]> BookStack Code Mirror - bookstack/blob - routes/web.php
projects / bookstack / blob
? search:


b3f11f53a7802a9fe3b522d532f2a337d2974b37
[bookstack] / routes / web.php
1 <?php
2
3 use BookStack\Http\Controllers\Api;
4 use BookStack\Http\Controllers\AttachmentController;
5 use BookStack\Http\Controllers\AuditLogController;
6 use BookStack\Http\Controllers\Auth;
7 use BookStack\Http\Controllers\BookController;
8 use BookStack\Http\Controllers\BookExportController;
9 use BookStack\Http\Controllers\BookshelfController;
10 use BookStack\Http\Controllers\BookSortController;
11 use BookStack\Http\Controllers\ChapterController;
12 use BookStack\Http\Controllers\ChapterExportController;
13 use BookStack\Http\Controllers\CommentController;
14 use BookStack\Http\Controllers\FavouriteController;
15 use BookStack\Http\Controllers\HomeController;
16 use BookStack\Http\Controllers\Images;
17 use BookStack\Http\Controllers\MaintenanceController;
18 use BookStack\Http\Controllers\PageController;
19 use BookStack\Http\Controllers\PageExportController;
20 use BookStack\Http\Controllers\PageRevisionController;
21 use BookStack\Http\Controllers\PageTemplateController;
22 use BookStack\Http\Controllers\PermissionsController;
23 use BookStack\Http\Controllers\RecycleBinController;
24 use BookStack\Http\Controllers\ReferenceController;
25 use BookStack\Http\Controllers\RoleController;
26 use BookStack\Http\Controllers\SearchController;
27 use BookStack\Http\Controllers\SettingController;
28 use BookStack\Http\Controllers\StatusController;
29 use BookStack\Http\Controllers\TagController;
30 use BookStack\Http\Controllers\UserApiTokenController;
31 use BookStack\Http\Controllers\UserController;
32 use BookStack\Http\Controllers\UserPreferencesController;
33 use BookStack\Http\Controllers\UserProfileController;
34 use BookStack\Http\Controllers\UserSearchController;
35 use BookStack\Http\Controllers\WebhookController;
36 use BookStack\Http\Middleware\VerifyCsrfToken;
37 use Illuminate\Session\Middleware\StartSession;
38 use Illuminate\Support\Facades\Route;
39 use Illuminate\View\Middleware\ShareErrorsFromSession;
40
41 Route::get('/status', [StatusController::class, 'show']);
42 Route::get('/robots.txt', [HomeController::class, 'robots']);
43
44 // Authenticated routes...
45 Route::middleware('auth')->group(function () {
46
47     // Secure images routing
48     Route::get('/uploads/images/{path}', [Images\ImageController::class, 'showImage'])
49         ->where('path', '.*$');
50
51     // API docs routes
52     Route::redirect('/api', '/api/docs');
53     Route::get('/api/docs', [Api\ApiDocsController::class, 'display']);
54
55     Route::get('/pages/recently-updated', [PageController::class, 'showRecentlyUpdated']);
56
57     // Shelves
58     Route::get('/create-shelf', [BookshelfController::class, 'create']);
59     Route::get('/shelves/', [BookshelfController::class, 'index']);
60     Route::post('/shelves/', [BookshelfController::class, 'store']);
61     Route::get('/shelves/{slug}/edit', [BookshelfController::class, 'edit']);
62     Route::get('/shelves/{slug}/delete', [BookshelfController::class, 'showDelete']);
63     Route::get('/shelves/{slug}', [BookshelfController::class, 'show']);
64     Route::put('/shelves/{slug}', [BookshelfController::class, 'update']);
65     Route::delete('/shelves/{slug}', [BookshelfController::class, 'destroy']);
66     Route::get('/shelves/{slug}/permissions', [PermissionsController::class, 'showForShelf']);
67     Route::put('/shelves/{slug}/permissions', [PermissionsController::class, 'updateForShelf']);
68     Route::post('/shelves/{slug}/copy-permissions', [PermissionsController::class, 'copyShelfPermissionsToBooks']);
69     Route::get('/shelves/{slug}/references', [ReferenceController::class, 'shelf']);
70
71     // Book Creation
72     Route::get('/shelves/{shelfSlug}/create-book', [BookController::class, 'create']);
