diff --git a/app/Http/Controllers/Api/AuthController.php b/app/Http/Controllers/Api/AuthController.php index 7c1e500..5c793b2 100755 --- a/app/Http/Controllers/Api/AuthController.php +++ b/app/Http/Controllers/Api/AuthController.php @@ -1,26 +1,30 @@ validate([ - 'username' => ['required', 'string'], - 'password' => ['required'], - ]); - $username = $request->input('username'); $user = User::where('username', $username) ->orWhere('mail', $username) @@ -29,16 +33,16 @@ class AuthController extends Controller $credentialsValid = $user && Hash::check($request->input('password'), $user->password); if (! $credentialsValid) { - Hash::make($request->input('password')); + Hash::check($request->input('password'), Hash::make('timing-attack-prevention')); throw ValidationException::withMessages([ - 'email' => ['The provided credentials are incorrect.'], + 'username' => ['The provided credentials are incorrect.'], ]); } if ($user->is_banned) { throw ValidationException::withMessages([ - 'email' => ['Your account has been banned.'], + 'username' => ['Your account has been banned.'], ]); } @@ -47,66 +51,31 @@ class AuthController extends Controller $token = $user->createToken('auth-token')->plainTextToken; return response()->json([ - 'user' => [ - 'id' => (string) $user->id, - 'email' => $user->mail, - 'username' => $user->username, - 'look' => $user->look, - ], + 'user' => new UserApiResource($user), 'token' => $token, ]); } - public function register(Request $request): JsonResponse + public function register(RegisterRequest $request): JsonResponse { $createNewUser = new CreateNewUser; - try { - $validated = $request->validate([ - 'username' => ['required', 'string', 'max:50'], - 'password' => ['required', 'string', 'min:6'], - 'mail' => ['required', 'email', 'max:255'], - 'look' => ['nullable', 'string'], - 'motto' => ['nullable', 'string', 'max:100'], - ]); + $user = $createNewUser->create($request->validated()); - $user = $createNewUser->create($validated); - - $token = $user->createToken('auth-token')->plainTextToken; - - return response()->json([ - 'user' => [ - 'id' => (string) $user->id, - 'email' => $user->mail, - 'username' => $user->username, - 'look' => $user->look, - ], - 'token' => $token, - ], 201); - } catch (ValidationException $e) { - return response()->json([ - 'errors' => $e->errors(), - ], 422); - } - } - - public function user(Request $request): JsonResponse - { - $user = $request->user(); + $token = $user->createToken('auth-token')->plainTextToken; return response()->json([ - 'id' => (string) $user->id, - 'email' => $user->mail, - 'username' => $user->username, - 'look' => $user->look, - 'motto' => $user->motto ?? '', - 'credits' => $user->credits ?? 0, - 'pixels' => $user->pixels ?? 0, - 'diamonds' => $user->diamonds ?? 0, - ]); + 'user' => new UserApiResource($user), + 'token' => $token, + ], 201); } - public function logout(Request $request): JsonResponse + public function user(\Illuminate\Http\Request $request): JsonResponse + { + return response()->json(new UserApiResource($request->user())); + } + + public function logout(\Illuminate\Http\Request $request): JsonResponse { $request->user()->currentAccessToken()->delete(); @@ -118,69 +87,45 @@ class AuthController extends Controller $articles = WebsiteArticle::with(['user:id,username,look']) ->latest('id') ->take(4) - ->get() - ->map(fn ($article) => [ - 'id' => $article->id, - 'title' => $article->title, - 'slug' => $article->slug, - 'image' => $article->image, - 'excerpt' => $article->excerpt, - 'user' => $article->user, - 'created_at' => $article->created_at, - ]); + ->get(); $photos = CameraWeb::query() ->latest('id') ->take(4) ->where('visible', true) ->with('user:id,username,look') - ->get() - ->map(fn ($photo) => [ - 'id' => $photo->id, - 'image' => $photo->image, - 'user' => $photo->user, - ]); + ->get(); return response()->json([ - 'articles' => $articles, - 'photos' => $photos, + 'articles' => ArticleResource::collection($articles), + 'photos' => PhotoResource::collection($photos), ]); } - public function updateUser(Request $request): JsonResponse + public function updateUser(UpdateUserRequest $request): JsonResponse { $user = $request->user(); + $user->update($request->validated()); - $validated = $request->validate([ - 'motto' => ['nullable', 'string', 'max:100'], - 'look' => ['nullable', 'string'], - ]); - - $user->update($validated); - - return response()->json([ - 'id' => (string) $user->id, - 'email' => $user->mail, - 'username' => $user->username, - 'look' => $user->look, - 'motto' => $user->motto, - 'credits' => $user->credits, - 'pixels' => $user->pixels, - 'diamonds' => $user->diamonds, - ]); + return response()->json(new UserApiResource($user)); } - public function articleComment(Request $request, string $slug): JsonResponse + public function updatePassword(UpdatePasswordRequest $request): JsonResponse + { + $request->user()->update([ + 'password' => Hash::make($request->input('password')), + ]); + + return response()->json(['message' => 'Password updated successfully']); + } + + public function articleComment(ArticleCommentRequest $request, string $slug): JsonResponse { $article = WebsiteArticle::where('slug', $slug)->firstOrFail(); - $validated = $request->validate([ - 'comment' => ['required', 'string', 'max:1000'], - ]); - $comment = $article->comments()->create([ 'user_id' => $request->user()->id, - 