BookStack/routes/api.php

<?php

/**
 * Routes for the BookStack API.
 * Routes have a uri prefix of /api/.
 * Controllers are all within app/Http/Controllers/Api.
 */

use BookStack\Api\ApiDocsController;
use BookStack\Entities\Controllers\BookApiController;
use BookStack\Entities\Controllers\BookExportApiController;
use BookStack\Entities\Controllers\BookshelfApiController;
use BookStack\Entities\Controllers\ChapterApiController;
use BookStack\Entities\Controllers\ChapterExportApiController;
use BookStack\Entities\Controllers\PageApiController;
use BookStack\Entities\Controllers\PageExportApiController;
use BookStack\Entities\Controllers\RecycleBinApiController;
use BookStack\Permissions\ContentPermissionApiController;
use BookStack\Search\SearchApiController;
use BookStack\Uploads\Controllers\AttachmentApiController;
use BookStack\Uploads\Controllers\ImageGalleryApiController;
use BookStack\Users\Controllers\RoleApiController;
use BookStack\Users\Controllers\UserApiController;
use Illuminate\Support\Facades\Route;

Route::get('docs.json', [ApiDocsController::class, 'json']);

Route::get('attachments', [AttachmentApiController::class, 'list']);
Route::post('attachments', [AttachmentApiController::class, 'create']);
Route::get('attachments/{id}', [AttachmentApiController::class, 'read']);
Route::put('attachments/{id}', [AttachmentApiController::class, 'update']);
Route::delete('attachments/{id}', [AttachmentApiController::class, 'delete']);

Route::get('books', [BookApiController::class, 'list']);
Route::post('books', [BookApiController::class, 'create']);
Route::get('books/{id}', [BookApiController::class, 'read']);
Route::put('books/{id}', [BookApiController::class, 'update']);
Route::delete('books/{id}', [BookApiController::class, 'delete']);

Route::get('books/{id}/export/html', [BookExportApiController::class, 'exportHtml']);
Route::get('books/{id}/export/pdf', [BookExportApiController::class, 'exportPdf']);
Route::get('books/{id}/export/plaintext', [BookExportApiController::class, 'exportPlainText']);
Route::get('books/{id}/export/markdown', [BookExportApiController::class, 'exportMarkdown']);

Route::get('chapters', [ChapterApiController::class, 'list']);
Route::post('chapters', [ChapterApiController::class, 'create']);
Route::get('chapters/{id}', [ChapterApiController::class, 'read']);
Route::put('chapters/{id}', [ChapterApiController::class, 'update']);
Route::delete('chapters/{id}', [ChapterApiController::class, 'delete']);

Route::get('chapters/{id}/export/html', [ChapterExportApiController::class, 'exportHtml']);
Route::get('chapters/{id}/export/pdf', [ChapterExportApiController::class, 'exportPdf']);
Route::get('chapters/{id}/export/plaintext', [ChapterExportApiController::class, 'exportPlainText']);
Route::get('chapters/{id}/export/markdown', [ChapterExportApiController::class, 'exportMarkdown']);

Route::get('pages', [PageApiController::class, 'list']);
Route::post('pages', [PageApiController::class, 'create']);
Route::get('pages/{id}', [PageApiController::class, 'read']);
Route::put('pages/{id}', [PageApiController::class, 'update']);
Route::delete('pages/{id}', [PageApiController::class, 'delete']);

Route::get('pages/{id}/export/html', [PageExportApiController::class, 'exportHtml']);
Route::get('pages/{id}/export/pdf', [PageExportApiController::class, 'exportPdf']);
Route::get('pages/{id}/export/plaintext', [PageExportApiController::class, 'exportPlainText']);
Route::get('pages/{id}/export/markdown', [PageExportApiController::class, 'exportMarkdown']);

