BookStack Code Mirror - bookstack/blob

1 <?php

2

3 use BookStack\Http\Controllers\Api;

4 use BookStack\Http\Controllers\AttachmentController;

5 use BookStack\Http\Controllers\AuditLogController;

6 use BookStack\Http\Controllers\Auth;

7 use BookStack\Http\Controllers\BookController;

8 use BookStack\Http\Controllers\BookExportController;

9 use BookStack\Http\Controllers\BookshelfController;

10 use BookStack\Http\Controllers\BookSortController;

11 use BookStack\Http\Controllers\ChapterController;

12 use BookStack\Http\Controllers\ChapterExportController;

13 use BookStack\Http\Controllers\CommentController;

14 use BookStack\Http\Controllers\FavouriteController;

15 use BookStack\Http\Controllers\HomeController;

16 use BookStack\Http\Controllers\Images;

17 use BookStack\Http\Controllers\MaintenanceController;

18 use BookStack\Http\Controllers\PageController;

19 use BookStack\Http\Controllers\PageExportController;

20 use BookStack\Http\Controllers\PageRevisionController;

21 use BookStack\Http\Controllers\PageTemplateController;

22 use BookStack\Http\Controllers\RecycleBinController;

23 use BookStack\Http\Controllers\RoleController;

24 use BookStack\Http\Controllers\SearchController;

25 use BookStack\Http\Controllers\SettingController;

26 use BookStack\Http\Controllers\StatusController;

27 use BookStack\Http\Controllers\TagController;

28 use BookStack\Http\Controllers\UserApiTokenController;

29 use BookStack\Http\Controllers\UserController;

30 use BookStack\Http\Controllers\UserProfileController;

31 use BookStack\Http\Controllers\UserSearchController;

32 use BookStack\Http\Controllers\WebhookController;

33 use BookStack\Http\Middleware\VerifyCsrfToken;

34 use Illuminate\Session\Middleware\StartSession;

35 use Illuminate\Support\Facades\Route;

36 use Illuminate\View\Middleware\ShareErrorsFromSession;

37

38 Route::get('/status', [StatusController::class, 'show']);

39 Route::get('/robots.txt', [HomeController::class, 'robots']);

40

41 // Authenticated routes...

42 Route::middleware('auth')->group(function () {

43

44 // Secure images routing

45 Route::get('/uploads/images/{path}', [Images\ImageController::class, 'showImage'])

46 ->where('path', '.*$');