'comment' => strip_tags((string) $validated['comment']), + 'comment' => strip_tags((string) $request->input('comment')), ]); return response()->json([ diff --git a/app/Http/Controllers/Api/HotelApiController.php b/app/Http/Controllers/Api/HotelApiController.php index c5229b3..6baae4a 100755 --- a/app/Http/Controllers/Api/HotelApiController.php +++ b/app/Http/Controllers/Api/HotelApiController.php @@ -1,8 +1,20 @@ paginate(12); return response()->json([ - 'data' => $articles->items(), + 'data' => ArticleResource::collection($articles), 'meta' => [ 'current_page' => $articles->currentPage(), 'last_page' => $articles->lastPage(), @@ -78,7 +90,7 @@ class HotelApiController extends Controller ->firstOrFail(); return response()->json([ - 'data' => $article, + 'data' => new ArticleResource($article), ]); } @@ -90,7 +102,7 @@ class HotelApiController extends Controller ->paginate(12); return response()->json([ - 'data' => $photos->items(), + 'data' => PhotoResource::collection($photos), 'meta' => [ 'current_page' => $photos->currentPage(), 'last_page' => $photos->lastPage(), @@ -113,20 +125,8 @@ class HotelApiController extends Controller { $packages = WebsiteShopArticle::latest('id')->paginate(12); - $mapped = $packages->items()->map(fn ($pkg) => [ - 'id' => $pkg->id, - 'title' => $pkg->name, - 'description' => $pkg->description, - 'price' => $pkg->price(), - 'credits' => null, - 'pixels' => null, - 'diamonds' => null, - 'image' => null, - 'currency' => 'credits', - ]); - return response()->json([ - 'data' => $mapped, + 'data' => ShopPackageResource::collection($packages), 'meta' => [ 'current_page' => $packages->currentPage(), 'last_page' => $packages->lastPage(), @@ -175,7 +175,7 @@ class HotelApiController extends Controller ->get(['id', 'username', 'look', 'motto', 'credits', 'pixels']); return response()->json([ - 'data' => $users, + 'data' => LeaderboardUserResource::collection($users), 'type' => $type, ]); } @@ -249,7 +249,7 @@ class HotelApiController extends Controller ->paginate(10); return response()->json([ - 'data' => $tickets->items(), + 'data' => HelpTicketResource::collection($tickets), 'meta' => [ 'current_page' => $tickets->currentPage(), 'last_page' => $tickets->lastPage(), @@ -264,16 +264,12 @@ class HotelApiController extends Controller ->where('id', $id) ->firstOrFail(); - return response()->json(['data' => $ticket]); + return response()->json(['data' => new HelpTicketResource($ticket)]); } - public function helpTicketCreate(Request $request): JsonResponse + public function helpTicketCreate(HelpTicketRequest $request): JsonResponse { - $validated = $request->validate([ - 'subject' => ['required', 'string', 'max:200'], - 'category' => ['required', 'string', 'max:100'], - 'message' => ['required', 'string', 'max:5000'], - ]); + $validated = $request->validated(); $ticket = WebsiteHelpCenterTicket::create([ 'user_id' => $request->user()->id, @@ -287,32 +283,26 @@ class HotelApiController extends Controller 'message' => $validated['message'], ]); - return response()->json(['data' => $ticket], 201); + return response()->json(['data' => new HelpTicketResource($ticket)], 201); } - public function helpTicketReply(Request $request, string $id): JsonResponse + public function helpTicketReply(HelpTicketReplyRequest $request, string $id): JsonResponse { - $validated = $request->validate(['message' => 'required', 'string', 'max:5000']); - $ticket = WebsiteHelpCenterTicket::where('id', $id) ->where('user_id', $request->user()->id) ->firstOrFail(); $reply = $ticket->replies()->create([ 'user_id' => $request->user()->id, - 'message' => $validated['message'], + 'message' => $request->input('message'), ]); return response()->json(['data' => $reply->load('user:id,username,look')], 201); } - public function uploadPhoto(Request $request): JsonResponse + public function uploadPhoto(PhotoUploadRequest $request): JsonResponse { - $validated = $request->validate([ - 'image' => ['required', 'image', 'max:5120'], - ]); - - $path = $validated['image']->store('photos', 'public'); + $path = $request->file('image')->store('photos', 'public'); $photo = CameraWeb::create([ 'user_id' => $request->user()->id, @@ -320,7 +310,7 @@ class HotelApiController extends Controller 'visible' => true, ]); - return response()->json(['data' => $photo], 201); + return response()->json(['data' => new PhotoResource($photo)], 201); } public function purchasePackage(Request $request, int $packageId): JsonResponse diff --git a/app/Http/Requests/Api/ArticleCommentRequest.php b/app/Http/Requests/Api/ArticleCommentRequest.php new file mode 100755 index 0000000..6ddb133 --- /dev/null +++ b/app/Http/Requests/Api/ArticleCommentRequest.php @@ -0,0 +1,23 @@ + ['required', 'string', 'max:1000', new WebsiteWordfilterRule], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Requests/Api/HelpTicketReplyRequest.php b/app/Http/Requests/Api/HelpTicketReplyRequest.php new file mode 100755 index 0000000..6c56991 --- /dev/null +++ b/app/Http/Requests/Api/HelpTicketReplyRequest.php @@ -0,0 +1,22 @@ + ['required', 'string', 'max:5000'], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Requests/Api/HelpTicketRequest.php b/app/Http/Requests/Api/HelpTicketRequest.php new file mode 100755 index 0000000..87a33f3 --- /dev/null +++ b/app/Http/Requests/Api/HelpTicketRequest.php @@ -0,0 +1,24 @@ + ['required', 'string', 'max:200'], + 'category' => ['required', 'string', 'max:100'], + 