73     Route::post('/shelves/{shelfSlug}/create-book', [BookController::class, 'store']);
74     Route::get('/create-book', [BookController::class, 'create']);
75
76     // Books
77     Route::get('/books/', [BookController::class, 'index']);
78     Route::post('/books/', [BookController::class, 'store']);
79     Route::get('/books/{slug}/edit', [BookController::class, 'edit']);
80     Route::put('/books/{slug}', [BookController::class, 'update']);
81     Route::delete('/books/{id}', [BookController::class, 'destroy']);
82     Route::get('/books/{slug}/sort-item', [BookSortController::class, 'showItem']);
83     Route::get('/books/{slug}', [BookController::class, 'show']);
84     Route::get('/books/{bookSlug}/permissions', [PermissionsController::class, 'showForBook']);
85     Route::put('/books/{bookSlug}/permissions', [PermissionsController::class, 'updateForBook']);
86     Route::get('/books/{slug}/delete', [BookController::class, 'showDelete']);
87     Route::get('/books/{bookSlug}/copy', [BookController::class, 'showCopy']);
88     Route::post('/books/{bookSlug}/copy', [BookController::class, 'copy']);
89     Route::post('/books/{bookSlug}/convert-to-shelf', [BookController::class, 'convertToShelf']);
90     Route::get('/books/{bookSlug}/sort', [BookSortController::class, 'show']);
91     Route::put('/books/{bookSlug}/sort', [BookSortController::class, 'update']);
92     Route::get('/books/{slug}/references', [ReferenceController::class, 'book']);
93     Route::get('/books/{bookSlug}/export/html', [BookExportController::class, 'html']);
94     Route::get('/books/{bookSlug}/export/pdf', [BookExportController::class, 'pdf']);
95     Route::get('/books/{bookSlug}/export/markdown', [BookExportController::class, 'markdown']);
96     Route::get('/books/{bookSlug}/export/zip', [BookExportController::class, 'zip']);
97     Route::get('/books/{bookSlug}/export/plaintext', [BookExportController::class, 'plainText']);
98
99     // Pages
100     Route::get('/books/{bookSlug}/create-page', [PageController::class, 'create']);
101     Route::post('/books/{bookSlug}/create-guest-page', [PageController::class, 'createAsGuest']);
102     Route::get('/books/{bookSlug}/draft/{pageId}', [PageController::class, 'editDraft']);
103     Route::post('/books/{bookSlug}/draft/{pageId}', [PageController::class, 'store']);
104     Route::get('/books/{bookSlug}/page/{pageSlug}', [PageController::class, 'show']);
105     Route::get('/books/{bookSlug}/page/{pageSlug}/export/pdf', [PageExportController::class, 'pdf']);
106     Route::get('/books/{bookSlug}/page/{pageSlug}/export/html', [PageExportController::class, 'html']);
107     Route::get('/books/{bookSlug}/page/{pageSlug}/export/markdown', [PageExportController::class, 'markdown']);
108     Route::get('/books/{bookSlug}/page/{pageSlug}/export/plaintext', [PageExportController::class, 'plainText']);
109     Route::get('/books/{bookSlug}/page/{pageSlug}/edit', [PageController::class, 'edit']);
110     Route::get('/books/{bookSlug}/page/{pageSlug}/move', [PageController::class, 'showMove']);
111     Route::put('/books/{bookSlug}/page/{pageSlug}/move', [PageController::class, 'move']);
112     Route::get('/books/{bookSlug}/page/{pageSlug}/copy', [PageController::class, 'showCopy']);
113     Route::post('/books/{bookSlug}/page/{pageSlug}/copy', [PageController::class, 'copy']);
114     Route::get('/books/{bookSlug}/page/{pageSlug}/delete', [PageController::class, 'showDelete']);
115     Route::get('/books/{bookSlug}/draft/{pageId}/delete', [PageController::class, 'showDeleteDraft']);
116     Route::get('/books/{bookSlug}/page/{pageSlug}/permissions', [PermissionsController::class, 'showForPage']);
117     Route::put('/books/{bookSlug}/page/{pageSlug}/permissions', [PermissionsController::class, 'updateForPage']);
118     Route::get('/books/{bookSlug}/page/{pageSlug}/references', [ReferenceController::class, 'page']);
119     Route::put('/books/{bookSlug}/page/{pageSlug}', [PageController::class, 'update']);
