soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
9e4e9a0d879889ea0fc226a02ec04b82ed1b945e
fotospiel-app/routes/api.php
Codex Agent 928d28fcaf implemented a lot of security measures
2025-12-09 20:29:32 +01:00

320 lines
20 KiB
PHP
Raw Blame History

<?php
use App\Http\Controllers\Api\EventPublicController;
use App\Http\Controllers\Api\HelpController;
use App\Http\Controllers\Api\LegalController;
use App\Http\Controllers\Api\Marketing\CouponPreviewController;
use App\Http\Controllers\Api\PackageController;
use App\Http\Controllers\Api\SparkboothUploadController;
use App\Http\Controllers\Api\Tenant\DashboardController;
use App\Http\Controllers\Api\Tenant\EmotionController;
use App\Http\Controllers\Api\Tenant\EventAddonCatalogController;
use App\Http\Controllers\Api\Tenant\EventAddonController;
use App\Http\Controllers\Api\Tenant\EventController;
use App\Http\Controllers\Api\Tenant\EventGuestNotificationController;
use App\Http\Controllers\Api\Tenant\EventJoinTokenController;
use App\Http\Controllers\Api\Tenant\EventJoinTokenLayoutController;
use App\Http\Controllers\Api\Tenant\EventMemberController;
use App\Http\Controllers\Api\Tenant\EventTypeController;
use App\Http\Controllers\Api\Tenant\FontController;
use App\Http\Controllers\Api\Tenant\NotificationLogController;
use App\Http\Controllers\Api\Tenant\OnboardingController;
use App\Http\Controllers\Api\Tenant\PhotoboothController;
use App\Http\Controllers\Api\Tenant\PhotoController;
use App\Http\Controllers\Api\Tenant\ProfileController;
use App\Http\Controllers\Api\Tenant\SettingsController;
use App\Http\Controllers\Api\Tenant\TaskCollectionController;
use App\Http\Controllers\Api\Tenant\TaskController;
use App\Http\Controllers\Api\Tenant\TenantAdminTokenController;
use App\Http\Controllers\Api\Tenant\TenantFeedbackController;
use App\Http\Controllers\Api\TenantBillingController;
use App\Http\Controllers\Api\TenantPackageController;
use App\Http\Controllers\RevenueCatWebhookController;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Session\Middleware\StartSession;
use Illuminate\Support\Facades\Route;
Route::prefix('v1')->name('api.v1.')->group(function () {
Route::prefix('marketing')->name('marketing.')->group(function () {
Route::post('/coupons/preview', CouponPreviewController::class)
->middleware('throttle:coupon-preview')
->name('coupons.preview');
Route::post('/gift-vouchers/checkout', [\App\Http\Controllers\Api\Marketing\GiftVoucherCheckoutController::class, 'store'])
->middleware('throttle:60,1')
->name('gift-vouchers.checkout');
Route::get('/gift-vouchers/tiers', [\App\Http\Controllers\Api\Marketing\GiftVoucherCheckoutController::class, 'tiers'])
->middleware('throttle:60,1')
->name('gift-vouchers.tiers');
Route::get('/gift-vouchers/lookup', [\App\Http\Controllers\Api\Marketing\GiftVoucherCheckoutController::class, 'show'])
->middleware('throttle:gift-lookup')
->name('gift-vouchers.lookup');
Route::post('/gift-vouchers/resend', \App\Http\Controllers\Api\Marketing\GiftVoucherResendController::class)
->middleware('throttle:gift-resend')
->name('gift-vouchers.resend');
});
Route::post('/webhooks/revenuecat', [RevenueCatWebhookController::class, 'handle'])
->middleware('throttle:60,1')
->name('webhooks.revenuecat');
Route::prefix('tenant-auth')->name('tenant-auth.')->group(function () {
Route::post('/login', [TenantAdminTokenController::class, 'store'])
->middleware('throttle:tenant-auth')
->name('login');
Route::middleware([EncryptCookies::class, AddQueuedCookiesToResponse::class, StartSession::class])->group(function () {
Route::post('/exchange', [TenantAdminTokenController::class, 'exchange'])
->middleware('throttle:tenant-auth')
->name('exchange');
});
Route::middleware(['auth:sanctum', 'tenant.admin'])->group(function () {
Route::post('/logout', [TenantAdminTokenController::class, 'destroy'])->name('logout');
Route::get('/me', [TenantAdminTokenController::class, 'me'])->name('me');
});
});
Route::middleware('throttle:100,1')->group(function () {
Route::get('/help', [HelpController::class, 'index'])->name('help.index');
Route::get('/help/{slug}', [HelpController::class, 'show'])->name('help.show');
Route::get('/legal/{slug}', [LegalController::class, 'show'])->name('legal.show');
Route::get('/events/{token}', [EventPublicController::class, 'event'])->name('events.show');
Route::get('/events/{token}/stats', [EventPublicController::class, 'stats'])->name('events.stats');
