BookStack Code Mirror - bookstack/blobdiff

diff --git a/routes/web.php b/routes/web.php

index 933179aa7ec2d7e2e661c5d4bbcb27c7ba39e3f7..25d7ab6928585ddfe9672136f33311dd9660bc13 100644 (file)

--- a/routes/web.php

+++ b/routes/web.php

@@ -6,7 +6,8 @@ Route::get('/robots.txt', 'HomeController@getRobots');

// Authenticated routes...

Route::group(['middleware' => 'auth'], function () {

- Route::get('/uploads/images/{path}', 'ImageController@showImage')

+ // Secure images routing

+ Route::get('/uploads/images/{path}', 'Images\ImageController@showImage')

->where('path', '.*$');

Route::group(['prefix' => 'pages'], function() {

@@ -103,31 +104,21 @@ Route::group(['middleware' => 'auth'], function () {

Route::get('/user/{userId}', 'UserController@showProfilePage');

// Image routes

- Route::group(['prefix' => 'images'], function() {

- // Get for user images

-// Route::get('/user/all', 'ImageController@getAllForUserType');

-// Route::get('/user/all/{page}', 'ImageController@getAllForUserType');

- // Standard get, update and deletion for all types

- Route::get('/thumb/{id}/{width}/{height}/{crop}', 'ImageController@getThumbnail');

- Route::get('/base64/{id}', 'ImageController@getBase64Image');

- Route::get('/usage/{id}', 'ImageController@usage');

- Route::get('/{type}/all', 'ImageController@getAllByType');

- Route::get('/{type}/all/{page}', 'ImageController@getAllByType');

- Route::get('/{type}/search/{page}', 'ImageController@searchByType');

- Route::get('/gallery/{filter}/{page}', 'ImageController@getGalleryFiltered');

-

- // TODO - Remove use of abstract "Type" variable (Above)

- // TODO - Clearly define each endpoint so logic for each is clear

- // TODO - Move into per-type controllers

- // TODO - Test and fully think about permissions and each stage

- Route::post('/drawio', 'ImageController@uploadDrawioImage');

- Route::post('/gallery', 'ImageController@uploadGalleryImage');

- Route::post('/user', 'ImageController@uploadUserImage');

- Route::post('/system', 'ImageController@uploadSystemImage');

- Route::post('/cover', 'ImageController@uploadCoverImage');

-

- Route::put('/{id}', 'ImageController@update');

- Route::delete('/{id}', 'ImageController@destroy');

+ Route::group(['prefix' => 'images'], function () {

+

+ // Gallery

+ Route::get('/gallery', 'Images\GalleryImageController@list');

+ Route::post('/gallery', 'Images\GalleryImageController@create');

+

+ // Drawio

+ Route::get('/drawio', 'Images\DrawioImageController@list');

+ Route::get('/drawio/base64/{id}', 'Images\DrawioImageController@getAsBase64');

+ Route::post('/drawio', 'Images\DrawioImageController@create');

+

+ // Shared gallery & draw.io endpoint

+ Route::get('/usage/{id}', 'Images\ImageController@usage');

+ Route::put('/{id}', 'Images\ImageController@update');

+ Route::delete('/{id}', 'Images\ImageController@destroy');

});

// Attachments routes