120     Route::delete('/books/{bookSlug}/page/{pageSlug}', [PageController::class, 'destroy']);
121     Route::delete('/books/{bookSlug}/draft/{pageId}', [PageController::class, 'destroyDraft']);
122
123     // Revisions
124     Route::get('/books/{bookSlug}/page/{pageSlug}/revisions', [PageRevisionController::class, 'index']);
125     Route::get('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}', [PageRevisionController::class, 'show']);
126     Route::get('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}/changes', [PageRevisionController::class, 'changes']);
127     Route::put('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}/restore', [PageRevisionController::class, 'restore']);
128     Route::delete('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}/delete', [PageRevisionController::class, 'destroy']);
129
130     // Chapters
131     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/create-page', [PageController::class, 'create']);
132     Route::post('/books/{bookSlug}/chapter/{chapterSlug}/create-guest-page', [PageController::class, 'createAsGuest']);
133     Route::get('/books/{bookSlug}/create-chapter', [ChapterController::class, 'create']);
134     Route::post('/books/{bookSlug}/create-chapter', [ChapterController::class, 'store']);
135     Route::get('/books/{bookSlug}/chapter/{chapterSlug}', [ChapterController::class, 'show']);
136     Route::put('/books/{bookSlug}/chapter/{chapterSlug}', [ChapterController::class, 'update']);
137     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/move', [ChapterController::class, 'showMove']);
138     Route::put('/books/{bookSlug}/chapter/{chapterSlug}/move', [ChapterController::class, 'move']);
139     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/copy', [ChapterController::class, 'showCopy']);
140     Route::post('/books/{bookSlug}/chapter/{chapterSlug}/copy', [ChapterController::class, 'copy']);
141     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/edit', [ChapterController::class, 'edit']);
142     Route::post('/books/{bookSlug}/chapter/{chapterSlug}/convert-to-book', [ChapterController::class, 'convertToBook']);
143     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/permissions', [PermissionsController::class, 'showForChapter']);
144     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/pdf', [ChapterExportController::class, 'pdf']);
145     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/html', [ChapterExportController::class, 'html']);
146     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/markdown', [ChapterExportController::class, 'markdown']);
147     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/plaintext', [ChapterExportController::class, 'plainText']);
148     Route::put('/books/{bookSlug}/chapter/{chapterSlug}/permissions', [PermissionsController::class, 'updateForChapter']);
149     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/references', [ReferenceController::class, 'chapter']);
150     Route::get('/books/{bookSlug}/chapter/{chapterSlug}/delete', [ChapterController::class, 'showDelete']);
151     Route::delete('/books/{bookSlug}/chapter/{chapterSlug}', [ChapterController::class, 'destroy']);
152
153     // User Profile routes
154     Route::get('/user/{slug}', [UserProfileController::class, 'show']);
155
156     // Image routes
157     Route::get('/images/gallery', [Images\GalleryImageController::class, 'list']);
158     Route::post('/images/gallery', [Images\GalleryImageController::class, 'create']);
159     Route::get('/images/drawio', [Images\DrawioImageController::class, 'list']);
160     Route::get('/images/drawio/base64/{id}', [Images\DrawioImageController::class, 'getAsBase64']);
161     Route::post('/images/drawio', [Images\DrawioImageController::class, 'create']);
162     Route::get('/images/edit/{id}', [Images\ImageController::class, 'edit']);
