69 lines
4.4 KiB
PHP
69 lines
4.4 KiB
PHP
<?php
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Route;
|
|
use App\Http\Controllers\Api\EventPublicController;
|
|
use App\Http\Controllers\OAuthController;
|
|
use App\Http\Controllers\Tenant\CreditController;
|
|
|
|
// API routes without CSRF protection for guest PWA (stateless)
|
|
Route::prefix('v1')->name('api.v1.')->group(function () {
|
|
// OAuth routes (public)
|
|
Route::get('/oauth/authorize', [OAuthController::class, 'authorize'])->name('oauth.authorize');
|
|
Route::post('/oauth/token', [OAuthController::class, 'token'])->name('oauth.token');
|
|
|
|
// Guest PWA routes (public, throttled, no tenant middleware)
|
|
Route::middleware('throttle:100,1')->group(function () {
|
|
Route::get('/events/{slug}', [EventPublicController::class, 'event'])->name('events.show');
|
|
Route::get('/events/{slug}/stats', [EventPublicController::class, 'stats'])->name('events.stats');
|
|
Route::get('/events/{slug}/emotions', [EventPublicController::class, 'emotions'])->name('events.emotions');
|
|
Route::get('/events/{slug}/tasks', [EventPublicController::class, 'tasks'])->name('events.tasks');
|
|
Route::get('/events/{slug}/photos', [EventPublicController::class, 'photos'])->name('events.photos');
|
|
Route::get('/photos/{id}', [EventPublicController::class, 'photo'])->name('photos.show');
|
|
Route::post('/photos/{id}/like', [EventPublicController::class, 'like'])->name('photos.like');
|
|
Route::post('/events/{slug}/upload', [EventPublicController::class, 'upload'])->name('events.upload');
|
|
});
|
|
|
|
// Protected tenant API routes (require auth:sanctum + tenant middleware)
|
|
Route::middleware(['auth:sanctum', \App\Http\Middleware\TenantTokenGuard::class, \App\Http\Middleware\TenantIsolation::class])->prefix('tenant')->group(function () {
|
|
Route::get('me', [OAuthController::class, 'me'])->name('tenant.me');
|
|
|
|
// Events CRUD
|
|
Route::apiResource('events', \App\Http\Controllers\Api\Tenant\EventController::class)->only(['index', 'show', 'update', 'destroy'])->parameters([
|
|
'events' => 'event:slug',
|
|
]);
|
|
Route::middleware('credit.check')->post('events', [\App\Http\Controllers\Api\Tenant\EventController::class, 'store'])->name('tenant.events.store');
|
|
|
|
Route::post('events/bulk-status', [\App\Http\Controllers\Api\Tenant\EventController::class, 'bulkUpdateStatus'])->name('tenant.events.bulk-status');
|
|
Route::get('events/search', [\App\Http\Controllers\Api\Tenant\EventController::class, 'search'])->name('tenant.events.search');
|
|
|
|
// Tasks CRUD and operations
|
|
Route::apiResource('tasks', \App\Http\Controllers\Api\Tenant\TaskController::class);
|
|
Route::post('tasks/{task}/assign-event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'assignToEvent'])
|
|
->name('tenant.tasks.assign-to-event');
|
|
Route::post('tasks/bulk-assign-event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'bulkAssignToEvent'])
|
|
->name('tenant.tasks.bulk-assign-to-event');
|
|
Route::get('tasks/event/{event}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'forEvent'])
|
|
->name('tenant.tasks.for-event');
|
|
Route::get('tasks/collection/{collection}', [\App\Http\Controllers\Api\Tenant\TaskController::class, 'fromCollection'])
|
|
->name('tenant.tasks.from-collection');
|
|
|
|
// Settings routes
|
|
Route::prefix('settings')->group(function () {
|
|
Route::get('/', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'index'])
|
|
->name('tenant.settings.index');
|
|
Route::post('/', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'update'])
|
|
->name('tenant.settings.update');
|
|
Route::post('/reset', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'reset'])
|
|
->name('tenant.settings.reset');
|
|
Route::post('/validate-domain', [\App\Http\Controllers\Api\Tenant\SettingsController::class, 'validateDomain'])
|
|
->name('tenant.settings.validate-domain');
|
|
});
|
|
|
|
Route::prefix('credits')->group(function () {
|
|
Route::get('balance', [CreditController::class, 'balance'])->name('tenant.credits.balance');
|
|
Route::get('ledger', [CreditController::class, 'ledger'])->name('tenant.credits.ledger');
|
|
Route::get('history', [CreditController::class, 'history'])->name('tenant.credits.history');
|
|
});
|
|
});
|
|
}); |