'message' => ['required', 'string', 'max:5000'], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Requests/Api/LoginRequest.php b/app/Http/Requests/Api/LoginRequest.php new file mode 100755 index 0000000..e33a45d --- /dev/null +++ b/app/Http/Requests/Api/LoginRequest.php @@ -0,0 +1,23 @@ + ['required', 'string'], + 'password' => ['required'], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Requests/Api/PhotoUploadRequest.php b/app/Http/Requests/Api/PhotoUploadRequest.php new file mode 100755 index 0000000..a0c4938 --- /dev/null +++ b/app/Http/Requests/Api/PhotoUploadRequest.php @@ -0,0 +1,22 @@ + ['required', 'image', 'max:5120'], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Requests/Api/RegisterRequest.php b/app/Http/Requests/Api/RegisterRequest.php new file mode 100755 index 0000000..8e1fc3f --- /dev/null +++ b/app/Http/Requests/Api/RegisterRequest.php @@ -0,0 +1,26 @@ + ['required', 'string', 'max:50'], + 'password' => ['required', 'string', 'min:6'], + 'mail' => ['required', 'email', 'max:255'], + 'look' => ['nullable', 'string'], + 'motto' => ['nullable', 'string', 'max:100'], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Requests/Api/UpdatePasswordRequest.php b/app/Http/Requests/Api/UpdatePasswordRequest.php new file mode 100755 index 0000000..1305d9e --- /dev/null +++ b/app/Http/Requests/Api/UpdatePasswordRequest.php @@ -0,0 +1,24 @@ + ['required', 'current_password'], + 'password' => ['required', 'string', 'min:6', 'confirmed'], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Requests/Api/UpdateUserRequest.php b/app/Http/Requests/Api/UpdateUserRequest.php new file mode 100755 index 0000000..5d1f1b1 --- /dev/null +++ b/app/Http/Requests/Api/UpdateUserRequest.php @@ -0,0 +1,23 @@ + ['nullable', 'string', 'max:100'], + 'look' => ['nullable', 'string'], + ]; + } + + public function authorize(): bool + { + return true; + } +} diff --git a/app/Http/Resources/Api/ArticleResource.php b/app/Http/Resources/Api/ArticleResource.php new file mode 100755 index 0000000..56b3bbf --- /dev/null +++ b/app/Http/Resources/Api/ArticleResource.php @@ -0,0 +1,25 @@ + $this->id, + 'title' => $this->title, + 'slug' => $this->slug, + 'image' => $this->image, + 'excerpt' => $this->excerpt, + 'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)), + 'created_at' => $this->created_at, + ]; + } +} diff --git a/app/Http/Resources/Api/HelpTicketReplyResource.php b/app/Http/Resources/Api/HelpTicketReplyResource.php new file mode 100755 index 0000000..57e3849 --- /dev/null +++ b/app/Http/Resources/Api/HelpTicketReplyResource.php @@ -0,0 +1,24 @@ + $this->id, + 'ticket_id' => $this->ticket_id, + 'user_id' => $this->user_id, + 'message' => $this->message, + 'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)), + 'created_at' => $this->created_at, + ]; + } +} diff --git a/app/Http/Resources/Api/HelpTicketResource.php b/app/Http/Resources/Api/HelpTicketResource.php new file mode 100755 index 0000000..87bb062 --- /dev/null +++ b/app/Http/Resources/Api/HelpTicketResource.php @@ -0,0 +1,27 @@ + $this->id, + 'user_id' => $this->user_id, + 'subject' => $this->subject, + 'category' => $this->category, + 'status' => $this->status, + 'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)), + 'replies' => $this->whenLoaded('replies', fn () => HelpTicketReplyResource::collection($this->replies)), + 'created_at' => $this->created_at, + 'updated_at' => $this->updated_at, + ]; + } +} diff --git a/app/Http/Resources/Api/LeaderboardUserResource.php b/app/Http/Resources/Api/LeaderboardUserResource.php new file mode 100755 index 0000000..2db5b56 --- /dev/null +++ b/app/Http/Resources/Api/LeaderboardUserResource.php @@ -0,0 +1,24 @@ + (string) $this->id, + 'username' => $this->username, + 'look' => $this->look, + 'motto' => $this->motto, + 'credits' => $this->credits, + 'pixels' => $this->pixels, + ]; + } +} diff --git a/app/Http/Resources/Api/PhotoResource.php b/app/Http/Resources/Api/PhotoResource.php new file mode 100755 index 0000000..b4f04ef --- /dev/null +++ b/app/Http/Resources/Api/PhotoResource.php @@ -0,0 +1,21 @@ + $this->id, + 'image' => $this->image, + 'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)), + ]; + } +} diff --git a/app/Http/Resources/Api/ShopPackageResource.php b/app/Http/Resources/Api/ShopPackageResource.php new file mode 100755 index 0000000..f5ab52e --- /dev/null +++ b/app/Http/Resources/Api/ShopPackageResource.php @@ -0,0 +1,27 @@ + $this->id, + 'title' => $this->name, + 'description' => $this->description, + 'price' => $this->price(), + 'credits' => null, + 'pixels' => null, + 'diamonds' => null, + 'image' => null, + 'currency' => 'credits', + ]; + } +} diff --git a/app/Http/Resources/Api/UserApiResource.php b/app/Http/Resources/Api/UserApiResource.php new file mode 100755 index 0000000..5bbf2aa --- /dev/null +++ b/app/Http/Resources/Api/UserApiResource.php @@ -0,0 +1,26 @@ + (string) $this->id, + 'email' => $this->mail, + 'username' => $this->username, + 'look' => $this->look, + 'motto' => $this->motto ?? '', + 'credits' => $this->credits ?? 0, + 'pixels' => $this->pixels ?? 0, + 'diamonds' => $this->diamonds ?? 