Route::get('image-gallery', [ImageGalleryApiController::class, 'list']);
Route::post('image-gallery', [ImageGalleryApiController::class, 'create']);
Route::get('image-gallery/{id}', [ImageGalleryApiController::class, 'read']);
Route::put('image-gallery/{id}', [ImageGalleryApiController::class, 'update']);
Route::delete('image-gallery/{id}', [ImageGalleryApiController::class, 'delete']);

Route::get('search', [SearchApiController::class, 'all']);

Route::get('shelves', [BookshelfApiController::class, 'list']);
Route::post('shelves', [BookshelfApiController::class, 'create']);
Route::get('shelves/{id}', [BookshelfApiController::class, 'read']);
Route::put('shelves/{id}', [BookshelfApiController::class, 'update']);
Route::delete('shelves/{id}', [BookshelfApiController::class, 'delete']);

Route::get('users', [UserApiController::class, 'list']);
Route::post('users', [UserApiController::class, 'create']);
Route::get('users/{id}', [UserApiController::class, 'read']);
Route::put('users/{id}', [UserApiController::class, 'update']);
Route::delete('users/{id}', [UserApiController::class, 'delete']);

Route::get('roles', [RoleApiController::class, 'list']);
Route::post('roles', [RoleApiController::class, 'create']);
Route::get('roles/{id}', [RoleApiController::class, 'read']);
Route::put('roles/{id}', [RoleApiController::class, 'update']);
Route::delete('roles/{id}', [RoleApiController::class, 'delete']);

Route::get('recycle-bin', [RecycleBinApiController::class, 'list']);
Route::put('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'restore']);
Route::delete('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'destroy']);

Route::get('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'read']);
Route::put('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'update']);
Started core API route work 2019-12-28 14:58:07 +00:00			`<?php`

Added and ran PHPCS 2022-09-18 00:25:20 +00:00			`/**`
			`* Routes for the BookStack API.`
			`* Routes have a uri prefix of /api/.`
			`* Controllers are all within app/Http/Controllers/Api.`
			`*/`

Played around with a new app structure 2023-05-17 16:56:55 +00:00			`use BookStack\Api\ApiDocsController;`
			`use BookStack\Entities\Controllers\BookApiController;`
			`use BookStack\Entities\Controllers\BookExportApiController;`
			`use BookStack\Entities\Controllers\BookshelfApiController;`
			`use BookStack\Entities\Controllers\ChapterApiController;`
			`use BookStack\Entities\Controllers\ChapterExportApiController;`
			`use BookStack\Entities\Controllers\PageApiController;`
			`use BookStack\Entities\Controllers\PageExportApiController;`
			`use BookStack\Entities\Controllers\RecycleBinApiController;`
			`use BookStack\Permissions\ContentPermissionApiController;`
			`use BookStack\Search\SearchApiController;`
			`use BookStack\Uploads\Controllers\AttachmentApiController;`
			`use BookStack\Uploads\Controllers\ImageGalleryApiController;`
			`use BookStack\Users\Controllers\RoleApiController;`
			`use BookStack\Users\Controllers\UserApiController;`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-30 20:29:59 +00:00			`use Illuminate\Support\Facades\Route;`

			`Route::get('docs.json', [ApiDocsController::class, 'json']);`

			`Route::get('attachments', [AttachmentApiController::class, 'list']);`
			`Route::post('attachments', [AttachmentApiController::class, 'create']);`
			`Route::get('attachments/{id}', [AttachmentApiController::class, 'read']);`
			`Route::put('attachments/{id}', [AttachmentApiController::class, 'update']);`
			`Route::delete('attachments/{id}', [AttachmentApiController::class, 'delete']);`

			`Route::get('books', [BookApiController::class, 'list']);`
			`Route::post('books', [BookApiController::class, 'create']);`
			`Route::get('books/{id}', [BookApiController::class, 'read']);`
			`Route::put('books/{id}', [BookApiController::class, 'update']);`
			`Route::delete('books/{id}', [BookApiController::class, 'delete']);`

