Implement multi-tenancy support with OAuth2 authentication for tenant admins, Stripe integration for event purchases and credits ledger, new Filament resources for event purchases, updated API routes and middleware for tenant isolation and token guarding, added factories/seeders/migrations for new models (Tenant, EventPurchase, OAuth entities, etc.), enhanced tests, and documentation updates. Removed outdated DemoAchievementsSeeder.
This commit is contained in:
@@ -3,10 +3,16 @@
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use App\Http\Controllers\Api\EventPublicController;
|
||||
use App\Http\Controllers\OAuthController;
|
||||
use App\Http\Controllers\Tenant\CreditController;
|
||||
|
||||
// API routes without CSRF protection for guest PWA (stateless)
|
||||
Route::prefix('v1')->name('api.v1.')->group(function () {
|
||||
// GET routes (read-only)
|
||||
// OAuth routes (public)
|
||||
Route::get('/oauth/authorize', [OAuthController::class, 'authorize'])->name('oauth.authorize');
|
||||
Route::post('/oauth/token', [OAuthController::class, 'token'])->name('oauth.token');
|
||||
|
||||
// Guest PWA routes (public, no auth)
|
||||
Route::get('/events/{slug}', [EventPublicController::class, 'event'])->name('events.show');
|
||||
Route::get('/events/{slug}/stats', [EventPublicController::class, 'stats'])->name('events.stats');
|
||||
Route::get('/events/{slug}/emotions', [EventPublicController::class, 'emotions'])->name('events.emotions');
|
||||
@@ -14,7 +20,49 @@ Route::prefix('v1')->name('api.v1.')->group(function () {
|
||||
Route::get('/events/{slug}/photos', [EventPublicController::class, 'photos'])->name('events.photos');
|
||||
Route::get('/photos/{id}', [EventPublicController::class, 'photo'])->name('photos.show');
|
||||
|
||||
// POST routes without CSRF (guest PWA, stateless)
|
||||
Route::post('/photos/{id}/like', [EventPublicController::class, 'like'])->name('photos.like');
|
||||
Route::post('/events/{slug}/upload', [EventPublicController::class, 'upload'])->name('events.upload');
|
||||
|
||||
// Protected tenant API routes (require auth:sanctum)
|
||||
Route::middleware('auth:sanctum')->prefix('tenant')->group(function () {
|
||||
Route::get('me', [OAuthController::class, 'me'])->name('tenant.me');
|
||||
|
||||
// Events CRUD
|
||||
Route::apiResource('events', \App\Http\Controllers\Api\Tenant\EventController::class)->only(['index', 'show', 'update', 'destroy'])->parameters([
|
||||
'events' => 'event:slug',
|
||||
]);
|
||||
Route::middleware('credit.check')->post('events', [\App\Http\Controllers\Api\Tenant\EventController::class, 'store'])->name('tenant.events.store');
|
||||
|
||||
Route::post('events/bulk-status', [\App\Http\Controllers\Api\Tenant\EventController::class, 'bulkUpdateStatus'])->name('tenant.events.bulk-status');
|
||||
Route::get('events/search', [\App\Http\Controllers\Api\Tenant\EventController::class, 'search'])->name('tenant.events.search');
|
||||
|
||||
// Tasks CRUD and operations
|
||||
Route::apiResource('tasks', \App\Http\Controllers\Api\Tenant\TaskController::class);
|
||||
Route::post('tasks/{task}/assign-event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'assignToEvent'])
|
||||
->name('tenant.tasks.assign-to-event');
|
||||
Route::post('tasks/bulk-assign-event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'bulkAssignToEvent'])
|
||||
->name('tenant.tasks.bulk-assign-to-event');
|
||||
Route::get('tasks/event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'forEvent'])
|
||||
->name('tenant.tasks.for-event');
|
||||
Route::get('tasks/collection/{collection}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'fromCollection'])
|
||||
->name('tenant.tasks.from-collection');
|
||||
|
||||
// Settings routes
|
||||
Route::prefix('settings')->group(function () {
|
||||
Route::get('/', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'index'])
|
||||
->name('tenant.settings.index');
|
||||
Route::post('/', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'update'])
|
||||
->name('tenant.settings.update');
|
||||
Route::post('/reset', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'reset'])
|
||||
->name('tenant.settings.reset');
|
||||
Route::post('/validate-domain', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'validateDomain'])
|
||||
->name('tenant.settings.validate-domain');
|
||||
});
|
||||
|
||||
Route::prefix('credits')->group(function () {
|
||||
Route::get('balance', [CreditController::class, 'balance'])->name('tenant.credits.balance');
|
||||
Route::get('ledger', [CreditController::class, 'ledger'])->name('tenant.credits.ledger');
|
||||
Route::get('history', [CreditController::class, 'history'])->name('tenant.credits.history');
|
||||
});
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user