0, + ]; + } +} diff --git a/app/Http/Resources/Api/UserBriefResource.php b/app/Http/Resources/Api/UserBriefResource.php new file mode 100755 index 0000000..d3ddb32 --- /dev/null +++ b/app/Http/Resources/Api/UserBriefResource.php @@ -0,0 +1,21 @@ + (string) $this->id, + 'username' => $this->username, + 'look' => $this->look, + ]; + } +} diff --git a/routes/admin.php b/routes/admin.php new file mode 100755 index 0000000..8b5996c --- /dev/null +++ b/routes/admin.php @@ -0,0 +1,22 @@ +group(function () { + Route::get('/radio/setup', [RadioSetupController::class, 'index'])->name('admin.radio.setup'); + Route::post('/radio/setup', [RadioSetupController::class, 'setup'])->name('admin.radio.setup.post'); +}); + +// Furni editor API +Route::prefix('api/admin/furni-editor')->middleware(['auth', 'admin.security', 'throttle:api'])->group(function () { + Route::get('/', [FurniEditorController::class, 'search']); + Route::post('/', [FurniEditorController::class, 'create']); + Route::get('/detail', [FurniEditorController::class, 'detail']); + Route::post('/update', [FurniEditorController::class, 'update']); + Route::post('/delete', [FurniEditorController::class, 'delete']); + Route::get('/interactions', [FurniEditorController::class, 'interactions']); + Route::get('/by-sprite', [FurniEditorController::class, 'bySprite']); +}); diff --git a/routes/auth.php b/routes/auth.php new file mode 100755 index 0000000..de85e0c --- /dev/null +++ b/routes/auth.php @@ -0,0 +1,61 @@ +group(function () { + Route::get('/google', [SocialAuthController::class, 'redirect'])->name('auth.google'); + Route::get('/google/callback', [SocialAuthController::class, 'callback'])->name('auth.google.callback'); + + Route::get('/discord', [SocialAuthController::class, 'redirect'])->name('auth.discord'); + Route::get('/discord/callback', [SocialAuthController::class, 'callback'])->name('auth.discord.callback'); + + Route::get('/github', [SocialAuthController::class, 'redirect'])->name('auth.github'); + Route::get('/github/callback', [SocialAuthController::class, 'callback'])->name('auth.github.callback'); + + Route::delete('/unlink/{provider}', [SocialAuthController::class, 'unlink'])->name('auth.unlink')->middleware('auth'); +}); + +// Registration +Route::middleware(['guest', 'throttle:60,1'])->group(function () { + Route::get('/register', [RegisteredUserController::class, 'create']); + Route::post('/register', [RegisteredUserController::class, 'store'])->name('register'); + Route::get('/register/{referral_code}', UserReferralController::class)->name('register.referral'); +}); + +// Password reset +Route::middleware(['guest', 'throttle:60,1'])->group(function () { + Route::get('forgot-password', ForgotPasswordController::class)->name('forgot.password.get'); + Route::post('forgot-password', [ForgotPasswordController::class, 'submitForgetPassword'])->name('forgot.password.post'); + Route::get('reset-password/{token}', [ForgotPasswordController::class, 'showResetPassword'])->name('reset.password.get'); + Route::post('reset-password/{token}', [ForgotPasswordController::class, 'submitResetPassword'])->name('reset.password.post'); +}); + +// Two factor challenge login +Route::get('/two-factor-challenge', static fn () => view('auth.two-factor-challenge'))->name('two-factor.login'); + +// Email verification resend +Route::post('/email/verification-notification', static function () { + request()->user()->sendEmailVerificationNotification(); + + return back()->with('status', 'verification-link-sent'); +})->middleware(['auth', 'throttle:6,1'])->name('verification.send'); + +// Two factor challenge with throttle +if (Features::enabled(Features::twoFactorAuthentication())) { + $twoFactorLimiter = config('fortify.limiters.two-factor'); + + Route::post('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'store']) + ->middleware( + array_filter([ + 'guest:' . config('fortify.guard'), + $twoFactorLimiter ? 'throttle:' . $twoFactorLimiter : null, + ]), + ); +} diff --git a/routes/client.php b/routes/client.php new file mode 100755 index 0000000..741eaa6 --- /dev/null +++ b/routes/client.php @@ -0,0 +1,16 @@ +middleware(['findretros.redirect', 'vpn.checker'])->group(function () { + Route::get('/nitro', NitroController::class)->name('nitro-client'); + Route::get('/flash', FlashController::class)->name('flash-client'); +}); + +// Logo generator +Route::get('/logo-generator', [LogoGeneratorController::class, 'index'])->name('logo-generator.index'); +Route::post('/logo-generator', [LogoGeneratorController::class, 'store'])->name('store.generated-logo'); diff --git a/routes/community.php b/routes/community.php new file mode 100755 index 0000000..cb94314 --- /dev/null +++ b/routes/community.php @@ -0,0 +1,84 @@ +group(function () { + // Public routes + Route::withoutMiddleware('auth')->group(function () { + Route::get('/photos', PhotosController::class)->name('photos.index'); + Route::get('/staff', StaffController::class)->name('staff.index'); + Route::get('/articles', [ArticleController::class, 'index'])->name('article.index'); + Route::get('/article/{article:slug}', [ArticleController::class, 'show'])->name('article.show'); + + Route::prefix('radio')->group(function () { + Route::get('/', [RadioController::class, 'index'])->name('radio.index'); + Route::get('/rooster', [RadioController::class, 'rooster'])->name('radio.rooster'); + Route::get('/punten', RadioLeaderboardController::class)->name('radio.leaderboard'); + }); + }); + + // Authenticated radio routes + Route::prefix('radio')->group(function () { + Route::get('/shouts', [RadioController::class, 'shouts'])->name('radio.shouts'); + Route::get('/dj-aanmelden', [RadioController::class, 