47

48 // API docs routes

49 Route::redirect('/api', '/api/docs');

50 Route::get('/api/docs', [Api\ApiDocsController::class, 'display']);

51

52 Route::get('/pages/recently-updated', [PageController::class, 'showRecentlyUpdated']);

53

54 // Shelves

55 Route::get('/create-shelf', [BookshelfController::class, 'create']);

56 Route::get('/shelves/', [BookshelfController::class, 'index']);

57 Route::post('/shelves/', [BookshelfController::class, 'store']);

58 Route::get('/shelves/{slug}/edit', [BookshelfController::class, 'edit']);

59 Route::get('/shelves/{slug}/delete', [BookshelfController::class, 'showDelete']);

60 Route::get('/shelves/{slug}', [BookshelfController::class, 'show']);

61 Route::put('/shelves/{slug}', [BookshelfController::class, 'update']);

62 Route::delete('/shelves/{slug}', [BookshelfController::class, 'destroy']);

63 Route::get('/shelves/{slug}/permissions', [BookshelfController::class, 'showPermissions']);

64 Route::put('/shelves/{slug}/permissions', [BookshelfController::class, 'permissions']);

65 Route::post('/shelves/{slug}/copy-permissions', [BookshelfController::class, 'copyPermissions']);

66

67 // Book Creation

68 Route::get('/shelves/{shelfSlug}/create-book', [BookController::class, 'create']);

69 Route::post('/shelves/{shelfSlug}/create-book', [BookController::class, 'store']);

70 Route::get('/create-book', [BookController::class, 'create']);

71

72 // Books

73 Route::get('/books/', [BookController::class, 'index']);

74 Route::post('/books/', [BookController::class, 'store']);

75 Route::get('/books/{slug}/edit', [BookController::class, 'edit']);

76 Route::put('/books/{slug}', [BookController::class, 'update']);

77 Route::delete('/books/{id}', [BookController::class, 'destroy']);

78 Route::get('/books/{slug}/sort-item', [BookSortController::class, 'showItem']);

79 Route::get('/books/{slug}', [BookController::class, 'show']);

80 Route::get('/books/{bookSlug}/permissions', [BookController::class, 'showPermissions']);

81 Route::put('/books/{bookSlug}/permissions', [BookController::class, 'permissions']);

82 Route::get('/books/{slug}/delete', [BookController::class, 'showDelete']);

83 Route::get('/books/{bookSlug}/copy', [BookController::class, 'showCopy']);

84 Route::post('/books/{bookSlug}/copy', [BookController::class, 'copy']);

85 Route::post('/books/{bookSlug}/convert-to-shelf', [BookController::class, 'convertToShelf']);

86 Route::get('/books/{bookSlug}/sort', [BookSortController::class, 'show']);

87 Route::put('/books/{bookSlug}/sort', [BookSortController::class, 'update']);

88 Route::get('/books/{bookSlug}/export/html', [BookExportController::class, 'html']);

89 Route::get('/books/{bookSlug}/export/pdf', [BookExportController::class, 'pdf']);

90 Route::get('/books/{bookSlug}/export/markdown', [BookExportController::class, 'markdown']);

91 Route::get('/books/{bookSlug}/export/zip', [BookExportController::class, 'zip']);

92 Route::get('/books/{bookSlug}/export/plaintext', [BookExportController::class, 'plainText']);

93

94 // Pages

95 Route::get('/books/{bookSlug}/create-page', [PageController::class, 'create']);

96 Route::post('/books/{bookSlug}/create-guest-page', [PageController::class, 'createAsGuest']);

97 Route::get('/books/{bookSlug}/draft/{pageId}', [PageController::class, 'editDraft']);

98 Route::post('/books/{bookSlug}/draft/{pageId}', [PageController::class, 'store']);

99 Route::get('/books/{bookSlug}/page/{pageSlug}', [PageController::class, 'show']);

100 Route::get('/books/{bookSlug}/page/{pageSlug}/export/pdf', [PageExportController::class, 'pdf']);

101 Route::get('/books/{bookSlug}/page/{pageSlug}/export/html', [PageExportController::class, 'html']);

102 Route::get('/books/{bookSlug}/page/{pageSlug}/export/markdown', [PageExportController::class, 'markdown']);

103 Route::get('/books/{bookSlug}/page/{pageSlug}/export/plaintext', [PageExportController::class, 'plainText']);

104 Route::get('/books/{bookSlug}/page/{pageSlug}/edit', [PageController::class, 'edit']);

105 Route::get('/books/{bookSlug}/page/{pageSlug}/move', [PageController::class, 'showMove']);

106 Route::put('/books/{bookSlug}/page/{pageSlug}/move', [PageController::class, 'move']);

107 Route::get('/books/{bookSlug}/page/{pageSlug}/copy', [PageController::class, 'showCopy']);

108 Route::post('/books/{bookSlug}/page/{pageSlug}/copy', [PageController::class, 'copy']);

109 Route::get('/books/{bookSlug}/page/{pageSlug}/delete', [PageController::class, 'showDelete']);

110 Route::get('/books/{bookSlug}/draft/{pageId}/delete', [PageController::class, 'showDeleteDraft']);

111 Route::get('/books/{bookSlug}/page/{pageSlug}/permissions', [PageController::class, 'showPermissions']);

112 Route::put('/books/{bookSlug}/page/{pageSlug}/permissions', [PageController::class, 'permissions']);

113 Route::put('/books/{bookSlug}/page/{pageSlug}', [PageController::class, 'update']);

114 Route::delete('/books/{bookSlug}/page/{pageSlug}', [PageController::class, 'destroy']);

115 Route::delete('/books/{bookSlug}/draft/{pageId}', [PageController::class, 'destroyDraft']);

116

117 // Revisions

118 Route::get('/books/{bookSlug}/page/{pageSlug}/revisions', [PageRevisionController::class, 'index']);

119 Route::get('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}', [PageRevisionController::class, 'show']);

120 Route::get('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}/changes', [PageRevisionController::class, 'changes']);

121 Route::put('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}/restore', [PageRevisionController::class, 'restore']);

122 Route::delete('/books/{bookSlug}/page/{pageSlug}/revisions/{revId}/delete', [PageRevisionController::class, 'destroy']);

123

124 // Chapters

125 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/create-page', [PageController::class, 'create']);

126 Route::post('/books/{bookSlug}/chapter/{chapterSlug}/create-guest-page', [PageController::class, 'createAsGuest']);

127 Route::get('/books/{bookSlug}/create-chapter', [ChapterController::class, 'create']);

128 Route::post('/books/{bookSlug}/create-chapter', [ChapterController::class, 'store']);

129 Route::get('/books/{bookSlug}/chapter/{chapterSlug}', [ChapterController::class, 'show']);

130 Route::put('/books/{bookSlug}/chapter/{chapterSlug}', [ChapterController::class, 'update']);

131 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/move', [ChapterController::class, 'showMove']);