Route::get('/events/{token}/package', [EventPublicController::class, 'package'])->name('events.package');
Route::get('/events/{token}/notifications', [EventPublicController::class, 'notifications'])->name('events.notifications');
Route::post('/events/{token}/notifications/{notification}/read', [EventPublicController::class, 'markNotificationRead'])
->whereNumber('notification')
->name('events.notifications.read');
Route::post('/events/{token}/notifications/{notification}/dismiss', [EventPublicController::class, 'dismissNotification'])
->whereNumber('notification')
->name('events.notifications.dismiss');
Route::post('/events/{token}/push-subscriptions', [EventPublicController::class, 'registerPushSubscription'])
->name('events.push-subscriptions.store');
Route::delete('/events/{token}/push-subscriptions', [EventPublicController::class, 'destroyPushSubscription'])
->name('events.push-subscriptions.destroy');
Route::get('/events/{token}/achievements', [EventPublicController::class, 'achievements'])->name('events.achievements');
Route::get('/events/{token}/emotions', [EventPublicController::class, 'emotions'])->name('events.emotions');
Route::get('/events/{token}/tasks', [EventPublicController::class, 'tasks'])->name('events.tasks');
Route::get('/events/{token}/photos', [EventPublicController::class, 'photos'])->name('events.photos');
Route::get('/photos/{id}', [EventPublicController::class, 'photo'])->name('photos.show');
Route::post('/photos/{id}/like', [EventPublicController::class, 'like'])->name('photos.like');
Route::post('/events/{token}/photos/{photo}/share', [EventPublicController::class, 'createShareLink'])
->whereNumber('photo')
->name('photos.share');
Route::get('/photo-shares/{slug}', [EventPublicController::class, 'shareLink'])->name('photo-shares.show');
Route::get('/photo-shares/{slug}/asset/{variant}', [EventPublicController::class, 'shareLinkAsset'])
->middleware('signed')
->name('photo-shares.asset');
Route::post('/events/{token}/upload', [EventPublicController::class, 'upload'])->name('events.upload');
Route::get('/branding/asset/{path}', [EventPublicController::class, 'brandingAsset'])
->where('path', '.*')
->middleware('signed')
->name('branding.asset');
Route::get('/gallery/{token}', [EventPublicController::class, 'gallery'])->name('gallery.show');
Route::get('/gallery/{token}/photos', [EventPublicController::class, 'galleryPhotos'])->name('gallery.photos');
Route::get('/gallery/{token}/photos/{photo}/download', [EventPublicController::class, 'galleryPhotoDownload'])
->whereNumber('photo')
->middleware('signed')
->name('gallery.photos.download');
Route::get('/gallery/{token}/photos/{photo}/{variant}', [EventPublicController::class, 'galleryPhotoAsset'])
->whereNumber('photo')
->where('variant', 'thumbnail|full')
->middleware('signed')
->name('gallery.photos.asset');
Route::post('/photobooth/sparkbooth/upload', [SparkboothUploadController::class, 'store'])
->name('photobooth.sparkbooth.upload');
});
Route::middleware(['auth:sanctum', 'tenant.collaborator', 'tenant.isolation', 'throttle:tenant-api'])->prefix('tenant')->group(function () {
Route::get('profile', [ProfileController::class, 'show'])
->middleware('tenant.admin')
->name('tenant.profile.show');
Route::put('profile', [ProfileController::class, 'update'])
->middleware('tenant.admin')
->name('tenant.profile.update');
Route::get('fonts', [FontController::class, 'index'])->name('tenant.fonts.index');
Route::get('onboarding', [OnboardingController::class, 'show'])
->middleware('tenant.admin')
->name('tenant.onboarding.show');
Route::post('onboarding', [OnboardingController::class, 'store'])
->middleware('tenant.admin')
->name('tenant.onboarding.store');
Route::get('me', [TenantAdminTokenController::class, 'legacyTenantMe'])
->name('tenant.me');
Route::get('dashboard', DashboardController::class)
->middleware('tenant.admin')
->name('tenant.dashboard');
Route::get('event-types', EventTypeController::class)->name('tenant.event-types.index');
Route::get('events', [EventController::class, 'index'])
->name('tenant.events.index');
Route::get('events/{event:slug}', [EventController::class, 'show'])
->name('tenant.events.show');
Route::delete('events/{event:slug}', [EventController::class, 'destroy'])
->middleware('tenant.admin')
->name('tenant.events.destroy');
Route::middleware(['package.check', 'credit.check', 'tenant.admin'])->group(function () {
