fotospiel-app/routes/web.php

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use Inertia\Inertia;
use Illuminate\Support\Facades\Log;
use App\Http\Controllers\CheckoutController;
use App\Http\Controllers\LocaleController;

Route::get('/lang/{locale}/{namespace}', function ($locale, $namespace) {
    Log::info('Lang route hit', ['locale' => $locale, 'namespace' => $namespace]);
    $path = public_path("lang/{$locale}/{$namespace}.json");
    Log::info('Path checked', ['path' => $path, 'exists' => file_exists($path)]);
    if (!file_exists($path)) {
        abort(404);
    }
    $content = json_decode(file_get_contents($path), true);
    Log::info('JSON loaded', ['keys' => array_keys($content ?? [])]);
    return response()->json($content);
})->where(['locale' => 'de|en', 'namespace' => 'marketing|auth|common']);

// Redirect old prefixed URLs to prefix-free (301 permanent)
Route::any('{locale}/{path?}', function ($locale, $path = '') {
    $cleanPath = $path ? "/$path" : '/';
    return redirect($cleanPath, 301);
})->where([
    'locale' => 'de|en',
    'path' => '.*'
]);

// Set locale route
Route::post('/set-locale', [LocaleController::class, 'set'])->name('locale.set');

// Main routes (prefix-free)
Route::middleware('locale')->group(function () {
    Route::get('/', [\App\Http\Controllers\MarketingController::class, 'index'])->name('marketing');
    Route::get('/packages', [\App\Http\Controllers\MarketingController::class, 'packagesIndex'])->name('packages');
    Route::get('/packages/{id}', function ($id) {
        return redirect("/packages?package_id={$id}");
    })->where('id', '\d+')->name('packages.detail');
    Route::get('/login', [\App\Http\Controllers\Auth\AuthenticatedSessionController::class, 'create'])->name('login');
    Route::post('/login', [\App\Http\Controllers\Auth\AuthenticatedSessionController::class, 'store'])->name('login.store');
    Route::get('/register', [\App\Http\Controllers\Auth\MarketingRegisterController::class, 'create'])->name('register');
    Route::post('/register', [\App\Http\Controllers\Auth\MarketingRegisterController::class, 'store'])->middleware('throttle:6,1')->name('register.store');
    Route::post('/logout', [\App\Http\Controllers\Auth\AuthenticatedSessionController::class, 'destroy'])->name('logout');

    // Blog routes
    Route::get('/blog', [\App\Http\Controllers\MarketingController::class, 'blogIndex'])->name('blog');
    Route::get('/blog/{post}', [\App\Http\Controllers\MarketingController::class, 'blogShow'])->name('blog.show');

    // Legal pages
    Route::get('/impressum', function () {
        return view('legal.impressum');
    })->name('impressum');
    Route::get('/datenschutz', function () {
        return view('legal.datenschutz');
    })->name('datenschutz');
    Route::get('/kontakt', function () {
        return view('legal.kontakt');
    })->name('kontakt');
    Route::post('/kontakt', [\App\Http\Controllers\MarketingController::class, 'contact'])->name('kontakt.submit');

    // Anlässe routes
    Route::get('/anlaesse/{type}', [\App\Http\Controllers\MarketingController::class, 'occasionsType'])
        ->where([
            'type' => 'hochzeit|geburtstag|firmenevent'
        ])
        ->name('anlaesse.type');
});

Route::middleware(['auth', 'verified'])->group(function () {
    Route::get('dashboard', function () {
        return Inertia::render('dashboard');
    })->name('dashboard');
});

require __DIR__.'/settings.php';
// Auth-Routes sind nun in web.php integriert, auth.php nur für andere Auth-Funktionen
require __DIR__.'/auth.php';

 // Guest PWA shell for /event and sub-routes
Route::view('/event/{any?}', 'guest')->where('any', '.*');
Route::view('/e/{any?}', 'guest')->where('any', '.*');
Route::view('/pwa/{any?}', 'guest')->where('any', '.*');

// Minimal public API for Guest PWA (stateless; no CSRF)
Route::prefix('api/v1')->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class])->group(function () {
});

  // Stripe webhooks (no CSRF, no auth)
 Route::post('/webhooks/stripe', [\App\Http\Controllers\StripeWebhookController::class, 'handle']);
  // PayPal IPN webhook
 Route::post('/webhooks/paypal', [\App\Http\Controllers\PayPalWebhookController::class, 'handle']);
 // PayPal IPN webhook
Route::post('/webhooks/paypal', [\App\Http\Controllers\PayPalWebhookController::class, 'handle']);


// CSV templates for Super Admin imports
Route::get('/super-admin/templates/emotions.csv', function () {
    $headers = [
        'Content-Type' => 'text/csv',
        'Content-Disposition' => 'attachment; filename="emotions_template.csv"',
    ];
    $callback = function () {
        $out = fopen('php://output', 'w');
        fputcsv($out, ['name_de','name_en','icon','color','description_de','description_en','sort_order','is_active','event_types']);
        fputcsv($out, ['Fröhlich','Happy','😀','#FFD700','Fröhlicher Moment','Happy moment','0','1','wedding|corporate']);
        fclose($out);
    };
    return response()->stream($callback, 200, $headers);
});

// Tenant Admin PWA shell
Route::view('/admin/{any?}', 'admin')->middleware(['auth', 'verified', 'tenant'])->where('any', '.*');
Route::get('/admin/qr', [\App\Http\Controllers\Admin\QrController::class, 'png'])->middleware(['auth', 'verified', 'tenant']);
Route::get('/super-admin/templates/tasks.csv', function () {
    $headers = [
        'Content-Type' => 'text/csv',
        'Content-Disposition' => 'attachment; filename="tasks_template.csv"',
    ];
    $callback = function () {
        $out = fopen('php://output', 'w');
        fputcsv($out, ['emotion_name','emotion_name_de','emotion_name_en','event_type_slug','title_de','title_en','description_de','description_en','difficulty','example_text_de','example_text_en','sort_order','is_active']);
        fputcsv($out, ['Happy','','','wedding','Gruppenfoto','Group photo','Sammelt euch für ein Foto.','Get together for a photo.','easy','Zeigt eure besten Lächeln.','Show your best smiles.','0','1']);
        fclose($out);
    };
    return response()->stream($callback, 200, $headers);
});

Route::get('/purchase-wizard/{package}', [CheckoutController::class, 'show'])->name('purchase.wizard');
Route::get('/checkout/{package}', [CheckoutController::class, 'show'])->name('checkout.show');
Route::post('/checkout/login', [CheckoutController::class, 'login'])->name('checkout.login');
Route::post('/checkout/register', [CheckoutController::class, 'register'])->name('checkout.register');
Route::get('/buy-packages/{package_id}', [\App\Http\Controllers\MarketingController::class, 'buyPackages'])->name('buy.packages');
Route::middleware('auth')->group(function () {
    Route::get('/profile', [\App\Http\Controllers\ProfileController::class, 'index'])->name('profile');
    Route::get('/profile/account', [\App\Http\Controllers\ProfileController::class, 'account'])->name('profile.account');
    Route::patch('/profile/account', [\App\Http\Controllers\ProfileController::class, 'account'])->name('profile.account.update');
    Route::get('/profile/orders', [\App\Http\Controllers\ProfileController::class, 'orders'])->name('profile.orders');
});

Route::get('/marketing/success/{package_id?}', [\App\Http\Controllers\MarketingController::class, 'success'])->name('marketing.success');