remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: improve security, split routes, add API resources and FormRequests

Browse Source 
- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers
This commit is contained in:
root
2026-05-20 23:03:16 +02:00
parent 2f30a058a4
commit 75b78c17fa
26 changed files with 745 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Api/AuthController.php
+45 -100
View File
@@ -1,26 +1,30 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Actions\Fortify\CreateNewUser;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\ArticleCommentRequest;
use App\Http\Requests\Api\LoginRequest;
use App\Http\Requests\Api\RegisterRequest;
use App\Http\Requests\Api\UpdatePasswordRequest;
use App\Http\Requests\Api\UpdateUserRequest;
use App\Http\Resources\Api\ArticleResource;
use App\Http\Resources\Api\PhotoResource;
use App\Http\Resources\Api\UserApiResource;
use App\Models\Articles\WebsiteArticle;
use App\Models\Miscellaneous\CameraWeb;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;
class AuthController extends Controller
{
public function login(Request $request): JsonResponse
public function login(LoginRequest $request): JsonResponse
{
$request->validate([
'username' => ['required', 'string'],
'password' => ['required'],
]);
$username = $request->input('username');
$user = User::where('username', $username)
->orWhere('mail', $username)
@@ -29,16 +33,16 @@ class AuthController extends Controller
$credentialsValid = $user && Hash::check($request->input('password'), $user->password);
if (! $credentialsValid) {
Hash::make($request->input('password'));
Hash::check($request->input('password'), Hash::make('timing-attack-prevention'));
throw ValidationException::withMessages([
'email' => ['The provided credentials are incorrect.'],
'username' => ['The provided credentials are incorrect.'],
]);
}
if ($user->is_banned) {
throw ValidationException::withMessages([
'email' => ['Your account has been banned.'],
'username' => ['Your account has been banned.'],
]);
}
@@ -47,66 +51,31 @@ class AuthController extends Controller
$token = $user->createToken('auth-token')->plainTextToken;
return response()->json([
'user' => [
'id' => (string) $user->id,
'email' => $user->mail,
'username' => $user->username,
'look' => $user->look,
],
'user' => new UserApiResource($user),
'token' => $token,
]);
}
public function register(Request $request): JsonResponse
public function register(RegisterRequest $request): JsonResponse
{
$createNewUser = new CreateNewUser;
try {
$validated = $request->validate([
'username' => ['required', 'string', 'max:50'],
'password' => ['required', 'string', 'min:6'],
'mail' => ['required', 'email', 'max:255'],
'look' => ['nullable', 'string'],
'motto' => ['nullable', 'string', 'max:100'],
]);
$user = $createNewUser->create($request->validated());
$user = $createNewUser->create($validated);
$token = $user->createToken('auth-token')->plainTextToken;
return response()->json([
'user' => [
'id' => (string) $user->id,
'email' => $user->mail,
'username' => $user->username,
'look' => $user->look,
],
'token' => $token,
], 201);
} catch (ValidationException $e) {
return response()->json([
'errors' => $e->errors(),
], 422);
}
}
public function user(Request $request): JsonResponse
{
$user = $request->user();
$token = $user->createToken('auth-token')->plainTextToken;
return response()->json([
'id' => (string) $user->id,
'email' => $user->mail,
'username' => $user->username,
'look' => $user->look,
'motto' => $user->motto ?? '',
'credits' => $user->credits ?? 0,
'pixels' => $user->pixels ?? 0,
'diamonds' => $user->diamonds ?? 0,
]);
'user' => new UserApiResource($user),
'token' => $token,
], 201);
}
public function logout(Request $request): JsonResponse
public function user(\Illuminate\Http\Request $request): JsonResponse
{
return response()->json(new UserApiResource($request->user()));
}
public function logout(\Illuminate\Http\Request $request): JsonResponse
{
$request->user()->currentAccessToken()->delete();
@@ -118,69 +87,45 @@ class AuthController extends Controller
$articles = WebsiteArticle::with(['user:id,username,look'])
->latest('id')
->take(4)
->get()
->map(fn ($article) => [
'id' => $article->id,
'title' => $article->title,
'slug' => $article->slug,
'image' => $article->image,
'excerpt' => $article->excerpt,
'user' => $article->user,
'created_at' => $article->created_at,
]);
->get();
$photos = CameraWeb::query()
->latest('id')
->take(4)
->where('visible', true)
->with('user:id,username,look')
->get()
->map(fn ($photo) => [
'id' => $photo->id,
'image' => $photo->image,
'user' => $photo->user,
]);
->get();
return response()->json([
'articles' => $articles,
'photos' => $photos,
'articles' => ArticleResource::collection($articles),
'photos' => PhotoResource::collection($photos),
]);
}
public function updateUser(Request $request): JsonResponse
public function updateUser(UpdateUserRequest $request): JsonResponse
{
$user = $request->user();
$user->update($request->validated());
$validated = $request->validate([
'motto' => ['nullable', 'string', 'max:100'],
'look' => ['nullable', 'string'],
]);
$user->update($validated);
return response()->json([
'id' => (string) $user->id,
'email' => $user->mail,
'username' => $user->username,
'look' => $user->look,
'motto' => $user->motto,
'credits' => $user->credits,
'pixels' => $user->pixels,
'diamonds' => $user->diamonds,
]);
return response()->json(new UserApiResource($user));
}
public function articleComment(Request $request, string $slug): JsonResponse
public function updatePassword(UpdatePasswordRequest $request): JsonResponse
{
$request->user()->update([
'password' => Hash::make($request->input('password')),
]);
return response()->json(['message' => 'Password updated successfully']);
}
public function articleComment(ArticleCommentRequest $request, string $slug): JsonResponse
{
$article = WebsiteArticle::where('slug', $slug)->firstOrFail();
$validated = $request->validate([
'comment' => ['required', 'string', 'max:1000'],
]);
$comment = $article->comments()->create([
