name('api.v1.')->group(function () { // OAuth routes (public) Route::get('/oauth/authorize', [OAuthController::class, 'authorize'])->name('oauth.authorize'); Route::post('/oauth/token', [OAuthController::class, 'token'])->name('oauth.token'); // Guest PWA routes (public, throttled, no tenant middleware) Route::middleware('throttle:100,1')->group(function () { Route::get('/events/{slug}', [EventPublicController::class, 'event'])->name('events.show'); Route::get('/events/{slug}/stats', [EventPublicController::class, 'stats'])->name('events.stats'); Route::get('/events/{slug}/achievements', [EventPublicController::class, 'achievements'])->name('events.achievements'); Route::get('/events/{slug}/emotions', [EventPublicController::class, 'emotions'])->name('events.emotions'); Route::get('/events/{slug}/tasks', [EventPublicController::class, 'tasks'])->name('events.tasks'); Route::get('/events/{slug}/photos', [EventPublicController::class, 'photos'])->name('events.photos'); Route::get('/photos/{id}', [EventPublicController::class, 'photo'])->name('photos.show'); Route::post('/photos/{id}/like', [EventPublicController::class, 'like'])->name('photos.like'); Route::post('/events/{slug}/upload', [EventPublicController::class, 'upload'])->name('events.upload'); }); // Protected tenant API routes (JWT tenants via OAuth guard) Route::middleware(['tenant.token', 'tenant.isolation'])->prefix('tenant')->group(function () { Route::get('me', [OAuthController::class, 'me'])->name('tenant.me'); // Events CRUD Route::apiResource('events', \App\Http\Controllers\Api\Tenant\EventController::class)->only(['index', 'show', 'update', 'destroy'])->parameters([ 'events' => 'event:slug', ]); Route::middleware('credit.check')->post('events', [\App\Http\Controllers\Api\Tenant\EventController::class, 'store'])->name('tenant.events.store'); Route::post('events/bulk-status', [\App\Http\Controllers\Api\Tenant\EventController::class, 'bulkUpdateStatus'])->name('tenant.events.bulk-status'); Route::get('events/search', [\App\Http\Controllers\Api\Tenant\EventController::class, 'search'])->name('tenant.events.search'); // Tasks CRUD and operations Route::apiResource('tasks', \App\Http\Controllers\Api\Tenant\TaskController::class); Route::post('tasks/{task}/assign-event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'assignToEvent']) ->name('tenant.tasks.assign-to-event'); Route::post('tasks/bulk-assign-event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'bulkAssignToEvent']) ->name('tenant.tasks.bulk-assign-to-event'); Route::get('tasks/event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'forEvent']) ->name('tenant.tasks.for-event'); Route::get('tasks/collection/{collection}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'fromCollection']) ->name('tenant.tasks.from-collection'); // Settings routes Route::prefix('settings')->group(function () { Route::get('/', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'index']) ->name('tenant.settings.index'); Route::post('/', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'update']) ->name('tenant.settings.update'); Route::post('/reset', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'reset']) ->name('tenant.settings.reset'); Route::post('/validate-domain', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'validateDomain']) ->name('tenant.settings.validate-domain'); }); Route::prefix('credits')->group(function () { Route::get('balance', [CreditController::class, 'balance'])->name('tenant.credits.balance'); Route::get('ledger', [CreditController::class, 'ledger'])->name('tenant.credits.ledger'); Route::get('history', [CreditController::class, 'history'])->name('tenant.credits.history'); Route::post('purchase', [CreditController::class, 'purchase'])->name('tenant.credits.purchase'); Route::post('sync', [CreditController::class, 'sync'])->name('tenant.credits.sync'); }); }); });