Route::post('events', [EventController::class, 'store'])->name('tenant.events.store');
Route::match(['put', 'patch'], 'events/{event:slug}', [EventController::class, 'update'])->name('tenant.events.update');
});
Route::prefix('events/{event:slug}')->scopeBindings()->group(function () {
Route::middleware('tenant.admin')->group(function () {
Route::get('stats', [EventController::class, 'stats'])->name('tenant.events.stats');
Route::post('toggle', [EventController::class, 'toggle'])->name('tenant.events.toggle');
Route::post('invites', [EventController::class, 'createInvite'])->name('tenant.events.invites');
Route::get('toolkit', [EventController::class, 'toolkit'])->name('tenant.events.toolkit');
Route::get('guest-notifications', [EventGuestNotificationController::class, 'index'])->name('tenant.events.guest-notifications.index');
Route::post('guest-notifications', [EventGuestNotificationController::class, 'store'])->name('tenant.events.guest-notifications.store');
Route::post('addons/apply', [EventAddonController::class, 'apply'])->name('tenant.events.addons.apply');
Route::post('addons/checkout', [EventAddonController::class, 'checkout'])->name('tenant.events.addons.checkout');
});
Route::prefix('join-tokens')->group(function () {
Route::get('/', [EventJoinTokenController::class, 'index'])->name('tenant.events.join-tokens.index');
Route::post('/', [EventJoinTokenController::class, 'store'])->name('tenant.events.join-tokens.store');
Route::get('{joinToken}/layouts', [EventJoinTokenLayoutController::class, 'index'])
->whereNumber('joinToken')
->name('tenant.events.join-tokens.layouts.index');
Route::get('{joinToken}/layouts/{layout}.{format}', [EventJoinTokenLayoutController::class, 'download'])
->whereNumber('joinToken')
->where('format', 'pdf|png')
->name('tenant.events.join-tokens.layouts.download');
Route::patch('{joinToken}', [EventJoinTokenController::class, 'update'])
->whereNumber('joinToken')
->name('tenant.events.join-tokens.update');
Route::delete('{joinToken}', [EventJoinTokenController::class, 'destroy'])
->whereNumber('joinToken')
->name('tenant.events.join-tokens.destroy');
});
Route::prefix('photos')->group(function () {
Route::get('/', [PhotoController::class, 'index'])->name('tenant.events.photos.index');
Route::post('/', [PhotoController::class, 'store'])->name('tenant.events.photos.store');
Route::get('{photo}', [PhotoController::class, 'show'])->name('tenant.events.photos.show');
Route::patch('{photo}', [PhotoController::class, 'update'])->name('tenant.events.photos.update');
Route::delete('{photo}', [PhotoController::class, 'destroy'])->name('tenant.events.photos.destroy');
Route::post('{photo}/feature', [PhotoController::class, 'feature'])->name('tenant.events.photos.feature');
Route::post('{photo}/unfeature', [PhotoController::class, 'unfeature'])->name('tenant.events.photos.unfeature');
Route::post('{photo}/visibility', [PhotoController::class, 'visibility'])->name('tenant.events.photos.visibility');
Route::post('bulk-approve', [PhotoController::class, 'bulkApprove'])->name('tenant.events.photos.bulk-approve');
Route::post('bulk-reject', [PhotoController::class, 'bulkReject'])->name('tenant.events.photos.bulk-reject');
Route::get('moderation', [PhotoController::class, 'forModeration'])->name('tenant.events.photos.for-moderation');
Route::get('stats', [PhotoController::class, 'stats'])->name('tenant.events.photos.stats');
});
Route::prefix('photobooth')->middleware('tenant.admin')->group(function () {
Route::get('/', [PhotoboothController::class, 'show'])->name('tenant.events.photobooth.show');
Route::post('/enable', [PhotoboothController::class, 'enable'])->name('tenant.events.photobooth.enable');
Route::post('/rotate', [PhotoboothController::class, 'rotate'])->name('tenant.events.photobooth.rotate');
Route::post('/disable', [PhotoboothController::class, 'disable'])->name('tenant.events.photobooth.disable');
});
Route::get('members', [EventMemberController::class, 'index'])
->middleware('tenant.admin')
->name('tenant.events.members.index');
Route::post('members', [EventMemberController::class, 'store'])
->middleware('tenant.admin')
->name('tenant.events.members.store');
Route::delete('members/{member}', [EventMemberController::class, 'destroy'])
->middleware('tenant.admin')
->whereNumber('member')
->name('tenant.events.members.destroy');
});
Route::post('events/bulk-status', [EventController::class, 'bulkUpdateStatus'])