'user_id' => $request->user()->id,
'comment' => strip_tags((string) $validated['comment']),
'comment' => strip_tags((string) $request->input('comment')),
]);
return response()->json([
app/Http/Controllers/Api/HotelApiController.php
+27 -37
View File
@@ -1,8 +1,20 @@
<?php
declare(strict_types=1);
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\HelpTicketReplyRequest;
use App\Http\Requests\Api\HelpTicketRequest;
use App\Http\Requests\Api\PhotoUploadRequest;
use App\Http\Resources\Api\ArticleResource;
use App\Http\Resources\Api\HelpTicketResource;
use App\Http\Resources\Api\LeaderboardUserResource;
use App\Http\Resources\Api\PhotoResource;
use App\Http\Resources\Api\ShopPackageResource;
use App\Http\Resources\Api\UserApiResource;
use App\Http\Resources\Api\UserBriefResource;
use App\Models\Articles\WebsiteArticle;
use App\Models\Game\Furniture\CatalogItem;
use App\Models\Game\Furniture\CatalogPage;
@@ -61,7 +73,7 @@ class HotelApiController extends Controller
->paginate(12);
return response()->json([
'data' => $articles->items(),
'data' => ArticleResource::collection($articles),
'meta' => [
'current_page' => $articles->currentPage(),
'last_page' => $articles->lastPage(),
@@ -78,7 +90,7 @@ class HotelApiController extends Controller
->firstOrFail();
return response()->json([
'data' => $article,
'data' => new ArticleResource($article),
]);
}
@@ -90,7 +102,7 @@ class HotelApiController extends Controller
->paginate(12);
return response()->json([
'data' => $photos->items(),
'data' => PhotoResource::collection($photos),
'meta' => [
'current_page' => $photos->currentPage(),
'last_page' => $photos->lastPage(),
@@ -113,20 +125,8 @@ class HotelApiController extends Controller
{
$packages = WebsiteShopArticle::latest('id')->paginate(12);
$mapped = $packages->items()->map(fn ($pkg) => [
'id' => $pkg->id,
'title' => $pkg->name,
'description' => $pkg->description,
'price' => $pkg->price(),
'credits' => null,
'pixels' => null,
'diamonds' => null,
'image' => null,
'currency' => 'credits',
]);
return response()->json([
'data' => $mapped,
'data' => ShopPackageResource::collection($packages),
'meta' => [
'current_page' => $packages->currentPage(),
'last_page' => $packages->lastPage(),
@@ -175,7 +175,7 @@ class HotelApiController extends Controller
->get(['id', 'username', 'look', 'motto', 'credits', 'pixels']);
return response()->json([
'data' => $users,
'data' => LeaderboardUserResource::collection($users),
'type' => $type,
]);
}
@@ -249,7 +249,7 @@ class HotelApiController extends Controller
->paginate(10);
return response()->json([
'data' => $tickets->items(),
'data' => HelpTicketResource::collection($tickets),
'meta' => [
'current_page' => $tickets->currentPage(),
'last_page' => $tickets->lastPage(),
@@ -264,16 +264,12 @@ class HotelApiController extends Controller
->where('id', $id)
->firstOrFail();
return response()->json(['data' => $ticket]);
return response()->json(['data' => new HelpTicketResource($ticket)]);
}
public function helpTicketCreate(Request $request): JsonResponse
public function helpTicketCreate(HelpTicketRequest $request): JsonResponse
{
$validated = $request->validate([
'subject' => ['required', 'string', 'max:200'],
'category' => ['required', 'string', 'max:100'],
'message' => ['required', 'string', 'max:5000'],
]);
$validated = $request->validated();
$ticket = WebsiteHelpCenterTicket::create([
'user_id' => $request->user()->id,
@@ -287,32 +283,26 @@ class HotelApiController extends Controller
'message' => $validated['message'],
]);
return response()->json(['data' => $ticket], 201);
return response()->json(['data' => new HelpTicketResource($ticket)], 201);
}
public function helpTicketReply(Request $request, string $id): JsonResponse
public function helpTicketReply(HelpTicketReplyRequest $request, string $id): JsonResponse
{
$validated = $request->validate(['message' => 'required', 'string', 'max:5000']);
$ticket = WebsiteHelpCenterTicket::where('id', $id)
->where('user_id', $request->user()->id)
->firstOrFail();
$reply = $ticket->replies()->create([
'user_id' => $request->user()->id,
'message' => $validated['message'],
'message' => $request->input('message'),
]);
return response()->json(['data' => $reply->load('user:id,username,look')], 201);
}
public function uploadPhoto(Request $request): JsonResponse
public function uploadPhoto(PhotoUploadRequest $request): JsonResponse
{
$validated = $request->validate([
'image' => ['required', 'image', 'max:5120'],
]);
$path = $validated['image']->store('photos', 'public');
$path = $request->file('image')->store('photos', 'public');
$photo = CameraWeb::create([
'user_id' => $request->user()->id,
@@ -320,7 +310,7 @@ class HotelApiController extends Controller
'visible' => true,
]);
return response()->json(['data' => $photo], 201);
return response()->json(['data' => new PhotoResource($photo)], 201);
}
public function purchasePackage(Request $request, int $packageId): JsonResponse
app/Http/Requests/Api/ArticleCommentRequest.php
Executable
+23
View File
@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use App\Rules\WebsiteWordfilterRule;
use Illuminate\Foundation\Http\FormRequest;
class ArticleCommentRequest extends FormRequest
{
public function rules(): array
{
return [
'comment' => ['required', 'string', 'max:1000', new WebsiteWordfilterRule],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/HelpTicketReplyRequest.php
Executable
+22
View File
@@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class HelpTicketReplyRequest extends FormRequest
{
public function rules(): array
{
return [
'message' => ['required', 'string', 'max:5000'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/HelpTicketRequest.php
Executable
+24
View File
@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class HelpTicketRequest extends FormRequest
{
public function rules(): array
{
return [
'subject' => ['required', 'string', 'max:200'],
'category' => ['required', 'string', 'max:100'],
'message' => ['required', 'string', 'max:5000'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/LoginRequest.php
