soeren
f5da8ed877
- Neues Sparkbooth-Upload-Feature: Endpoint /api/sparkbooth/upload (Token-basiert pro Galerie), Controller Api/SparkboothUploadController, Migration 2026_01_21_000001_add_upload_fields_to_galleries_table.php mit Upload-Flags/Token/Expiry;
Galerie-Modell und Factory/Seeder entsprechend erweitert.
- Filament: Neue Setup-Seite SparkboothSetup (mit View) zur schnellen Galerie- und Token-Erstellung inkl. QR/Endpoint/Snippet;
Galerie-Link-Views nutzen jetzt simple-qrcode (Composer-Dependency hinzugefügt) und bieten PNG-Download.
- Galerie-Tabelle: Slug/Pfad-Spalten entfernt, Action „Link-Details“ mit Modal; Created-at-Spalte hinzugefügt.
- Zugriffshärtung: Galerie-IDs in API (ImageController, Download/Print) geprüft; GalleryAccess/Middleware + Gallery-Modell/Slug-UUID
eingeführt; GalleryAccess-Inertia-Seite.
- UI/UX: LoadingSpinner/StyledImageDisplay verbessert, Delete-Confirm, Übersetzungen ergänzt.
88 lines
2.8 KiB
PHP
88 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Models\Gallery;
|
|
use App\Models\Image;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\File;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\Str;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class SparkboothUploadController extends Controller
|
|
{
|
|
public function store(Request $request)
|
|
{
|
|
$request->validate([
|
|
'token' => ['required', 'string'],
|
|
'file' => ['required', 'file', 'mimes:jpeg,png,gif,bmp,webp', 'max:10240'],
|
|
'filename' => ['nullable', 'string'],
|
|
]);
|
|
|
|
$gallery = $this->resolveGalleryByToken($request->string('token'));
|
|
|
|
if (! $gallery) {
|
|
return response()->json(['error' => 'Invalid token.'], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
if (! $gallery->upload_enabled) {
|
|
return response()->json(['error' => 'Uploads are disabled for this gallery.'], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
if ($gallery->upload_token_expires_at && now()->greaterThanOrEqualTo($gallery->upload_token_expires_at)) {
|
|
return response()->json(['error' => 'Upload token expired.'], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
$file = $request->file('file');
|
|
$safeName = $this->buildFilename($file->getClientOriginalExtension(), $request->input('filename'));
|
|
$relativePath = trim($gallery->images_path, '/').'/'.$safeName;
|
|
$destinationPath = public_path('storage/'.dirname($relativePath));
|
|
|
|
if (! File::exists($destinationPath)) {
|
|
File::makeDirectory($destinationPath, 0755, true);
|
|
}
|
|
|
|
$file->move($destinationPath, basename($relativePath));
|
|
|
|
$image = Image::create([
|
|
'gallery_id' => $gallery->id,
|
|
'path' => $relativePath,
|
|
'is_public' => true,
|
|
]);
|
|
|
|
return response()->json([
|
|
'message' => 'Upload ok',
|
|
'image_id' => $image->id,
|
|
'url' => asset('storage/'.$relativePath),
|
|
]);
|
|
}
|
|
|
|
private function resolveGalleryByToken(string $token): ?Gallery
|
|
{
|
|
$galleries = Gallery::query()
|
|
->whereNotNull('upload_token_hash')
|
|
->where('upload_enabled', true)
|
|
->get();
|
|
|
|
foreach ($galleries as $gallery) {
|
|
if ($gallery->upload_token_hash && Hash::check($token, $gallery->upload_token_hash)) {
|
|
return $gallery;
|
|
}
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
private function buildFilename(string $extension, ?string $preferred = null): string
|
|
{
|
|
$extension = strtolower($extension ?: 'jpg');
|
|
$base = $preferred
|
|
? Str::slug(pathinfo($preferred, PATHINFO_FILENAME))
|
|
: 'sparkbooth_'.now()->format('Ymd_His').'_'.Str::random(6);
|
|
|
|
return $base.'.'.$extension;
|
|
}
|
|
}
|