Added opaque join-token support across backend and frontend: new migration/model/service/endpoints, guest controllers now resolve tokens, and the demo seeder seeds a token. Tenant event details list/manage tokens with copy/revoke actions, and the guest PWA uses tokens end-to-end (routing, storage, uploads, achievements, etc.). Docs TODO updated to reflect completed steps.

2025-10-12 10:32:37 +02:00
parent d04e234ca0
commit 9394c3171e
73 changed files with 3277 additions and 911 deletions
--- a/app/Http/Controllers/Api/TenantController.php
+++ b/app/Http/Controllers/Api/TenantController.php
@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Api;
 use App\Models\Event;
 use App\Models\Photo;
 use App\Models\User;
+use App\Services\EventJoinTokenService;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller as BaseController;
 use Illuminate\Support\Facades\Auth;
@@ -13,6 +14,10 @@ use Illuminate\Support\Str;

 class TenantController extends BaseController
 {
+    public function __construct(private readonly EventJoinTokenService $joinTokenService)
+    {
+    }
+
    public function login(Request $request)
    {
        $creds = $request->validate([
@@ -145,7 +150,7 @@ class TenantController extends BaseController
        ]);
    }

-    public function createInvite(int $id)
+    public function createInvite(Request $request, int $id)
    {
        $u = Auth::user();
        $tenantId = $u->tenant_id ?? null;
@@ -153,10 +158,16 @@ class TenantController extends BaseController
        if ($tenantId && $ev->tenant_id !== $tenantId) {
            return response()->json(['error' => ['code' => 'forbidden']], 403);
        }
-        $token = Str::random(32);
-        Cache::put('invite:'.$token, $ev->slug, now()->addDays(2));
-        $link = url('/e/'.$ev->slug).'?t='.$token;
-        return response()->json(['link' => $link]);
+
+        $joinToken = $this->joinTokenService->createToken($ev, [
+            'created_by' => $u?->id,
+        ]);
+
+        return response()->json([
+            'link' => url('/e/'.$joinToken->token),
+            'legacy_link' => url('/e/'.$ev->slug).'?invite='.$joinToken->token,
+            'token' => $joinToken->token,
+        ]);
    }

    public function eventPhotos(int $id)