Executable
+23
View File
@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class LoginRequest extends FormRequest
{
public function rules(): array
{
return [
'username' => ['required', 'string'],
'password' => ['required'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/PhotoUploadRequest.php
Executable
+22
View File
@@ -0,0 +1,22 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class PhotoUploadRequest extends FormRequest
{
public function rules(): array
{
return [
'image' => ['required', 'image', 'max:5120'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/RegisterRequest.php
Executable
+26
View File
@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class RegisterRequest extends FormRequest
{
public function rules(): array
{
return [
'username' => ['required', 'string', 'max:50'],
'password' => ['required', 'string', 'min:6'],
'mail' => ['required', 'email', 'max:255'],
'look' => ['nullable', 'string'],
'motto' => ['nullable', 'string', 'max:100'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/UpdatePasswordRequest.php
Executable
+24
View File
@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rules\Password;
class UpdatePasswordRequest extends FormRequest
{
public function rules(): array
{
return [
'current_password' => ['required', 'current_password'],
'password' => ['required', 'string', 'min:6', 'confirmed'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Requests/Api/UpdateUserRequest.php
Executable
+23
View File
@@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace App\Http\Requests\Api;
use Illuminate\Foundation\Http\FormRequest;
class UpdateUserRequest extends FormRequest
{
public function rules(): array
{
return [
'motto' => ['nullable', 'string', 'max:100'],
'look' => ['nullable', 'string'],
];
}
public function authorize(): bool
{
return true;
}
}
app/Http/Resources/Api/ArticleResource.php
Executable
+25
View File
@@ -0,0 +1,25 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class ArticleResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'title' => $this->title,
'slug' => $this->slug,
'image' => $this->image,
'excerpt' => $this->excerpt,
'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
'created_at' => $this->created_at,
];
}
}
app/Http/Resources/Api/HelpTicketReplyResource.php
Executable
+24
View File
@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class HelpTicketReplyResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'ticket_id' => $this->ticket_id,
'user_id' => $this->user_id,
'message' => $this->message,
'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
'created_at' => $this->created_at,
];
}
}
app/Http/Resources/Api/HelpTicketResource.php
Executable
+27
View File
@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class HelpTicketResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'user_id' => $this->user_id,
'subject' => $this->subject,
'category' => $this->category,
'status' => $this->status,
'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
'replies' => $this->whenLoaded('replies', fn () => HelpTicketReplyResource::collection($this->replies)),
'created_at' => $this->created_at,
'updated_at' => $this->updated_at,
];
}
}
app/Http/Resources/Api/LeaderboardUserResource.php
Executable
+24
View File
@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class LeaderboardUserResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => (string) $this->id,
'username' => $this->username,
'look' => $this->look,
'motto' => $this->motto,
'credits' => $this->credits,
'pixels' => $this->pixels,
];
}
}
app/Http/Resources/Api/PhotoResource.php
Executable
+21
View File
@@ -0,0 +1,21 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class PhotoResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'image' => $this->image,
'user' => $this->whenLoaded('user', fn () => new UserBriefResource($this->user)),
];
}
}
app/Http/Resources/Api/ShopPackageResource.php
Executable
+27
View File
@@ -0,0 +1,27 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class ShopPackageResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'title' => $this->name,
'description' => $this->description,
'price' => $this->price(),
'credits' => null,
'pixels' => null,
'diamonds' => null,
'image' => null,
'currency' => 'credits',
];
}
}
app/Http/Resources/Api/UserApiResource.php
Executable
+26
View File
@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class UserApiResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => (string) $this->id,
'email' => $this->mail,
'username' => $this->username,
'look' => $this->look,
'motto' => $this->motto ?? '',
'credits' => $this->credits ?? 0,
'pixels' => $this->pixels ?? 0,
'diamonds' => $this->diamonds ?? 0,
];
}
}
app/Http/Resources/Api/UserBriefResource.php
Executable
+21
View File
@@ -0,0 +1,21 @@
<?php
declare(strict_types=1);
namespace App\Http\Resources\Api;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class UserBriefResource extends JsonResource
{
#[\Override]
public function toArray(Request $request): array
{
return [
'id' => (string) $this->id,
'username' => $this->username,
'look' => $this->look,
];
}
}
routes/admin.php
Executable
+22
View File
@@ -0,0 +1,22 @@
<?php
use App\Http\Controllers\Admin\RadioSetupController;
use App\Http\Controllers\Api\FurniEditorController;
use Illuminate\Support\Facades\Route;
// Admin radio setup
Route::prefix('admin')->group(function () {
Route::get('/radio/setup', [RadioSetupController::class, 'index'])->name('admin.radio.setup');
Route::post('/radio/setup', [RadioSetupController::class, 'setup'])->name('admin.radio.setup.post');
});
// Furni editor API
Route::prefix('api/admin/furni-editor')->middleware(['auth', 'admin.security', 'throttle:api'])->group(function () {
Route::get('/', [FurniEditorController::class, 'search']);
Route::post('/', [FurniEditorController::class, 'create']);
Route::get('/detail', [FurniEditorController::class, 'detail']);
Route::post('/update', [FurniEditorController::class, 'update']);
Route::post('/delete', [FurniEditorController::class, 'delete']);