132 Route::put('/books/{bookSlug}/chapter/{chapterSlug}/move', [ChapterController::class, 'move']);

133 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/copy', [ChapterController::class, 'showCopy']);

134 Route::post('/books/{bookSlug}/chapter/{chapterSlug}/copy', [ChapterController::class, 'copy']);

135 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/edit', [ChapterController::class, 'edit']);

136 Route::post('/books/{bookSlug}/chapter/{chapterSlug}/convert-to-book', [ChapterController::class, 'convertToBook']);

137 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/permissions', [ChapterController::class, 'showPermissions']);

138 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/pdf', [ChapterExportController::class, 'pdf']);

139 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/html', [ChapterExportController::class, 'html']);

140 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/markdown', [ChapterExportController::class, 'markdown']);

141 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/export/plaintext', [ChapterExportController::class, 'plainText']);

142 Route::put('/books/{bookSlug}/chapter/{chapterSlug}/permissions', [ChapterController::class, 'permissions']);

143 Route::get('/books/{bookSlug}/chapter/{chapterSlug}/delete', [ChapterController::class, 'showDelete']);

144 Route::delete('/books/{bookSlug}/chapter/{chapterSlug}', [ChapterController::class, 'destroy']);

145

146 // User Profile routes

147 Route::get('/user/{slug}', [UserProfileController::class, 'show']);

148

149 // Image routes

150 Route::get('/images/gallery', [Images\GalleryImageController::class, 'list']);

151 Route::post('/images/gallery', [Images\GalleryImageController::class, 'create']);

152 Route::get('/images/drawio', [Images\DrawioImageController::class, 'list']);

153 Route::get('/images/drawio/base64/{id}', [Images\DrawioImageController::class, 'getAsBase64']);

154 Route::post('/images/drawio', [Images\DrawioImageController::class, 'create']);

155 Route::get('/images/edit/{id}', [Images\ImageController::class, 'edit']);

156 Route::put('/images/{id}', [Images\ImageController::class, 'update']);

157 Route::delete('/images/{id}', [Images\ImageController::class, 'destroy']);

158

159 // Attachments routes

160 Route::get('/attachments/{id}', [AttachmentController::class, 'get']);

161 Route::post('/attachments/upload', [AttachmentController::class, 'upload']);

162 Route::post('/attachments/upload/{id}', [AttachmentController::class, 'uploadUpdate']);

163 Route::post('/attachments/link', [AttachmentController::class, 'attachLink']);

164 Route::put('/attachments/{id}', [AttachmentController::class, 'update']);

165 Route::get('/attachments/edit/{id}', [AttachmentController::class, 'getUpdateForm']);

166 Route::get('/attachments/get/page/{pageId}', [AttachmentController::class, 'listForPage']);

167 Route::put('/attachments/sort/page/{pageId}', [AttachmentController::class, 'sortForPage']);

168 Route::delete('/attachments/{id}', [AttachmentController::class, 'delete']);

169

170 // AJAX routes

171 Route::put('/ajax/page/{id}/save-draft', [PageController::class, 'saveDraft']);

172 Route::get('/ajax/page/{id}', [PageController::class, 'getPageAjax']);

173 Route::delete('/ajax/page/{id}', [PageController::class, 'ajaxDestroy']);

174

175 // Tag routes

176 Route::get('/tags', [TagController::class, 'index']);

177 Route::get('/ajax/tags/suggest/names', [TagController::class, 'getNameSuggestions']);

178 Route::get('/ajax/tags/suggest/values', [TagController::class, 'getValueSuggestions']);

179

180 Route::get('/ajax/search/entities', [SearchController::class, 'searchEntitiesAjax']);

181

182 // Comments

183 Route::post('/comment/{pageId}', [CommentController::class, 'savePageComment']);

184 Route::put('/comment/{id}', [CommentController::class, 'update']);

185 Route::delete('/comment/{id}', [CommentController::class, 'destroy']);

186

187 // Links

188 Route::get('/link/{id}', [PageController::class, 'redirectFromLink']);

189

190 // Search

191 Route::get('/search', [SearchController::class, 'search']);

192 Route::get('/search/book/{bookId}', [SearchController::class, 'searchBook']);

193 Route::get('/search/chapter/{bookId}', [SearchController::class, 'searchChapter']);

194 Route::get('/search/entity/siblings', [SearchController::class, 'searchSiblings']);

195

196 // User Search

197 Route::get('/search/users/select', [UserSearchController::class, 'forSelect']);

198

199 // Template System

200 Route::get('/templates', [PageTemplateController::class, 'list']);

201 Route::get('/templates/{templateId}', [PageTemplateController::class, 'get']);

202

