soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
a949c8d3af5011b86e9ff07d3f7715cffe8e6013
fotospiel-app/docs/prp/03-api.md
Codex Agent a949c8d3af - Wired the checkout wizard for Google “comfort login”: added Socialite controller + dependency, new Google env 
hooks in config/services.php/.env.example, and updated wizard steps/controllers to store session payloads,
attach packages, and surface localized success/error states.
- Retooled payment handling for both Stripe and PayPal, adding richer status management in CheckoutController/
PayPalController, fallback flows in the wizard’s PaymentStep.tsx, and fresh feature tests for intent
creation, webhooks, and the wizard CTA.
- Introduced a consent-aware Matomo analytics stack: new consent context, cookie-banner UI, useAnalytics/
useCtaExperiment hooks, and MatomoTracker component, then instrumented marketing pages (Home, Packages,
Checkout) with localized copy and experiment tracking.
- Polished package presentation across marketing UIs by centralizing formatting in PresentsPackages, surfacing
localized description tables/placeholders, tuning badges/layouts, and syncing guest/marketing translations.
- Expanded docs & reference material (docs/prp/*, TODOs, public gallery overview) and added a Playwright smoke
test for the hero CTA while reconciling outstanding checklist items.
2025-10-19 11:41:03 +02:00

2.4 KiB
Raw Blame History

03 — API Contract

  • Base URL: /api/v1
  • Auth
    • Tenant apps: OAuth2 Authorization Code + PKCE, refresh tokens.
    • Super Admin: session-authenticated Filament (web only).
  • Common
    • Pagination: page, per_page (max 100).
    • Errors: { error: { code, message, trace_id }, details?: {...} }.
    • Rate limits: per-tenant and per-device for tenant apps; 429 with x-rate-limit-* headers.

Key Endpoints (abridged)

  • Auth: /oauth/authorize, /oauth/token, /oauth/token/refresh.
  • Tenants (Super Admin only): list/read; no create via API for MVP.
  • Events (tenant): CRUD, publish, archive; unique by tenant_id + slug.
  • Photos (tenant): signed upload URL, create, list, moderate, feature.
  • Emotions & Tasks: list, tenant overrides; task library scoping.
  • Purchases & Ledger: create purchase intent, webhook ingest, ledger list.
  • Settings: read/update tenant theme, limits, legal page links.

Guest Polling (no WebSockets in v1)

  • GET /events/{token}/stats — lightweight counters for Home info bar.
    • Response: { online_guests: number, tasks_solved: number, latest_photo_at: ISO8601 }.
    • Cache: Cache-Control: no-store; include ETag for conditional requests.
  • GET /events/{token}/photos?since=<ISO8601|cursor> — incremental gallery refresh.
    • Response: { data: Photo[], next_cursor?: string, latest_photo_at: ISO8601 }.
    • Use If-None-Match or If-Modified-Since to return 304 Not Modified when unchanged.
  • Legacy slug-based guest endpoints have been removed; tokens are mandatory for public access.

Webhooks

  • Payment provider events, media pipeline status, and deletion callbacks. All signed with shared secret per provider.
  • RevenueCat webhook: POST /api/v1/webhooks/revenuecat signed via X-Signature (HMAC SHA1/256). Dispatches ProcessRevenueCatWebhook to credit tenants and sync subscription expiry.

Public Gallery

  • GET /gallery/{token}: returns event snapshot + branding colors; responds with 410 once the package gallery window expires.
  • GET /gallery/{token}/photos?cursor=&limit=: cursor-based pagination of approved photos. Response shape { data: Photo[], next_cursor: string|null }.
  • GET /gallery/{token}/photos/{photo}/download: streams or redirects to an approved original. Returns 404 if the asset is gone.

Tenant Admin Downloads

  • GET /tenant/events/{event}/photos/archive: authenticated ZIP export of all approved photos for an event. Returns 404 when none exist.
Reference in New Issue View Git Blame Copy Permalink