Route::get('/interactions', [FurniEditorController::class, 'interactions']);
Route::get('/by-sprite', [FurniEditorController::class, 'bySprite']);
});
routes/auth.php
Executable
+61
View File
@@ -0,0 +1,61 @@
<?php
use App\Http\Controllers\Auth\SocialAuthController;
use Illuminate\Support\Facades\Route;
use Laravel\Fortify\Features;
use Laravel\Fortify\Http\Controllers\RegisteredUserController;
use App\Actions\Fortify\Controllers\TwoFactorAuthenticatedSessionController;
use App\Http\Controllers\User\ForgotPasswordController;
use App\Http\Controllers\User\UserReferralController;
// Social Login routes
Route::prefix('auth')->group(function () {
Route::get('/google', [SocialAuthController::class, 'redirect'])->name('auth.google');
Route::get('/google/callback', [SocialAuthController::class, 'callback'])->name('auth.google.callback');
Route::get('/discord', [SocialAuthController::class, 'redirect'])->name('auth.discord');
Route::get('/discord/callback', [SocialAuthController::class, 'callback'])->name('auth.discord.callback');
Route::get('/github', [SocialAuthController::class, 'redirect'])->name('auth.github');
Route::get('/github/callback', [SocialAuthController::class, 'callback'])->name('auth.github.callback');
Route::delete('/unlink/{provider}', [SocialAuthController::class, 'unlink'])->name('auth.unlink')->middleware('auth');
});
// Registration
Route::middleware(['guest', 'throttle:60,1'])->group(function () {
Route::get('/register', [RegisteredUserController::class, 'create']);
Route::post('/register', [RegisteredUserController::class, 'store'])->name('register');
Route::get('/register/{referral_code}', UserReferralController::class)->name('register.referral');
});
// Password reset
Route::middleware(['guest', 'throttle:60,1'])->group(function () {
Route::get('forgot-password', ForgotPasswordController::class)->name('forgot.password.get');
Route::post('forgot-password', [ForgotPasswordController::class, 'submitForgetPassword'])->name('forgot.password.post');
Route::get('reset-password/{token}', [ForgotPasswordController::class, 'showResetPassword'])->name('reset.password.get');
Route::post('reset-password/{token}', [ForgotPasswordController::class, 'submitResetPassword'])->name('reset.password.post');
});
// Two factor challenge login
Route::get('/two-factor-challenge', static fn () => view('auth.two-factor-challenge'))->name('two-factor.login');
// Email verification resend
Route::post('/email/verification-notification', static function () {
request()->user()->sendEmailVerificationNotification();
return back()->with('status', 'verification-link-sent');
})->middleware(['auth', 'throttle:6,1'])->name('verification.send');
// Two factor challenge with throttle
if (Features::enabled(Features::twoFactorAuthentication())) {
$twoFactorLimiter = config('fortify.limiters.two-factor');
Route::post('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'store'])
->middleware(
array_filter([
'guest:' . config('fortify.guard'),
$twoFactorLimiter ? 'throttle:' . $twoFactorLimiter : null,
]),
);
}
routes/client.php
Executable
+16
View File
@@ -0,0 +1,16 @@
<?php
use App\Http\Controllers\Client\FlashController;
use App\Http\Controllers\Client\NitroController;
use App\Http\Controllers\Miscellaneous\LogoGeneratorController;
use Illuminate\Support\Facades\Route;
// Client routes
Route::prefix('game')->middleware(['findretros.redirect', 'vpn.checker'])->group(function () {
Route::get('/nitro', NitroController::class)->name('nitro-client');
Route::get('/flash', FlashController::class)->name('flash-client');
});
// Logo generator
Route::get('/logo-generator', [LogoGeneratorController::class, 'index'])->name('logo-generator.index');
Route::post('/logo-generator', [LogoGeneratorController::class, 'store'])->name('store.generated-logo');
routes/community.php
Executable
+84
View File
@@ -0,0 +1,84 @@
<?php
use App\Http\Controllers\Articles\ArticleController;
use App\Http\Controllers\Articles\WebsiteArticleCommentsController;
use App\Http\Controllers\Badge\BadgeController;
use App\Http\Controllers\Community\LeaderboardController;
use App\Http\Controllers\Community\PhotosController;
use App\Http\Controllers\Community\RadioController;
use App\Http\Controllers\Community\RadioLeaderboardController;
use App\Http\Controllers\Community\Staff\StaffApplicationsController;
use App\Http\Controllers\Community\Staff\StaffController;
use App\Http\Controllers\Community\Staff\WebsiteTeamApplicationsController;
use App\Http\Controllers\Community\Staff\WebsiteTeamsController;
use App\Http\Controllers\Community\WebsiteRareValuesController;
use App\Http\Controllers\RadioContestController;
use App\Http\Controllers\RadioGiveawayController;
use App\Http\Controllers\RadioSongRequestController;
use Illuminate\Support\Facades\Route;
// Community routes
Route::prefix('community')->group(function () {
// Public routes
Route::withoutMiddleware('auth')->group(function () {
Route::get('/photos', PhotosController::class)->name('photos.index');
Route::get('/staff', StaffController::class)->name('staff.index');
Route::get('/articles', [ArticleController::class, 'index'])->name('article.index');
Route::get('/article/{article:slug}', [ArticleController::class, 'show'])->name('article.show');
Route::prefix('radio')->group(function () {
Route::get('/', [RadioController::class, 'index'])->name('radio.index');
Route::get('/rooster', [RadioController::class, 'rooster'])->name('radio.rooster');
Route::get('/punten', RadioLeaderboardController::class)->name('radio.leaderboard');
});
});
// Authenticated radio routes
Route::prefix('radio')->group(function () {
Route::get('/shouts', [RadioController::class, 'shouts'])->name('radio.shouts');
Route::get('/dj-aanmelden', [RadioController::class, 'apply'])->name('radio.apply');
Route::post('/dj-aanmelden', [RadioController::class, 'storeApplication'])->name('radio.apply.store');
Route::post('/shouts', [RadioController::class, 'storeShout'])->name('radio.shouts.store');
