authorizeEvent($request, $event); $tokens = $event->joinTokens() ->orderByDesc('created_at') ->get(); return EventJoinTokenResource::collection($tokens); } public function store(Request $request, Event $event): JsonResponse { $this->authorizeEvent($request, $event); $validated = $this->validatePayload($request); $token = $this->joinTokenService->createToken($event, array_merge($validated, [ 'created_by' => Auth::id(), ])); return (new EventJoinTokenResource($token)) ->response() ->setStatusCode(201); } public function update(Request $request, Event $event, EventJoinToken $joinToken): EventJoinTokenResource { $this->authorizeEvent($request, $event); if ($joinToken->event_id !== $event->id) { abort(404); } $validated = $this->validatePayload($request, true); $payload = []; if (array_key_exists('label', $validated)) { $payload['label'] = $validated['label']; } if (array_key_exists('expires_at', $validated)) { $payload['expires_at'] = $validated['expires_at']; } if (array_key_exists('usage_limit', $validated)) { $payload['usage_limit'] = $validated['usage_limit']; } if (! empty($payload)) { $joinToken->fill($payload); } if (array_key_exists('metadata', $validated)) { $current = is_array($joinToken->metadata) ? $joinToken->metadata : []; $incoming = $validated['metadata']; if ($incoming === null) { $joinToken->metadata = null; } else { $joinToken->metadata = array_replace_recursive($current, $incoming); } } $joinToken->save(); return new EventJoinTokenResource($joinToken->fresh()); } public function destroy(Request $request, Event $event, EventJoinToken $joinToken): EventJoinTokenResource { $this->authorizeEvent($request, $event); if ($joinToken->event_id !== $event->id) { abort(404); } $reason = $request->input('reason'); $token = $this->joinTokenService->revoke($joinToken, $reason); return new EventJoinTokenResource($token); } private function authorizeEvent(Request $request, Event $event): void { $tenantId = $request->attributes->get('tenant_id'); if ($event->tenant_id !== $tenantId) { abort(404, 'Event not found'); } } private function validatePayload(Request $request, bool $partial = false): array { $rules = [ 'label' => [$partial ? 'nullable' : 'sometimes', 'string', 'max:255'], 'expires_at' => [$partial ? 'nullable' : 'sometimes', 'nullable', 'date', 'after:now'], 'usage_limit' => [$partial ? 'nullable' : 'sometimes', 'nullable', 'integer', 'min:1'], 'metadata' => [$partial ? 'nullable' : 'sometimes', 'nullable', 'array'], 'metadata.layout_customization' => ['nullable', 'array'], 'metadata.layout_customization.layout_id' => ['nullable', 'string', 'max:100'], 'metadata.layout_customization.headline' => ['nullable', 'string', 'max:120'], 'metadata.layout_customization.subtitle' => ['nullable', 'string', 'max:160'], 'metadata.layout_customization.description' => ['nullable', 'string', 'max:500'], 'metadata.layout_customization.badge_label' => ['nullable', 'string', 'max:80'], 'metadata.layout_customization.instructions_heading' => ['nullable', 'string', 'max:120'], 'metadata.layout_customization.link_heading' => ['nullable', 'string', 'max:120'], 'metadata.layout_customization.cta_label' => ['nullable', 'string', 'max:120'], 'metadata.layout_customization.cta_caption' => ['nullable', 'string', 'max:160'], 'metadata.layout_customization.link_label' => ['nullable', 'string', 'max:160'], 'metadata.layout_customization.instructions' => ['nullable', 'array', 'max:6'], 'metadata.layout_customization.instructions.*' => ['nullable', 'string', 'max:160'], 'metadata.layout_customization.logo_url' => ['nullable', 'string', 'max:2048'], 'metadata.layout_customization.logo_data_url' => ['nullable', 'string'], 'metadata.layout_customization.accent_color' => ['nullable', 'string', 'regex:/^#([A-Fa-f0-9]{3}|[A-Fa-f0-9]{6})$/'], 'metadata.layout_customization.text_color' => ['nullable', 'string', 'regex:/^#([A-Fa-f0-9]{3}|[A-Fa-f0-9]{6})$/'], 'metadata.layout_customization.background_color' => ['nullable', 'string', 'regex:/^#([A-Fa-f0-9]{3}|[A-Fa-f0-9]{6})$/'], 'metadata.layout_customization.secondary_color' => ['nullable', 'string', 'regex:/^#([A-Fa-f0-9]{3}|[A-Fa-f0-9]{6})$/'], 'metadata.layout_customization.badge_color' => ['nullable', 'string', 'regex:/^#([A-Fa-f0-9]{3}|[A-Fa-f0-9]{6})$/'], 'metadata.layout_customization.background_gradient' => ['nullable', 'array'], 'metadata.layout_customization.background_gradient.angle' => ['nullable', 'numeric'], 'metadata.layout_customization.background_gradient.stops' => ['nullable', 'array', 'max:5'], 'metadata.layout_customization.background_gradient.stops.*' => ['nullable', 'string', 'regex:/^#([A-Fa-f0-9]{3}|[A-Fa-f0-9]{6})$/'], ]; $validated = $request->validate($rules); if (isset($validated['metadata']['layout_customization']['instructions'])) { $validated['metadata']['layout_customization']['instructions'] = array_values(array_filter( $validated['metadata']['layout_customization']['instructions'], fn ($value) => is_string($value) && trim($value) !== '' )); } if (isset($validated['metadata']['layout_customization']['logo_data_url']) && ! is_string($validated['metadata']['layout_customization']['logo_data_url'])) { unset($validated['metadata']['layout_customization']['logo_data_url']); } return $validated; } }