203 // Favourites

204 Route::get('/favourites', [FavouriteController::class, 'index']);

205 Route::post('/favourites/add', [FavouriteController::class, 'add']);

206 Route::post('/favourites/remove', [FavouriteController::class, 'remove']);

207

208 // Other Pages

209 Route::get('/', [HomeController::class, 'index']);

210 Route::get('/home', [HomeController::class, 'index']);

211

212 // Maintenance

213 Route::get('/settings/maintenance', [MaintenanceController::class, 'index']);

214 Route::delete('/settings/maintenance/cleanup-images', [MaintenanceController::class, 'cleanupImages']);

215 Route::post('/settings/maintenance/send-test-email', [MaintenanceController::class, 'sendTestEmail']);

216

217 // Recycle Bin

218 Route::get('/settings/recycle-bin', [RecycleBinController::class, 'index']);

219 Route::post('/settings/recycle-bin/empty', [RecycleBinController::class, 'empty']);

220 Route::get('/settings/recycle-bin/{id}/destroy', [RecycleBinController::class, 'showDestroy']);

221 Route::delete('/settings/recycle-bin/{id}', [RecycleBinController::class, 'destroy']);

222 Route::get('/settings/recycle-bin/{id}/restore', [RecycleBinController::class, 'showRestore']);

223 Route::post('/settings/recycle-bin/{id}/restore', [RecycleBinController::class, 'restore']);

224

225 // Audit Log

226 Route::get('/settings/audit', [AuditLogController::class, 'index']);

227

228 // Users

229 Route::get('/settings/users', [UserController::class, 'index']);

230 Route::get('/settings/users/create', [UserController::class, 'create']);

231 Route::get('/settings/users/{id}/delete', [UserController::class, 'delete']);

232 Route::patch('/settings/users/{id}/switch-books-view', [UserController::class, 'switchBooksView']);

233 Route::patch('/settings/users/{id}/switch-shelves-view', [UserController::class, 'switchShelvesView']);

234 Route::patch('/settings/users/{id}/switch-shelf-view', [UserController::class, 'switchShelfView']);

235 Route::patch('/settings/users/{id}/change-sort/{type}', [UserController::class, 'changeSort']);

236 Route::patch('/settings/users/{id}/update-expansion-preference/{key}', [UserController::class, 'updateExpansionPreference']);

237 Route::patch('/settings/users/toggle-dark-mode', [UserController::class, 'toggleDarkMode']);

238 Route::post('/settings/users/create', [UserController::class, 'store']);

239 Route::get('/settings/users/{id}', [UserController::class, 'edit']);

240 Route::put('/settings/users/{id}', [UserController::class, 'update']);

241 Route::delete('/settings/users/{id}', [UserController::class, 'destroy']);

242

243 // User API Tokens

244 Route::get('/settings/users/{userId}/create-api-token', [UserApiTokenController::class, 'create']);

245 Route::post('/settings/users/{userId}/create-api-token', [UserApiTokenController::class, 'store']);

246 Route::get('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'edit']);

247 Route::put('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'update']);

248 Route::get('/settings/users/{userId}/api-tokens/{tokenId}/delete', [UserApiTokenController::class, 'delete']);

249 Route::delete('/settings/users/{userId}/api-tokens/{tokenId}', [UserApiTokenController::class, 'destroy']);

250

251 // Roles

252 Route::get('/settings/roles', [RoleController::class, 'index']);

253 Route::get('/settings/roles/new', [RoleController::class, 'create']);

254 Route::post('/settings/roles/new', [RoleController::class, 'store']);

255 Route::get('/settings/roles/delete/{id}', [RoleController::class, 'showDelete']);

256 Route::delete('/settings/roles/delete/{id}', [RoleController::class, 'delete']);

257 Route::get('/settings/roles/{id}', [RoleController::class, 'edit']);

258 Route::put('/settings/roles/{id}', [RoleController::class, 'update']);

259

260 // Webhooks

261 Route::get('/settings/webhooks', [WebhookController::class, 'index']);

262 Route::get('/settings/webhooks/create', [WebhookController::class, 'create']);

263 Route::post('/settings/webhooks/create', [WebhookController::class, 'store']);

264 Route::get('/settings/webhooks/{id}', [WebhookController::class, 'edit']);

265 Route::put('/settings/webhooks/{id}', [WebhookController::class, 'update']);

266 Route::get('/settings/webhooks/{id}/delete', [WebhookController::class, 'delete']);

267 Route::delete('/settings/webhooks/{id}', [WebhookController::class, 'destroy']);

268

269 // Settings

270 Route::get('/settings', [SettingController::class, 'index'])->name('settings');

271 Route::get('/settings/{category}', [SettingController::class, 'category'])->name('settings.category');

272 Route::post('/settings/{category}', [SettingController::class, 'update']);

273 });