'apply'])->name('radio.apply'); + Route::post('/dj-aanmelden', [RadioController::class, 'storeApplication'])->name('radio.apply.store'); + Route::post('/shouts', [RadioController::class, 'storeShout'])->name('radio.shouts.store'); + Route::post('/session/start', [RadioController::class, 'startSession'])->name('radio.session.start'); + Route::post('/session/end', [RadioController::class, 'endSession'])->name('radio.session.end'); + + Route::get('/requests', [RadioSongRequestController::class, 'index'])->name('radio.requests.index'); + Route::post('/requests', [RadioSongRequestController::class, 'store'])->name('radio.requests.store'); + Route::post('/requests/{songRequest}/vote', [RadioSongRequestController::class, 'vote'])->name('radio.requests.vote'); + + Route::get('/contests', [RadioContestController::class, 'index'])->name('radio.contests.index'); + Route::get('/contests/{contest}', [RadioContestController::class, 'show'])->name('radio.contests.show'); + + Route::get('/giveaways', [RadioGiveawayController::class, 'index'])->name('radio.giveaways.index'); + Route::get('/giveaways/{giveaway}', [RadioGiveawayController::class, 'show'])->name('radio.giveaways.show'); + }); + + Route::get('/teams', WebsiteTeamsController::class)->name('teams.index'); + Route::get('/draw-badge', [BadgeController::class, 'show'])->name('draw-badge'); + Route::post('/draw-badge/buy', [BadgeController::class, 'buy'])->name('badge.buy')->middleware('throttle:10,1'); + + Route::get('/staff-applications', [StaffApplicationsController::class, 'index'])->name('staff-applications.index'); + Route::get('/staff-applications/{position}', [StaffApplicationsController::class, 'show'])->name('staff-applications.show'); + Route::post('/staff-applications/{position}', [StaffApplicationsController::class, 'store'])->name('staff-applications.store'); + + Route::get('/team-applications', [WebsiteTeamApplicationsController::class, 'index'])->name('team-applications.index'); + Route::get('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'show'])->name('team-applications.show'); + Route::post('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'store'])->name('team-applications.store'); + + Route::post('/article/{article:slug}/comment', [WebsiteArticleCommentsController::class, 'store'])->name('article.comment.store'); + Route::delete('/article/{comment}/comment', [WebsiteArticleCommentsController::class, 'destroy'])->name('article.comment.destroy'); + Route::post('/article/{article:slug}/toggle-reaction', [ArticleController::class, 'toggleReaction']) + ->name('article.toggle-reaction') + ->middleware('throttle:100,1'); +}); + +// Leaderboard (public) +Route::withoutMiddleware('auth')->group(function () { + Route::get('/leaderboard', LeaderboardController::class)->name('leaderboard.index'); +}); + +// Rare values +Route::get('/values', [WebsiteRareValuesController::class, 'index'])->name('values.index'); +Route::post('/values/search', [WebsiteRareValuesController::class, 'search'])->name('values.search'); +Route::get('/values/category/{id}', [WebsiteRareValuesController::class, 'category'])->name('values.category'); +Route::get('/values/{value}', [WebsiteRareValuesController::class, 'value'])->name('values.value'); diff --git a/routes/help-center.php b/routes/help-center.php new file mode 100755 index 0000000..d99dea2 --- /dev/null +++ b/routes/help-center.php @@ -0,0 +1,31 @@ +as('help-center.')->group(function () { + Route::get('/', HelpCenterController::class)->name('index')->withoutMiddleware(['auth', 'check.ban']); + + Route::prefix('tickets')->as('ticket.')->middleware('auth')->withoutMiddleware('check.ban')->group(function () { + Route::get('/create', [TicketController::class, 'create'])->name('create'); + Route::post('/store', [TicketController::class, 'store'])->name('store'); + + Route::get('/show/{ticket}', [TicketController::class, 'show'])->name('show'); + Route::get('/edit/{ticket}', [TicketController::class, 'edit'])->name('edit'); + Route::put('/edit/{ticket}', [TicketController::class, 'update'])->name('update'); + Route::delete('/delete/{ticket}', [TicketController::class, 'destroy'])->name('destroy'); + + Route::put('/toggle-status/{ticket}', [TicketController::class, 'toggleTicketStatus'])->name('toggle-status'); + + Route::post('/reply/{ticket}/store', [TicketReplyController::class, 'store'])->name('reply.store')->middleware('throttle:30,1'); + Route::delete('/reply/{reply}/delete', [TicketController::class, 'destroyReply'])->name('reply.destroy'); + + Route::get('/all', [TicketController::class, 'index'])->name('index'); + }); + + Route::get('/rules', WebsiteRulesController::class)->name('rules.index')->withoutMiddleware('auth'); +}); diff --git a/routes/shop.php b/routes/shop.php new file mode 100755 index 0000000..4100e2c --- /dev/null +++ b/routes/shop.php @@ -0,0 +1,20 @@ +group(function () { + Route::get('/{category:slug?