Route::post('/session/start', [RadioController::class, 'startSession'])->name('radio.session.start');
Route::post('/session/end', [RadioController::class, 'endSession'])->name('radio.session.end');
Route::get('/requests', [RadioSongRequestController::class, 'index'])->name('radio.requests.index');
Route::post('/requests', [RadioSongRequestController::class, 'store'])->name('radio.requests.store');
Route::post('/requests/{songRequest}/vote', [RadioSongRequestController::class, 'vote'])->name('radio.requests.vote');
Route::get('/contests', [RadioContestController::class, 'index'])->name('radio.contests.index');
Route::get('/contests/{contest}', [RadioContestController::class, 'show'])->name('radio.contests.show');
Route::get('/giveaways', [RadioGiveawayController::class, 'index'])->name('radio.giveaways.index');
Route::get('/giveaways/{giveaway}', [RadioGiveawayController::class, 'show'])->name('radio.giveaways.show');
});
Route::get('/teams', WebsiteTeamsController::class)->name('teams.index');
Route::get('/draw-badge', [BadgeController::class, 'show'])->name('draw-badge');
Route::post('/draw-badge/buy', [BadgeController::class, 'buy'])->name('badge.buy')->middleware('throttle:10,1');
Route::get('/staff-applications', [StaffApplicationsController::class, 'index'])->name('staff-applications.index');
Route::get('/staff-applications/{position}', [StaffApplicationsController::class, 'show'])->name('staff-applications.show');
Route::post('/staff-applications/{position}', [StaffApplicationsController::class, 'store'])->name('staff-applications.store');
Route::get('/team-applications', [WebsiteTeamApplicationsController::class, 'index'])->name('team-applications.index');
Route::get('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'show'])->name('team-applications.show');
Route::post('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'store'])->name('team-applications.store');
Route::post('/article/{article:slug}/comment', [WebsiteArticleCommentsController::class, 'store'])->name('article.comment.store');
Route::delete('/article/{comment}/comment', [WebsiteArticleCommentsController::class, 'destroy'])->name('article.comment.destroy');
Route::post('/article/{article:slug}/toggle-reaction', [ArticleController::class, 'toggleReaction'])
->name('article.toggle-reaction')
->middleware('throttle:100,1');
});
// Leaderboard (public)
Route::withoutMiddleware('auth')->group(function () {
Route::get('/leaderboard', LeaderboardController::class)->name('leaderboard.index');
});
// Rare values
Route::get('/values', [WebsiteRareValuesController::class, 'index'])->name('values.index');
Route::post('/values/search', [WebsiteRareValuesController::class, 'search'])->name('values.search');
Route::get('/values/category/{id}', [WebsiteRareValuesController::class, 'category'])->name('values.category');
Route::get('/values/{value}', [WebsiteRareValuesController::class, 'value'])->name('values.value');
routes/help-center.php
Executable
+31
View File
@@ -0,0 +1,31 @@
<?php
use App\Http\Controllers\Help\HelpCenterController;
use App\Http\Controllers\Help\TicketController;
use App\Http\Controllers\Help\TicketReplyController;
use App\Http\Controllers\Help\WebsiteRulesController;
use Illuminate\Support\Facades\Route;
// Help center
Route::prefix('help-center')->as('help-center.')->group(function () {
Route::get('/', HelpCenterController::class)->name('index')->withoutMiddleware(['auth', 'check.ban']);
Route::prefix('tickets')->as('ticket.')->middleware('auth')->withoutMiddleware('check.ban')->group(function () {
Route::get('/create', [TicketController::class, 'create'])->name('create');
Route::post('/store', [TicketController::class, 'store'])->name('store');
Route::get('/show/{ticket}', [TicketController::class, 'show'])->name('show');
Route::get('/edit/{ticket}', [TicketController::class, 'edit'])->name('edit');
Route::put('/edit/{ticket}', [TicketController::class, 'update'])->name('update');
Route::delete('/delete/{ticket}', [TicketController::class, 'destroy'])->name('destroy');
Route::put('/toggle-status/{ticket}', [TicketController::class, 'toggleTicketStatus'])->name('toggle-status');
Route::post('/reply/{ticket}/store', [TicketReplyController::class, 'store'])->name('reply.store')->middleware('throttle:30,1');
Route::delete('/reply/{reply}/delete', [TicketController::class, 'destroyReply'])->name('reply.destroy');
Route::get('/all', [TicketController::class, 'index'])->name('index');
});
Route::get('/rules', WebsiteRulesController::class)->name('rules.index')->withoutMiddleware('auth');
});
routes/shop.php
Executable
+20
View File
@@ -0,0 +1,20 @@
<?php
use App\Http\Controllers\Shop\PayPalController;
use App\Http\Controllers\Shop\ShopController;
use App\Http\Controllers\Shop\ShopVoucherController;
use Illuminate\Support\Facades\Route;
// Shop routes
Route::prefix('shop')->group(function () {
Route::get('/{category:slug?}', ShopController::class)->name('shop.index')->withoutMiddleware('auth');
Route::post('/purchase/{package}', [ShopController::class, 'purchase'])->name('shop.buy')->middleware('throttle:10,1');
Route::post('/voucher', ShopVoucherController::class)->name('shop.use-voucher')->middleware('throttle:10,1');
});
// PayPal routes
Route::controller(PayPalController::class)->prefix('paypal')->group(function () {
Route::get('/process-transaction', 'process')->name('paypal.process-transaction');
Route::get('/successful-transaction', 'successful')->name('paypal.successful-transaction');
Route::get('/cancelled-transaction', 'cancelled')->name('paypal.cancelled-transaction');
});
routes/user.php
Executable
+45
View File
@@ -0,0 +1,45 @@
<?php
use App\Http\Controllers\User\AccountSettingsController;
use App\Http\Controllers\User\GuestbookController;
use App\Http\Controllers\User\MeController;
use App\Http\Controllers\User\PasswordSettingsController;
use App\Http\Controllers\User\PreferencesController;
use App\Http\Controllers\User\ProfileController;
use App\Http\Controllers\User\ReferralController;
use App\Http\Controllers\User\TwoFactorAuthenticationController;
use Illuminate\Support\Facades\Route;
