gallery
|
||||
{
|
||||
if ($gallery instanceof Gallery) {
|
||||
return $gallery;
|
||||
}
|
||||
|
||||
$slug = $request->route('gallery');
|
||||
|
||||
if (! $slug) {
|
||||
return Gallery::first();
|
||||
}
|
||||
|
||||
if ($slug instanceof Gallery) {
|
||||
return $slug;
|
||||
}
|
||||
|
||||
return Gallery::where('slug', $slug)->first();
|
||||
}
|
||||
|
||||
private function isExpired(?Gallery $gallery, GeneralSettings $settings): bool
|
||||
{
|
||||
$expiresAt = $gallery?->expires_at ?? $settings->gallery_expires_at;
|
||||
|
||||
if ($expiresAt) {
|
||||
$expiresAt = Carbon::parse($expiresAt);
|
||||
|
||||
return Carbon::now()->greaterThanOrEqualTo($expiresAt);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user