}', ShopController::class)->name('shop.index')->withoutMiddleware('auth'); + Route::post('/purchase/{package}', [ShopController::class, 'purchase'])->name('shop.buy')->middleware('throttle:10,1'); + Route::post('/voucher', ShopVoucherController::class)->name('shop.use-voucher')->middleware('throttle:10,1'); +}); + +// PayPal routes +Route::controller(PayPalController::class)->prefix('paypal')->group(function () { + Route::get('/process-transaction', 'process')->name('paypal.process-transaction'); + Route::get('/successful-transaction', 'successful')->name('paypal.successful-transaction'); + Route::get('/cancelled-transaction', 'cancelled')->name('paypal.cancelled-transaction'); +}); diff --git a/routes/user.php b/routes/user.php new file mode 100755 index 0000000..f37c477 --- /dev/null +++ b/routes/user.php @@ -0,0 +1,45 @@ +group(function () { + Route::get('/me', MeController::class)->name('me.show'); + Route::get('/claim/referral-reward', ReferralController::class)->name('claim.referral-reward'); + + // Public profile + Route::withoutMiddleware('auth')->group(function () { + Route::get('/profile/{user:username}', ProfileController::class)->name('profile.show'); + }); + + // Guestbook + Route::post('/profile/{user}/guestbook', [GuestbookController::class, 'store'])->name('guestbook.store'); + Route::delete('/profile/{user}/{guestbook}/delete', [GuestbookController::class, 'destroy'])->name('guestbook.destroy'); + + // Settings + Route::prefix('settings')->group(function () { + Route::get('/account', [AccountSettingsController::class, 'edit'])->name('settings.account.show'); + Route::put('/account', [AccountSettingsController::class, 'update'])->name('settings.account.update'); + + Route::get('/password', [PasswordSettingsController::class, 'edit'])->name('settings.password.show'); + Route::put('/password', [PasswordSettingsController::class, 'update'])->name('settings.password.update'); + + Route::get('/session-logs', [AccountSettingsController::class, 'sessionLogs'])->name('settings.session-logs'); + + Route::get('/two-factor', [TwoFactorAuthenticationController::class, 'index'])->name('settings.two-factor'); + Route::post('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'store'])->name('user.two-factor.enable'); + Route::post('/2fa-verify', [TwoFactorAuthenticationController::class, 'verify'])->name('two-factor.verify'); + Route::delete('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'destroy'])->name('user.two-factor.disable'); + + Route::get('/preferences', [PreferencesController::class, 'edit'])->name('settings.preferences.show'); + Route::put('/preferences', [PreferencesController::class, 'update'])->name('settings.preferences.update'); + }); +}); diff --git a/routes/web.php b/routes/web.php index 6b96a53..8dbdec5 100755 --- a/routes/web.php +++ b/routes/web.php @@ -1,70 +1,15 @@ name('language.select'); -// Social Login routes -Route::prefix('auth')->group(function () { - Route::get('/google', [SocialAuthController::class, 'redirect'])->name('auth.google'); - Route::get('/google/callback', [SocialAuthController::class, 'callback'])->name('auth.google.callback'); - - Route::get('/discord', [SocialAuthController::class, 'redirect'])->name('auth.discord'); - Route::get('/discord/callback', [SocialAuthController::class, 'callback'])->name('auth.discord.callback'); - - Route::get('/github', [SocialAuthController::class, 'redirect'])->name('auth.github'); - Route::get('/github/callback', [SocialAuthController::class, 'callback'])->name('auth.github.callback'); - - Route::delete('/unlink/{provider}', [SocialAuthController::class, 'unlink'])->name('auth.unlink')->middleware('auth'); -}); - // Installation routes Route::prefix('installation')->controller(InstallationController::class)->group(function () { Route::get('/', 'index')->name('installation.index'); @@ -85,37 +30,14 @@ Route::middleware(['maintenance', 'check.ban', 'force.staff.2fa'])->group(functi // Banned route Route::get('/banned', BannedController::class)->name('banned.show'); - // Exceptions to the 2FA check and must only be visited if not logged in + // Home routes (guest only) Route::middleware(['guest', 'throttle:60,1'])->withoutMiddleware('force.staff.2fa')->group(function () { Route::get('/login', static fn () => to_route('welcome'))->name('login'); Route::get('/', HomeController::class)->name('welcome'); Route::get('/home', HomeController::class)->name('home'); - - Route::get('/register', [RegisteredUserController::class, 'create']); - - Route::post('/register', [RegisteredUserController::class, 'store']) - ->name('register'); - - Route::get('/register/{referral_code}', UserReferralController::class)->name('register.referral'); - - // Password - Route::get('forgot-password', ForgotPasswordController::class)->name('forgot.password.get'); - Route::post('forgot-password', [ForgotPasswordController::class, 'submitForgetPassword'])->name('forgot.password.post'); - Route::get('reset-password/{token}', [ForgotPasswordController::class, 'showResetPassword'])->name('reset.password.get'); - Route::post('reset-password/{token}', [ForgotPasswordController::class, 'submitResetPassword'])->name('reset.password.post'); - - // Two factor challenge login - Route::get('/two-factor-challenge', static fn () => view('auth.two-factor-challenge'))->name('two-factor.login'); - - // Email verification resend - Route::post('/email/verification-notification', static function () { - request()->user()->sendEmailVerificationNotification(); - - return back()->with('status', 'verification-link-sent'); - })->middleware(['auth', 'throttle:6,1'])->name('verification.send'); }); - // Logout route - must be accessible when logged in + // Logout route Route::post('/logout', static function () { auth()->guard('web')->logout(); session()->invalidate(); @@ -124,193 +46,16 @@ Route::middleware(['maintenance', 'check.ban', 'force.staff.2fa'])->group(functi return redirect('/'); })->name('logout'); - // Can