// User routes
Route::prefix('user')->group(function () {
Route::get('/me', MeController::class)->name('me.show');
Route::get('/claim/referral-reward', ReferralController::class)->name('claim.referral-reward');
// Public profile
Route::withoutMiddleware('auth')->group(function () {
Route::get('/profile/{user:username}', ProfileController::class)->name('profile.show');
});
// Guestbook
Route::post('/profile/{user}/guestbook', [GuestbookController::class, 'store'])->name('guestbook.store');
Route::delete('/profile/{user}/{guestbook}/delete', [GuestbookController::class, 'destroy'])->name('guestbook.destroy');
// Settings
Route::prefix('settings')->group(function () {
Route::get('/account', [AccountSettingsController::class, 'edit'])->name('settings.account.show');
Route::put('/account', [AccountSettingsController::class, 'update'])->name('settings.account.update');
Route::get('/password', [PasswordSettingsController::class, 'edit'])->name('settings.password.show');
Route::put('/password', [PasswordSettingsController::class, 'update'])->name('settings.password.update');
Route::get('/session-logs', [AccountSettingsController::class, 'sessionLogs'])->name('settings.session-logs');
Route::get('/two-factor', [TwoFactorAuthenticationController::class, 'index'])->name('settings.two-factor');
Route::post('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'store'])->name('user.two-factor.enable');
Route::post('/2fa-verify', [TwoFactorAuthenticationController::class, 'verify'])->name('two-factor.verify');
Route::delete('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'destroy'])->name('user.two-factor.disable');
Route::get('/preferences', [PreferencesController::class, 'edit'])->name('settings.preferences.show');
Route::put('/preferences', [PreferencesController::class, 'update'])->name('settings.preferences.update');
});
});
routes/web.php
+12 -267
View File
@@ -1,70 +1,15 @@
<?php
use App\Actions\Fortify\Controllers\TwoFactorAuthenticatedSessionController;
use App\Http\Controllers\Admin\RadioSetupController;
use App\Http\Controllers\Api\FurniEditorController;
use App\Http\Controllers\Articles\ArticleController;
use App\Http\Controllers\Articles\WebsiteArticleCommentsController;
use App\Http\Controllers\Auth\SocialAuthController;
use App\Http\Controllers\Badge\BadgeController;
use App\Http\Controllers\Client\FlashController;
use App\Http\Controllers\Client\NitroController;
use App\Http\Controllers\Community\LeaderboardController;
use App\Http\Controllers\Community\PhotosController;
use App\Http\Controllers\Community\RadioController;
use App\Http\Controllers\Community\RadioLeaderboardController;
use App\Http\Controllers\Community\Staff\StaffApplicationsController;
use App\Http\Controllers\Community\Staff\StaffController;
use App\Http\Controllers\Community\Staff\WebsiteTeamApplicationsController;
use App\Http\Controllers\Community\Staff\WebsiteTeamsController;
use App\Http\Controllers\Community\WebsiteRareValuesController;
use App\Http\Controllers\Help\HelpCenterController;
use App\Http\Controllers\Help\TicketController;
use App\Http\Controllers\Help\TicketReplyController;
use App\Http\Controllers\Help\WebsiteRulesController;
use App\Http\Controllers\Miscellaneous\HomeController;
use App\Http\Controllers\Miscellaneous\InstallationController;
use App\Http\Controllers\Miscellaneous\LocaleController;
use App\Http\Controllers\Miscellaneous\LogoGeneratorController;
use App\Http\Controllers\Miscellaneous\MaintenanceController;
use App\Http\Controllers\RadioContestController;
use App\Http\Controllers\RadioGiveawayController;
use App\Http\Controllers\RadioSongRequestController;
use App\Http\Controllers\Shop\PayPalController;
use App\Http\Controllers\Shop\ShopController;
use App\Http\Controllers\Shop\ShopVoucherController;
use App\Http\Controllers\User\AccountSettingsController;
use App\Http\Controllers\User\BannedController;
use App\Http\Controllers\User\ForgotPasswordController;
use App\Http\Controllers\User\GuestbookController;
use App\Http\Controllers\User\MeController;
use App\Http\Controllers\User\PasswordSettingsController;
use App\Http\Controllers\User\PreferencesController;
use App\Http\Controllers\User\ProfileController;
use App\Http\Controllers\User\ReferralController;
use App\Http\Controllers\User\TwoFactorAuthenticationController;
use App\Http\Controllers\User\UserReferralController;
use Illuminate\Support\Facades\Route;
use Laravel\Fortify\Features;
use Laravel\Fortify\Http\Controllers\RegisteredUserController;
// Language route
Route::get('/language/{locale}', LocaleController::class)->name('language.select');
// Social Login routes
Route::prefix('auth')->group(function () {
Route::get('/google', [SocialAuthController::class, 'redirect'])->name('auth.google');
Route::get('/google/callback', [SocialAuthController::class, 'callback'])->name('auth.google.callback');
Route::get('/discord', [SocialAuthController::class, 'redirect'])->name('auth.discord');
Route::get('/discord/callback', [SocialAuthController::class, 'callback'])->name('auth.discord.callback');
Route::get('/github', [SocialAuthController::class, 'redirect'])->name('auth.github');
Route::get('/github/callback', [SocialAuthController::class, 'callback'])->name('auth.github.callback');
Route::delete('/unlink/{provider}', [SocialAuthController::class, 'unlink'])->name('auth.unlink')->middleware('auth');
});
// Installation routes
Route::prefix('installation')->controller(InstallationController::class)->group(function () {
Route::get('/', 'index')->name('installation.index');
@@ -85,37 +30,14 @@ Route::middleware(['maintenance', 'check.ban', 'force.staff.2fa'])->group(functi
// Banned route
Route::get('/banned', BannedController::class)->name('banned.show');
// Exceptions to the 2FA check and must only be visited if not logged in
// Home routes (guest only)
Route::middleware(['guest', 'throttle:60,1'])->withoutMiddleware('force.staff.2fa')->group(function () {
Route::get('/login', static fn () => to_route('welcome'))->name('login');