163     Route::put('/images/{id}', [Images\ImageController::class, 'update']);
164     Route::delete('/images/{id}', [Images\ImageController::class, 'destroy']);
165
166     // Attachments routes
167     Route::get('/attachments/{id}', [AttachmentController::class, 'get']);
168     Route::post('/attachments/upload', [AttachmentController::class, 'upload']);
169     Route::post('/attachments/upload/{id}', [AttachmentController::class, 'uploadUpdate']);
170     Route::post('/attachments/link', [AttachmentController::class, 'attachLink']);
171     Route::put('/attachments/{id}', [AttachmentController::class, 'update']);
172     Route::get('/attachments/edit/{id}', [AttachmentController::class, 'getUpdateForm']);
173     Route::get('/attachments/get/page/{pageId}', [AttachmentController::class, 'listForPage']);
174     Route::put('/attachments/sort/page/{pageId}', [AttachmentController::class, 'sortForPage']);
175     Route::delete('/attachments/{id}', [AttachmentController::class, 'delete']);
176
177     // AJAX routes
178     Route::put('/ajax/page/{id}/save-draft', [PageController::class, 'saveDraft']);
179     Route::get('/ajax/page/{id}', [PageController::class, 'getPageAjax']);
180     Route::delete('/ajax/page/{id}', [PageController::class, 'ajaxDestroy']);
181
182     // Tag routes
183     Route::get('/tags', [TagController::class, 'index']);
184     Route::get('/ajax/tags/suggest/names', [TagController::class, 'getNameSuggestions']);
185     Route::get('/ajax/tags/suggest/values', [TagController::class, 'getValueSuggestions']);
186
187     Route::get('/ajax/search/entities', [SearchController::class, 'searchEntitiesAjax']);
188
189     // Comments
190     Route::post('/comment/{pageId}', [CommentController::class, 'savePageComment']);
191     Route::put('/comment/{id}', [CommentController::class, 'update']);
192     Route::delete('/comment/{id}', [CommentController::class, 'destroy']);
193
194     // Links
195     Route::get('/link/{id}', [PageController::class, 'redirectFromLink']);
196
197     // Search
198     Route::get('/search', [SearchController::class, 'search']);
199     Route::get('/search/book/{bookId}', [SearchController::class, 'searchBook']);
200     Route::get('/search/chapter/{bookId}', [SearchController::class, 'searchChapter']);
201     Route::get('/search/entity/siblings', [SearchController::class, 'searchSiblings']);
202
203     // User Search
204     Route::get('/search/users/select', [UserSearchController::class, 'forSelect']);
205
206     // Template System
207     Route::get('/templates', [PageTemplateController::class, 'list']);
208     Route::get('/templates/{templateId}', [PageTemplateController::class, 'get']);
209
210     // Favourites
211     Route::get('/favourites', [FavouriteController::class, 'index']);
212     Route::post('/favourites/add', [FavouriteController::class, 'add']);
213     Route::post('/favourites/remove', [FavouriteController::class, 'remove']);
214
215     // Other Pages
216     Route::get('/', [HomeController::class, 'index']);
217     Route::get('/home', [HomeController::class, 'index']);
218
219     // Permissions
220     Route::get('/permissions/form-row/{entityType}/{roleId}', [PermissionsController::class, 'formRowForRole']);
221
222     // Maintenance
223     Route::get('/settings/maintenance', [MaintenanceController::class, 'index']);
224     Route::delete('/settings/maintenance/cleanup-images', [MaintenanceController::class, 'cleanupImages']);
225     Route::post('/settings/maintenance/send-test-email', [MaintenanceController::class, 'sendTestEmail']);
226     Route::post('/settings/maintenance/regenerate-references', [MaintenanceController::class, 'regenerateReferences']);
227
228     // Recycle Bin
229     Route::get('/settings/recycle-bin', [RecycleBinController::class, 'index']);
230     Route::post('/settings/recycle-bin/empty', [RecycleBinController::class, 'empty']);
231     Route::get('/settings/recycle-bin/{id}/destroy', [RecycleBinController::class, 'showDestroy']);