only be accessed if logged in + // Authenticated routes Route::middleware('auth')->group(function () { - Route::prefix('user')->group(function () { - Route::get('/me', MeController::class)->name('me.show'); - Route::get('/claim/referral-reward', ReferralController::class)->name('claim.referral-reward'); - - // User routes that can be accessed without auth (for public profiles) - Route::withoutMiddleware('auth')->group(function () { - Route::get('/profile/{user:username}', ProfileController::class)->name('profile.show'); - }); - - // Guestbook routes - Route::post('/profile/{user}/guestbook', [GuestbookController::class, 'store'])->name('guestbook.store'); - Route::delete('/profile/{user}/{guestbook}/delete', [GuestbookController::class, 'destroy'])->name('guestbook.destroy'); - - // User settings routes - Route::prefix('settings')->group(function () { - Route::get('/account', [AccountSettingsController::class, 'edit'])->name('settings.account.show'); - Route::put('/account', [AccountSettingsController::class, 'update'])->name('settings.account.update'); - - Route::get('/password', [PasswordSettingsController::class, 'edit'])->name('settings.password.show'); - Route::put('/password', [PasswordSettingsController::class, 'update'])->name('settings.password.update'); - - Route::get('/session-logs', [AccountSettingsController::class, 'sessionLogs'])->name('settings.session-logs'); - - Route::get('/two-factor', [TwoFactorAuthenticationController::class, 'index'])->name('settings.two-factor'); - Route::post('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'store'])->name('user.two-factor.enable'); - Route::post('/2fa-verify', [TwoFactorAuthenticationController::class, 'verify'])->name('two-factor.verify'); - Route::delete('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'destroy'])->name('user.two-factor.disable'); - - Route::get('/preferences', [PreferencesController::class, 'edit'])->name('settings.preferences.show'); - Route::put('/preferences', [PreferencesController::class, 'update'])->name('settings.preferences.update'); - }); - }); - - // Admin Radio Setup routes - Route::prefix('admin')->middleware(['auth'])->group(function () { - Route::get('/radio/setup', [RadioSetupController::class, 'index'])->name('admin.radio.setup'); - Route::post('/radio/setup', [RadioSetupController::class, 'setup'])->name('admin.radio.setup.post'); - - // Game Rewards Admin - - }); - - // Community routes - Route::prefix('community')->group(function () { - // Allowed to be visited without being logged in - Route::withoutMiddleware('auth')->group(function () { - Route::get('/photos', PhotosController::class)->name('photos.index'); - Route::get('/staff', StaffController::class)->name('staff.index'); - Route::get('/articles', [ArticleController::class, 'index'])->name('article.index'); - Route::get('/article/{article:slug}', [ArticleController::class, 'show'])->name('article.show'); - - // Radio routes accessible without auth - Route::prefix('radio')->group(function () { - Route::get('/', [RadioController::class, 'index'])->name('radio.index'); - Route::get('/rooster', [RadioController::class, 'rooster'])->name('radio.rooster'); - Route::get('/punten', RadioLeaderboardController::class)->name('radio.leaderboard'); - }); - }); - - // Radio routes that require auth - Route::prefix('radio')->group(function () { - Route::get('/shouts', [RadioController::class, 'shouts'])->name('radio.shouts'); - Route::get('/dj-aanmelden', [RadioController::class, 'apply'])->name('radio.apply'); - Route::post('/dj-aanmelden', [RadioController::class, 'storeApplication'])->name('radio.apply.store'); - Route::post('/shouts', [RadioController::class, 'storeShout'])->name('radio.shouts.store'); - - // DJ Session management - Route::post('/session/start', [RadioController::class, 'startSession'])->name('radio.session.start')->middleware('auth'); - Route::post('/session/end', [RadioController::class, 'endSession'])->name('radio.session.end')->middleware('auth'); - - // Requests - Route::get('/requests', [RadioSongRequestController::class, 'index'])->name('radio.requests.index'); - Route::post('/requests', [RadioSongRequestController::class, 'store'])->name('radio.requests.store'); - Route::post('/requests/{songRequest}/vote', [RadioSongRequestController::class, 'vote'])->name('radio.requests.vote'); - - // Contests - Route::get('/contests', [RadioContestController::class, 'index'])->name('radio.contests.index'); - Route::get('/contests/{contest}', [RadioContestController::class, 'show'])->name('radio.contests.show'); - - // Giveaways - Route::get('/giveaways', [RadioGiveawayController::class, 'index'])->name('radio.giveaways.index'); - Route::get('/giveaways/{giveaway}', [RadioGiveawayController::class, 'show'])->name('radio.giveaways.show'); - }); - - Route::get('/teams', WebsiteTeamsController::class)->name('teams.index'); - Route::get('/draw-badge', [BadgeController::class, 'show'])->name('draw-badge'); - Route::post('/draw-badge/buy', [BadgeController::class, 'buy'])->name('badge.buy')->middleware('throttle:10,1'); - - Route::get('/staff-applications', [StaffApplicationsController::class, 'index'])->name('staff-applications.index'); - Route::get('/staff-applications/{position}', [StaffApplicationsController::class, 'show'])->name('staff-applications.show'); - Route::post('/staff-applications/{position}', [StaffApplicationsController::class, 