Route::get('/', HomeController::class)->name('welcome');
Route::get('/home', HomeController::class)->name('home');
Route::get('/register', [RegisteredUserController::class, 'create']);
Route::post('/register', [RegisteredUserController::class, 'store'])
->name('register');
Route::get('/register/{referral_code}', UserReferralController::class)->name('register.referral');
// Password
Route::get('forgot-password', ForgotPasswordController::class)->name('forgot.password.get');
Route::post('forgot-password', [ForgotPasswordController::class, 'submitForgetPassword'])->name('forgot.password.post');
Route::get('reset-password/{token}', [ForgotPasswordController::class, 'showResetPassword'])->name('reset.password.get');
Route::post('reset-password/{token}', [ForgotPasswordController::class, 'submitResetPassword'])->name('reset.password.post');
// Two factor challenge login
Route::get('/two-factor-challenge', static fn () => view('auth.two-factor-challenge'))->name('two-factor.login');
// Email verification resend
Route::post('/email/verification-notification', static function () {
request()->user()->sendEmailVerificationNotification();
return back()->with('status', 'verification-link-sent');
})->middleware(['auth', 'throttle:6,1'])->name('verification.send');
});
// Logout route - must be accessible when logged in
// Logout route
Route::post('/logout', static function () {
auth()->guard('web')->logout();
session()->invalidate();
@@ -124,193 +46,16 @@ Route::middleware(['maintenance', 'check.ban', 'force.staff.2fa'])->group(functi
return redirect('/');
})->name('logout');
// Can only be accessed if logged in
// Authenticated routes
Route::middleware('auth')->group(function () {
Route::prefix('user')->group(function () {
Route::get('/me', MeController::class)->name('me.show');
Route::get('/claim/referral-reward', ReferralController::class)->name('claim.referral-reward');
// User routes that can be accessed without auth (for public profiles)
Route::withoutMiddleware('auth')->group(function () {
Route::get('/profile/{user:username}', ProfileController::class)->name('profile.show');
});
// Guestbook routes
Route::post('/profile/{user}/guestbook', [GuestbookController::class, 'store'])->name('guestbook.store');
Route::delete('/profile/{user}/{guestbook}/delete', [GuestbookController::class, 'destroy'])->name('guestbook.destroy');
// User settings routes
Route::prefix('settings')->group(function () {
Route::get('/account', [AccountSettingsController::class, 'edit'])->name('settings.account.show');
Route::put('/account', [AccountSettingsController::class, 'update'])->name('settings.account.update');
Route::get('/password', [PasswordSettingsController::class, 'edit'])->name('settings.password.show');
Route::put('/password', [PasswordSettingsController::class, 'update'])->name('settings.password.update');
Route::get('/session-logs', [AccountSettingsController::class, 'sessionLogs'])->name('settings.session-logs');
Route::get('/two-factor', [TwoFactorAuthenticationController::class, 'index'])->name('settings.two-factor');
Route::post('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'store'])->name('user.two-factor.enable');
Route::post('/2fa-verify', [TwoFactorAuthenticationController::class, 'verify'])->name('two-factor.verify');
Route::delete('/user/settings/two-factor-authentication', [TwoFactorAuthenticationController::class, 'destroy'])->name('user.two-factor.disable');
Route::get('/preferences', [PreferencesController::class, 'edit'])->name('settings.preferences.show');
Route::put('/preferences', [PreferencesController::class, 'update'])->name('settings.preferences.update');
});
});
// Admin Radio Setup routes
Route::prefix('admin')->middleware(['auth'])->group(function () {
Route::get('/radio/setup', [RadioSetupController::class, 'index'])->name('admin.radio.setup');
Route::post('/radio/setup', [RadioSetupController::class, 'setup'])->name('admin.radio.setup.post');
// Game Rewards Admin
});
// Community routes
Route::prefix('community')->group(function () {
// Allowed to be visited without being logged in
Route::withoutMiddleware('auth')->group(function () {
Route::get('/photos', PhotosController::class)->name('photos.index');
Route::get('/staff', StaffController::class)->name('staff.index');
Route::get('/articles', [ArticleController::class, 'index'])->name('article.index');
Route::get('/article/{article:slug}', [ArticleController::class, 'show'])->name('article.show');
// Radio routes accessible without auth
Route::prefix('radio')->group(function () {
Route::get('/', [RadioController::class, 'index'])->name('radio.index');
Route::get('/rooster', [RadioController::class, 'rooster'])->name('radio.rooster');
Route::get('/punten', RadioLeaderboardController::class)->name('radio.leaderboard');
});
});
// Radio routes that require auth
Route::prefix('radio')->group(function () {
Route::get('/shouts', [RadioController::class, 'shouts'])->name('radio.shouts');
Route::get('/dj-aanmelden', [RadioController::class, 'apply'])->name('radio.apply');
Route::post('/dj-aanmelden', [RadioController::class, 'storeApplication'])->name('radio.apply.store');
Route::post('/shouts', [RadioController::class, 'storeShout'])->name('radio.shouts.store');
// DJ Session management
Route::post('/session/start', [RadioController::class, 'startSession'])->name('radio.session.start')->middleware('auth');
Route::post('/session/end', [RadioController::class, 'endSession'])->name('radio.session.end')->middleware('auth');
// Requests
Route::get('/requests', [RadioSongRequestController::class, 'index'])->name('radio.requests.index');
Route::post('/requests', [RadioSongRequestController::class, 'store'])->name('radio.requests.store');
Route::post('/requests/{songRequest}/vote', [RadioSongRequestController::class, 'vote'])->name('radio.requests.vote');
// Contests
Route::get('/contests', [RadioContestController::class, 'index'])->name('radio.contests.index');
Route::get('/contests/{contest}', [RadioContestController::class, 'show'])->name('radio.contests.show');
// Giveaways