232     Route::delete('/settings/recycle-bin/{id}', [RecycleBinController::class, 'destroy']);
233     Route::get('/settings/recycle-bin/{id}/restore', [RecycleBinController::class, 'showRestore']);
234     Route::post('/settings/recycle-bin/{id}/restore', [RecycleBinController::class, 'restore']);
235
236     // Audit Log
237     Route::get('/settings/audit', [AuditLogController::class, 'index']);
238
239     // Users
240     Route::get('/settings/users', [UserController::class, 'index']);
241     Route::get('/settings/users/create', [UserController::class, 'create']);
242     Route::get('/settings/users/{id}/delete', [UserController::class, 'delete']);
243     Route::post('/settings/users/create', [UserController::class, 'store']);
244     Route::get('/settings/users/{id}', [UserController::class, 'edit']);
245     Route::put('/settings/users/{id}', [UserController::class, 'update']);
246     Route::delete('/settings/users/{id}', [UserController::class, 'destroy']);
247
248     // User Preferences
249     Route::patch('/settings/users/{id}/switch-books-view', [UserPreferencesController::class, 'switchBooksView']);
250     Route::patch('/settings/users/{id}/switch-shelves-view', [UserPreferencesController::class, 'switchShelvesView']);
251     Route::patch('/settings/users/{id}/switch-shelf-view', [UserPreferencesController::class, 'switchShelfView']);
252     Route::patch('/settings/users/{id}/change-sort/{type}', [UserPreferencesController::class, 'changeSort']);
253     Route::patch('/settings/users/{id}/update-expansion-preference/{key}', [UserPreferencesController::class, 'updateExpansionPreference']);
254     Route::patch('/settings/users/toggle-dark-mode', [UserPreferencesController::class, 'toggleDarkMode']);
255     Route::patch('/settings/users/update-code-language-favourite', [UserPreferencesController::class, 'updateCodeLanguageFavourite']);
256
257     // User API Tokens
258     Route::get('/settings/users/{userId}/create-api-token', [UserApiTokenController::class, 'create']);
259     Route::post('/settings/users/{userId}/create-api-token', [UserApiTokenController::class, 'store']);
260     Route::get('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'edit']);
261     Route::put('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'update']);
262     Route::get('/settings/users/{userId}/api-tokens/{tokenId}/delete', [UserApiTokenController::class, 'delete']);
263     Route::delete('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'destroy']);
264
265     // Roles
266     Route::get('/settings/roles', [RoleController::class, 'index']);
267     Route::get('/settings/roles/new', [RoleController::class, 'create']);
268     Route::post('/settings/roles/new', [RoleController::class, 'store']);
269     Route::get('/settings/roles/delete/{id}', [RoleController::class, 'showDelete']);
270     Route::delete('/settings/roles/delete/{id}', [RoleController::class, 'delete']);
271     Route::get('/settings/roles/{id}', [RoleController::class, 'edit']);
272     Route::put('/settings/roles/{id}', [RoleController::class, 'update']);
273
274     // Webhooks
275     Route::get('/settings/webhooks', [WebhookController::class, 'index']);
276     Route::get('/settings/webhooks/create', [WebhookController::class, 'create']);
277     Route::post('/settings/webhooks/create', [WebhookController::class, 'store']);
278     Route::get('/settings/webhooks/{id}', [WebhookController::class, 'edit']);
279     Route::put('/settings/webhooks/{id}', [WebhookController::class, 'update']);
280     Route::get('/settings/webhooks/{id}/delete', [WebhookController::class, 'delete']);
281     Route::delete('/settings/webhooks/{id}', [WebhookController::class, 'destroy']);
282
283     // Settings
284     Route::get('/settings', [SettingController::class, 'index'])->name('settings');
285     Route::get('/settings/{category}', [SettingController::class, 'category'])->name('settings.category');