'store'])->name('staff-applications.store'); - - Route::get('/team-applications', [WebsiteTeamApplicationsController::class, 'index'])->name('team-applications.index'); - Route::get('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'show'])->name('team-applications.show'); - Route::post('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'store'])->name('team-applications.store'); - - Route::post('/article/{article:slug}/comment', [WebsiteArticleCommentsController::class, 'store'])->name('article.comment.store'); - Route::delete('/article/{comment}/comment', [WebsiteArticleCommentsController::class, 'destroy'])->name('article.comment.destroy'); - Route::post('/article/{article:slug}/toggle-reaction', [ArticleController::class, 'toggleReaction']) - ->name('article.toggle-reaction') - ->middleware('throttle:100,1'); - }); - - // Leaderboard route (accessible without auth) - Route::withoutMiddleware('auth')->group(function () { - Route::get('/leaderboard', LeaderboardController::class)->name('leaderboard.index'); - }); - - // Shop routes - Route::prefix('shop')->group(function () { - Route::get('/{category:slug?}', ShopController::class)->name('shop.index')->withoutMiddleware('auth'); - - Route::post('/purchase/{package}', [ShopController::class, 'purchase'])->name('shop.buy')->middleware('throttle:10,1'); - Route::post('/voucher', ShopVoucherController::class)->name('shop.use-voucher')->middleware('throttle:10,1'); - }); - - // Help center - Route::prefix('help-center')->as('help-center.')->group(function () { - Route::get('/', HelpCenterController::class)->name('index')->withoutMiddleware(['auth', 'check.ban']); - - Route::prefix('tickets')->as('ticket.')->middleware('auth')->withoutMiddleware('check.ban')->group(function () { - Route::get('/create', [TicketController::class, 'create'])->name('create'); - Route::post('/store', [TicketController::class, 'store'])->name('store'); - - Route::get('/show/{ticket}', [TicketController::class, 'show'])->name('show'); - Route::get('/edit/{ticket}', [TicketController::class, 'edit'])->name('edit'); - Route::put('/edit/{ticket}', [TicketController::class, 'update'])->name('update'); - Route::delete('/delete/{ticket}', [TicketController::class, 'destroy'])->name('destroy'); - - Route::put('/toggle-status/{ticket}', [TicketController::class, 'toggleTicketStatus'])->name('toggle-status'); - - Route::post('/reply/{ticket}/store', [TicketReplyController::class, 'store'])->name('reply.store')->middleware('throttle:30,1'); - Route::delete('/reply/{reply}/delete', [TicketController::class, 'destroyReply'])->name('reply.destroy'); - - // All open tickets - Route::get('/all', [TicketController::class, 'index'])->name('index'); - }); - - // Rules - Route::get('/rules', WebsiteRulesController::class)->name('rules.index')->withoutMiddleware('auth'); - }); - - // Rare values routes - Route::get('/values', [WebsiteRareValuesController::class, 'index'])->name('values.index'); - Route::post('/values/search', [WebsiteRareValuesController::class, 'search'])->name('values.search'); - Route::get('/values/category/{id}', [WebsiteRareValuesController::class, 'category'])->name('values.category'); - Route::get('/values/{value}', [WebsiteRareValuesController::class, 'value'])->name('values.value'); - - // Client route - Route::prefix('game')->middleware(['findretros.redirect', 'vpn.checker'])->group(function () { - Route::get('/nitro', NitroController::class)->name('nitro-client'); - Route::get('/flash', FlashController::class)->name('flash-client'); - }); - - // Logo generator - Route::get('/logo-generator', [LogoGeneratorController::class, 'index'])->name('logo-generator.index'); - Route::post('/logo-generator', [LogoGeneratorController::class, 'store'])->name('store.generated-logo'); - - // PayPal routes - Route::controller(PayPalController::class)->prefix('paypal')->group(function () { - Route::get('/process-transaction', 'process')->name('paypal.process-transaction'); - Route::get('/successful-transaction', 'successful')->name('paypal.successful-transaction'); - Route::get('/cancelled-transaction', 'cancelled')->name('paypal.cancelled-transaction'); - }); + require __DIR__ . '/user.php'; + require __DIR__ . '/community.php'; + require __DIR__ . '/shop.php'; + require __DIR__ . '/help-center.php'; + require __DIR__ . '/client.php'; + require __DIR__ . '/admin.php'; }); -}); - -if (Features::enabled(Features::twoFactorAuthentication())) { - $twoFactorLimiter = config('fortify.limiters.two-factor'); - - Route::post('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'store']) - ->middleware( - array_filter([ - 'guest:' . config('fortify.guard'), - $twoFactorLimiter ? 'throttle:' . $twoFactorLimiter : null, - ]), - ); -} - -Route::prefix('api/admin/furni-editor')->middleware(['auth', 'admin.security', 'throttle:api'])->group(function () { - Route::get('/', [FurniEditorController::class, 'search']); - Route::post('/', [FurniEditorController::class, 'create']); - Route::get('/detail', [FurniEditorController::class, 'detail']); - Route::post('/update', [FurniEditorController::class, 'update']); - Route::post('/delete', [FurniEditorController::class, 'delete']); - Route::get('/interactions', [FurniEditorController::class, 'interactions']); - Route::get('/by-sprite', [FurniEditorController::class, 'bySprite']); + + // Auth routes (mixed guest/auth) + require __DIR__ . '/auth.php'; });