->middleware('tenant.admin')
->name('tenant.events.bulk-status');
Route::get('events/search', [EventController::class, 'search'])
->name('tenant.events.search');
Route::apiResource('tasks', TaskController::class);
Route::post('tasks/{task}/assign-event/{event}', [TaskController::class, 'assignToEvent'])
->name('tenant.tasks.assign-to-event');
Route::post('tasks/bulk-assign-event/{event}', [TaskController::class, 'bulkAssignToEvent'])
->name('tenant.tasks.bulk-assign-to-event');
Route::get('tasks/event/{event}', [TaskController::class, 'forEvent'])
->name('tenant.tasks.for-event');
Route::get('tasks/collection/{collection}', [TaskController::class, 'fromCollection'])
->name('tenant.tasks.from-collection');
Route::post('tasks/bulk-detach-event/{event}', [TaskController::class, 'bulkDetachFromEvent'])
->name('tenant.tasks.bulk-detach-from-event');
Route::post('tasks/event/{event}/reorder', [TaskController::class, 'reorderForEvent'])
->name('tenant.tasks.reorder-for-event');
Route::get('task-collections', [TaskCollectionController::class, 'index'])
->name('tenant.task-collections.index');
Route::get('task-collections/{collection}', [TaskCollectionController::class, 'show'])
->name('tenant.task-collections.show');
Route::post('task-collections/{collection}/activate', [TaskCollectionController::class, 'activate'])
->name('tenant.task-collections.activate');
Route::middleware('tenant.admin')->group(function () {
Route::get('emotions', [EmotionController::class, 'index'])->name('tenant.emotions.index');
Route::post('emotions', [EmotionController::class, 'store'])->name('tenant.emotions.store');
Route::patch('emotions/{emotion}', [EmotionController::class, 'update'])->name('tenant.emotions.update');
});
Route::prefix('settings')->middleware('tenant.admin')->group(function () {
Route::get('/', [SettingsController::class, 'index'])
->name('tenant.settings.index');
Route::post('/', [SettingsController::class, 'update'])
->name('tenant.settings.update');
Route::post('/reset', [SettingsController::class, 'reset'])
->name('tenant.settings.reset');
Route::post('/validate-domain', [SettingsController::class, 'validateDomain'])
->name('tenant.settings.validate-domain');
Route::get('/notifications', [SettingsController::class, 'notificationPreferences'])
->name('tenant.settings.notifications.index');
Route::post('/notifications', [SettingsController::class, 'updateNotificationPreferences'])
->name('tenant.settings.notifications.update');
});
Route::get('notifications/logs', [NotificationLogController::class, 'index'])
->middleware('tenant.admin')
->name('tenant.notifications.logs.index');
Route::prefix('packages')->middleware('tenant.admin')->group(function () {
Route::get('/', [PackageController::class, 'index'])->name('packages.index');
Route::post('/purchase', [PackageController::class, 'purchase'])->name('packages.purchase');
Route::post('/payment-intent', [PackageController::class, 'createPaymentIntent'])->name('packages.payment-intent');
Route::post('/complete', [PackageController::class, 'completePurchase'])->name('packages.complete');
Route::post('/free', [PackageController::class, 'assignFree'])->name('packages.free');
Route::post('/paddle-checkout', [PackageController::class, 'createPaddleCheckout'])->name('packages.paddle-checkout');
});
Route::get('addons/catalog', [EventAddonCatalogController::class, 'index'])
->middleware('tenant.admin')
->name('tenant.addons.catalog');
Route::prefix('tenant/packages')->middleware('tenant.admin')->group(function () {
Route::get('/', [TenantPackageController::class, 'index'])->name('tenant.packages.index');
});
Route::prefix('billing')->middleware('tenant.admin')->group(function () {
Route::get('transactions', [TenantBillingController::class, 'transactions'])
->name('tenant.billing.transactions');
Route::get('addons', [TenantBillingController::class, 'addons'])
->name('tenant.billing.addons');
});
Route::prefix('tenant/billing')->middleware('tenant.admin')->group(function () {
Route::get('transactions', [TenantBillingController::class, 'transactions']);
Route::get('addons', [TenantBillingController::class, 'addons']);
});
Route::post('feedback', [TenantFeedbackController::class, 'store'])
->name('tenant.feedback.store');
});
});
if (app()->environment(['local', 'testing'])) {
require __DIR__.'/testing.php';
}
Reference in New Issue View Git Blame Copy Permalink