286     Route::post('/settings/{category}', [SettingController::class, 'update']);
287 });
288
289 // MFA routes
290 Route::middleware('mfa-setup')->group(function () {
291     Route::get('/mfa/setup', [Auth\MfaController::class, 'setup']);
292     Route::get('/mfa/totp/generate', [Auth\MfaTotpController::class, 'generate']);
293     Route::post('/mfa/totp/confirm', [Auth\MfaTotpController::class, 'confirm']);
294     Route::get('/mfa/backup_codes/generate', [Auth\MfaBackupCodesController::class, 'generate']);
295     Route::post('/mfa/backup_codes/confirm', [Auth\MfaBackupCodesController::class, 'confirm']);
296 });
297 Route::middleware('guest')->group(function () {
298     Route::get('/mfa/verify', [Auth\MfaController::class, 'verify']);
299     Route::post('/mfa/totp/verify', [Auth\MfaTotpController::class, 'verify']);
300     Route::post('/mfa/backup_codes/verify', [Auth\MfaBackupCodesController::class, 'verify']);
301 });
302 Route::delete('/mfa/{method}/remove', [Auth\MfaController::class, 'remove'])->middleware('auth');
303
304 // Social auth routes
305 Route::get('/login/service/{socialDriver}', [Auth\SocialController::class, 'login']);
306 Route::get('/login/service/{socialDriver}/callback', [Auth\SocialController::class, 'callback']);
307 Route::post('/login/service/{socialDriver}/detach', [Auth\SocialController::class, 'detach'])->middleware('auth');
308 Route::get('/register/service/{socialDriver}', [Auth\SocialController::class, 'register']);
309
310 // Login/Logout routes
311 Route::get('/login', [Auth\LoginController::class, 'getLogin']);
312 Route::post('/login', [Auth\LoginController::class, 'login']);
313 Route::post('/logout', [Auth\LoginController::class, 'logout']);
314 Route::get('/register', [Auth\RegisterController::class, 'getRegister']);
315 Route::get('/register/confirm', [Auth\ConfirmEmailController::class, 'show']);
316 Route::get('/register/confirm/awaiting', [Auth\ConfirmEmailController::class, 'showAwaiting']);
317 Route::post('/register/confirm/resend', [Auth\ConfirmEmailController::class, 'resend']);
318 Route::get('/register/confirm/{token}', [Auth\ConfirmEmailController::class, 'confirm']);
319 Route::post('/register', [Auth\RegisterController::class, 'postRegister']);
320
321 // SAML routes
322 Route::post('/saml2/login', [Auth\Saml2Controller::class, 'login']);
323 Route::post('/saml2/logout', [Auth\Saml2Controller::class, 'logout']);
324 Route::get('/saml2/metadata', [Auth\Saml2Controller::class, 'metadata']);
325 Route::get('/saml2/sls', [Auth\Saml2Controller::class, 'sls']);
326 Route::post('/saml2/acs', [Auth\Saml2Controller::class, 'startAcs'])->withoutMiddleware([
327     StartSession::class,
328     ShareErrorsFromSession::class,
329     VerifyCsrfToken::class,
330 ]);
331 Route::get('/saml2/acs', [Auth\Saml2Controller::class, 'processAcs']);
332
333 // OIDC routes
334 Route::post('/oidc/login', [Auth\OidcController::class, 'login']);
335 Route::get('/oidc/callback', [Auth\OidcController::class, 'callback']);
336
337 // User invitation routes
338 Route::get('/register/invite/{token}', [Auth\UserInviteController::class, 'showSetPassword']);
339 Route::post('/register/invite/{token}', [Auth\UserInviteController::class, 'setPassword']);
340
341 // Password reset link request routes
342 Route::get('/password/email', [Auth\ForgotPasswordController::class, 'showLinkRequestForm']);
343 Route::post('/password/email', [Auth\ForgotPasswordController::class, 'sendResetLinkEmail']);
344
345 // Password reset routes
346 Route::get('/password/reset/{token}', [Auth\ResetPasswordController::class, 'showResetForm']);
347 Route::post('/password/reset', [Auth\ResetPasswordController::class, 'reset']);
348
349 // Metadata routes
350 Route::view('/help/wysiwyg', 'help.wysiwyg');
351
352 Route::fallback([HomeController::class, 'notFound'])->name('fallback');
The core source code for the BookStack project.