274

275 // MFA routes

276 Route::middleware('mfa-setup')->group(function () {

277 Route::get('/mfa/setup', [Auth\MfaController::class, 'setup']);

278 Route::get('/mfa/totp/generate', [Auth\MfaTotpController::class, 'generate']);

279 Route::post('/mfa/totp/confirm', [Auth\MfaTotpController::class, 'confirm']);

280 Route::get('/mfa/backup_codes/generate', [Auth\MfaBackupCodesController::class, 'generate']);

281 Route::post('/mfa/backup_codes/confirm', [Auth\MfaBackupCodesController::class, 'confirm']);

282 });

283 Route::middleware('guest')->group(function () {

284 Route::get('/mfa/verify', [Auth\MfaController::class, 'verify']);

285 Route::post('/mfa/totp/verify', [Auth\MfaTotpController::class, 'verify']);

286 Route::post('/mfa/backup_codes/verify', [Auth\MfaBackupCodesController::class, 'verify']);

287 });

288 Route::delete('/mfa/{method}/remove', [Auth\MfaController::class, 'remove'])->middleware('auth');

289

290 // Social auth routes

291 Route::get('/login/service/{socialDriver}', [Auth\SocialController::class, 'login']);

292 Route::get('/login/service/{socialDriver}/callback', [Auth\SocialController::class, 'callback']);

293 Route::post('/login/service/{socialDriver}/detach', [Auth\SocialController::class, 'detach'])->middleware('auth');

294 Route::get('/register/service/{socialDriver}', [Auth\SocialController::class, 'register']);

295

296 // Login/Logout routes

297 Route::get('/login', [Auth\LoginController::class, 'getLogin']);

298 Route::post('/login', [Auth\LoginController::class, 'login']);

299 Route::post('/logout', [Auth\LoginController::class, 'logout']);

300 Route::get('/register', [Auth\RegisterController::class, 'getRegister']);

301 Route::get('/register/confirm', [Auth\ConfirmEmailController::class, 'show']);

302 Route::get('/register/confirm/awaiting', [Auth\ConfirmEmailController::class, 'showAwaiting']);

303 Route::post('/register/confirm/resend', [Auth\ConfirmEmailController::class, 'resend']);

304 Route::get('/register/confirm/{token}', [Auth\ConfirmEmailController::class, 'confirm']);

305 Route::post('/register', [Auth\RegisterController::class, 'postRegister']);

306

307 // SAML routes

308 Route::post('/saml2/login', [Auth\Saml2Controller::class, 'login']);

309 Route::post('/saml2/logout', [Auth\Saml2Controller::class, 'logout']);

310 Route::get('/saml2/metadata', [Auth\Saml2Controller::class, 'metadata']);

311 Route::get('/saml2/sls', [Auth\Saml2Controller::class, 'sls']);

312 Route::post('/saml2/acs', [Auth\Saml2Controller::class, 'startAcs'])->withoutMiddleware([

313 StartSession::class,

314 ShareErrorsFromSession::class,

315 VerifyCsrfToken::class,

316 ]);

317 Route::get('/saml2/acs', [Auth\Saml2Controller::class, 'processAcs']);

318

319 // OIDC routes

320 Route::post('/oidc/login', [Auth\OidcController::class, 'login']);

321 Route::get('/oidc/callback', [Auth\OidcController::class, 'callback']);

322

323 // User invitation routes

324 Route::get('/register/invite/{token}', [Auth\UserInviteController::class, 'showSetPassword']);

325 Route::post('/register/invite/{token}', [Auth\UserInviteController::class, 'setPassword']);

326

327 // Password reset link request routes

328 Route::get('/password/email', [Auth\ForgotPasswordController::class, 'showLinkRequestForm']);

329 Route::post('/password/email', [Auth\ForgotPasswordController::class, 'sendResetLinkEmail']);

330

331 // Password reset routes

332 Route::get('/password/reset/{token}', [Auth\ResetPasswordController::class, 'showResetForm']);

333 Route::post('/password/reset', [Auth\ResetPasswordController::class, 'reset']);

334

335 // Metadata routes

336 Route::view('/help/wysiwyg', 'help.wysiwyg');

337

338 Route::fallback([HomeController::class, 'notFound'])->name('fallback');