Route::get('/giveaways', [RadioGiveawayController::class, 'index'])->name('radio.giveaways.index');
Route::get('/giveaways/{giveaway}', [RadioGiveawayController::class, 'show'])->name('radio.giveaways.show');
});
Route::get('/teams', WebsiteTeamsController::class)->name('teams.index');
Route::get('/draw-badge', [BadgeController::class, 'show'])->name('draw-badge');
Route::post('/draw-badge/buy', [BadgeController::class, 'buy'])->name('badge.buy')->middleware('throttle:10,1');
Route::get('/staff-applications', [StaffApplicationsController::class, 'index'])->name('staff-applications.index');
Route::get('/staff-applications/{position}', [StaffApplicationsController::class, 'show'])->name('staff-applications.show');
Route::post('/staff-applications/{position}', [StaffApplicationsController::class, 'store'])->name('staff-applications.store');
Route::get('/team-applications', [WebsiteTeamApplicationsController::class, 'index'])->name('team-applications.index');
Route::get('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'show'])->name('team-applications.show');
Route::post('/team-applications/{position}', [WebsiteTeamApplicationsController::class, 'store'])->name('team-applications.store');
Route::post('/article/{article:slug}/comment', [WebsiteArticleCommentsController::class, 'store'])->name('article.comment.store');
Route::delete('/article/{comment}/comment', [WebsiteArticleCommentsController::class, 'destroy'])->name('article.comment.destroy');
Route::post('/article/{article:slug}/toggle-reaction', [ArticleController::class, 'toggleReaction'])
->name('article.toggle-reaction')
->middleware('throttle:100,1');
});
// Leaderboard route (accessible without auth)
Route::withoutMiddleware('auth')->group(function () {
Route::get('/leaderboard', LeaderboardController::class)->name('leaderboard.index');
});
// Shop routes
Route::prefix('shop')->group(function () {
Route::get('/{category:slug?}', ShopController::class)->name('shop.index')->withoutMiddleware('auth');
Route::post('/purchase/{package}', [ShopController::class, 'purchase'])->name('shop.buy')->middleware('throttle:10,1');
Route::post('/voucher', ShopVoucherController::class)->name('shop.use-voucher')->middleware('throttle:10,1');
});
// Help center
Route::prefix('help-center')->as('help-center.')->group(function () {
Route::get('/', HelpCenterController::class)->name('index')->withoutMiddleware(['auth', 'check.ban']);
Route::prefix('tickets')->as('ticket.')->middleware('auth')->withoutMiddleware('check.ban')->group(function () {
Route::get('/create', [TicketController::class, 'create'])->name('create');
Route::post('/store', [TicketController::class, 'store'])->name('store');
Route::get('/show/{ticket}', [TicketController::class, 'show'])->name('show');
Route::get('/edit/{ticket}', [TicketController::class, 'edit'])->name('edit');
Route::put('/edit/{ticket}', [TicketController::class, 'update'])->name('update');
Route::delete('/delete/{ticket}', [TicketController::class, 'destroy'])->name('destroy');
Route::put('/toggle-status/{ticket}', [TicketController::class, 'toggleTicketStatus'])->name('toggle-status');
Route::post('/reply/{ticket}/store', [TicketReplyController::class, 'store'])->name('reply.store')->middleware('throttle:30,1');
Route::delete('/reply/{reply}/delete', [TicketController::class, 'destroyReply'])->name('reply.destroy');
// All open tickets
Route::get('/all', [TicketController::class, 'index'])->name('index');
});
// Rules
Route::get('/rules', WebsiteRulesController::class)->name('rules.index')->withoutMiddleware('auth');
});
// Rare values routes
Route::get('/values', [WebsiteRareValuesController::class, 'index'])->name('values.index');
Route::post('/values/search', [WebsiteRareValuesController::class, 'search'])->name('values.search');
Route::get('/values/category/{id}', [WebsiteRareValuesController::class, 'category'])->name('values.category');
Route::get('/values/{value}', [WebsiteRareValuesController::class, 'value'])->name('values.value');
// Client route
Route::prefix('game')->middleware(['findretros.redirect', 'vpn.checker'])->group(function () {
Route::get('/nitro', NitroController::class)->name('nitro-client');
Route::get('/flash', FlashController::class)->name('flash-client');
});
// Logo generator
Route::get('/logo-generator', [LogoGeneratorController::class, 'index'])->name('logo-generator.index');
Route::post('/logo-generator', [LogoGeneratorController::class, 'store'])->name('store.generated-logo');
// PayPal routes
Route::controller(PayPalController::class)->prefix('paypal')->group(function () {
Route::get('/process-transaction', 'process')->name('paypal.process-transaction');
Route::get('/successful-transaction', 'successful')->name('paypal.successful-transaction');
Route::get('/cancelled-transaction', 'cancelled')->name('paypal.cancelled-transaction');
});
require __DIR__ . '/user.php';
require __DIR__ . '/community.php';
require __DIR__ . '/shop.php';
require __DIR__ . '/help-center.php';
require __DIR__ . '/client.php';
require __DIR__ . '/admin.php';
});
});
if (Features::enabled(Features::twoFactorAuthentication())) {
$twoFactorLimiter = config('fortify.limiters.two-factor');
Route::post('/two-factor-challenge', [TwoFactorAuthenticatedSessionController::class, 'store'])
->middleware(
array_filter([
'guest:' . config('fortify.guard'),
$twoFactorLimiter ? 'throttle:' . $twoFactorLimiter : null,
]),
);
}
Route::prefix('api/admin/furni-editor')->middleware(['auth', 'admin.security', 'throttle:api'])->group(function () {
Route::get('/', [FurniEditorController::class, 'search']);
Route::post('/', [FurniEditorController::class, 'create']);
Route::get('/detail', [FurniEditorController::class, 'detail']);
Route::post('/update', [FurniEditorController::class, 'update']);
Route::post('/delete', [FurniEditorController::class, 'delete']);
Route::get('/interactions', [FurniEditorController::class, 'interactions']);
Route::get('/by-sprite', [FurniEditorController::class, 'bySprite']);
// Auth routes (mixed guest/auth)
require __DIR__ . '/auth.php';
});