Added opaque join-token support across backend and frontend: new migration/model/service/endpoints, guest controllers now resolve tokens, and the demo seeder seeds a token. Tenant event details list/manage tokens with copy/revoke actions, and the guest PWA uses tokens end-to-end (routing, storage, uploads, achievements, etc.). Docs TODO updated to reflect completed steps.

2025-10-12 10:32:37 +02:00
parent d04e234ca0
commit 9394c3171e
73 changed files with 3277 additions and 911 deletions
--- a/app/Http/Controllers/Api/Tenant/EventController.php
+++ b/app/Http/Controllers/Api/Tenant/EventController.php
@@ -4,10 +4,12 @@ namespace App\Http\Controllers\Api\Tenant;

 use App\Http\Controllers\Controller;
 use App\Http\Requests\Tenant\EventStoreRequest;
+use App\Http\Resources\Tenant\EventJoinTokenResource;
 use App\Http\Resources\Tenant\EventResource;
 use App\Models\Event;
 use App\Models\Tenant;
 use App\Models\Photo;
+use App\Services\EventJoinTokenService;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
@@ -18,6 +20,10 @@ use Illuminate\Validation\ValidationException;

 class EventController extends Controller
 {
+    public function __construct(private readonly EventJoinTokenService $joinTokenService)
+    {
+    }
+
    public function index(Request $request): AnonymousResourceCollection
    {
        $tenantId = $request->attributes->get('tenant_id');
@@ -283,12 +289,26 @@ class EventController extends Controller
            return response()->json(['error' => 'Event not found'], 404);
        }

-        $token = (string) Str::uuid();
-        $link = url("/e/{$event->slug}?invite={$token}");
+        $validated = $request->validate([
+            'label' => ['nullable', 'string', 'max:255'],
+            'expires_at' => ['nullable', 'date', 'after:now'],
+            'usage_limit' => ['nullable', 'integer', 'min:1'],
+        ]);
+
+        $attributes = array_filter([
+            'label' => $validated['label'] ?? null,
+            'expires_at' => $validated['expires_at'] ?? null,
+            'usage_limit' => $validated['usage_limit'] ?? null,
+            'created_by' => $request->user()?->id,
+        ], fn ($value) => ! is_null($value));
+
+        $joinToken = $this->joinTokenService->createToken($event, $attributes);

        return response()->json([
-            'link' => $link,
-            'token' => $token,
+            'link' => url("/e/{$event->slug}?invite={$joinToken->token}"),
+            'token' => $joinToken->token,
+            'token_url' => url('/e/'.$joinToken->token),
+            'join_token' => new EventJoinTokenResource($joinToken),
        ]);
    }
    public function bulkUpdateStatus(Request $request): JsonResponse
--- a/app/Http/Controllers/Api/Tenant/EventJoinTokenController.php
+++ b/app/Http/Controllers/Api/Tenant/EventJoinTokenController.php
@@ -0,0 +1,73 @@
+<?php
+
+namespace App\Http\Controllers\Api\Tenant;
+
+use App\Http\Controllers\Controller;
+use App\Http\Resources\Tenant\EventJoinTokenResource;
+use App\Models\Event;
+use App\Models\EventJoinToken;
+use App\Services\EventJoinTokenService;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class EventJoinTokenController extends Controller
+{
+    public function __construct(private readonly EventJoinTokenService $joinTokenService)
+    {
+    }
+
+    public function index(Request $request, Event $event): JsonResponse
+    {
+        $this->authorizeEvent($request, $event);
+
+        $tokens = $event->joinTokens()
+            ->orderByDesc('created_at')
+            ->get();
+
+        return EventJoinTokenResource::collection($tokens);
+    }
+
+    public function store(Request $request, Event $event): JsonResponse
+    {
+        $this->authorizeEvent($request, $event);
+
+        $validated = $request->validate([
+            'label' => ['nullable', 'string', 'max:255'],
+            'expires_at' => ['nullable', 'date', 'after:now'],
+            'usage_limit' => ['nullable', 'integer', 'min:1'],
+            'metadata' => ['nullable', 'array'],
+        ]);
+
+        $token = $this->joinTokenService->createToken($event, array_merge($validated, [
+            'created_by' => Auth::id(),
+        ]));
+
+        return (new EventJoinTokenResource($token))
+            ->response()
+            ->setStatusCode(201);
+    }
+
+    public function destroy(Request $request, Event $event, EventJoinToken $joinToken): JsonResponse
+    {
+        $this->authorizeEvent($request, $event);
+
+        if ($joinToken->event_id !== $event->id) {
+            abort(404);
+        }
+
+        $reason = $request->input('reason');
+        $token = $this->joinTokenService->revoke($joinToken, $reason);
+
+        return new EventJoinTokenResource($token);
+    }
+
+    private function authorizeEvent(Request $request, Event $event): void
+    {
+        $tenantId = $request->attributes->get('tenant_id');
+
+        if ($event->tenant_id !== $tenantId) {
+            abort(404, 'Event not found');
+        }
+    }
+}