			`Route::get('books/{id}/export/html', [BookExportApiController::class, 'exportHtml']);`
			`Route::get('books/{id}/export/pdf', [BookExportApiController::class, 'exportPdf']);`
			`Route::get('books/{id}/export/plaintext', [BookExportApiController::class, 'exportPlainText']);`
			`Route::get('books/{id}/export/markdown', [BookExportApiController::class, 'exportMarkdown']);`

			`Route::get('chapters', [ChapterApiController::class, 'list']);`
			`Route::post('chapters', [ChapterApiController::class, 'create']);`
			`Route::get('chapters/{id}', [ChapterApiController::class, 'read']);`
			`Route::put('chapters/{id}', [ChapterApiController::class, 'update']);`
			`Route::delete('chapters/{id}', [ChapterApiController::class, 'delete']);`

			`Route::get('chapters/{id}/export/html', [ChapterExportApiController::class, 'exportHtml']);`
			`Route::get('chapters/{id}/export/pdf', [ChapterExportApiController::class, 'exportPdf']);`
			`Route::get('chapters/{id}/export/plaintext', [ChapterExportApiController::class, 'exportPlainText']);`
			`Route::get('chapters/{id}/export/markdown', [ChapterExportApiController::class, 'exportMarkdown']);`

			`Route::get('pages', [PageApiController::class, 'list']);`
			`Route::post('pages', [PageApiController::class, 'create']);`
			`Route::get('pages/{id}', [PageApiController::class, 'read']);`
			`Route::put('pages/{id}', [PageApiController::class, 'update']);`
			`Route::delete('pages/{id}', [PageApiController::class, 'delete']);`

			`Route::get('pages/{id}/export/html', [PageExportApiController::class, 'exportHtml']);`
			`Route::get('pages/{id}/export/pdf', [PageExportApiController::class, 'exportPdf']);`
			`Route::get('pages/{id}/export/plaintext', [PageExportApiController::class, 'exportPlainText']);`
Added role API responses & requests Also applied other slight tweaks and comment updates based upon manual endpoint testing. 2023-02-19 15:58:29 +00:00			`Route::get('pages/{id}/export/markdown', [PageExportApiController::class, 'exportMarkdown']);`
Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-30 20:29:59 +00:00
Started Image API build 2023-03-14 12:19:19 +00:00			`Route::get('image-gallery', [ImageGalleryApiController::class, 'list']);`
			`Route::post('image-gallery', [ImageGalleryApiController::class, 'create']);`
			`Route::get('image-gallery/{id}', [ImageGalleryApiController::class, 'read']);`
			`Route::put('image-gallery/{id}', [ImageGalleryApiController::class, 'update']);`
			`Route::delete('image-gallery/{id}', [ImageGalleryApiController::class, 'delete']);`

Added API search endpoint Is a little awkward, emulates a 'list' API endpoint but has unstable paging and does not support filters/sort. This is detailed on the endpoint though. Made some updates to the docs system to better support parameters and examples on GET requests. Includes tests to cover. For #909 2021-11-14 16:28:01 +00:00			`Route::get('search', [SearchApiController::class, 'all']);`

Laravel 8 shift squash & merge (#3029) * Temporarily moved back config path * Apply Laravel coding style * Shift exception handler * Shift HTTP kernel and middleware * Shift service providers * Convert options array to fluent methods * Shift to class based routes * Shift console routes * Ignore temporary framework files * Shift to class based factories * Namespace seeders * Shift PSR-4 autoloading * Shift config files * Default config files * Shift Laravel dependencies * Shift return type of base TestCase methods * Shift cleanup * Applied stylci style changes * Reverted config files location * Applied manual changes to Laravel 8 shift Co-authored-by: Shift <shift@laravelshift.com> 2021-10-30 20:29:59 +00:00			`Route::get('shelves', [BookshelfApiController::class, 'list']);`
			`Route::post('shelves', [BookshelfApiController::class, 'create']);`
			`Route::get('shelves/{id}', [BookshelfApiController::class, 'read']);`
			`Route::put('shelves/{id}', [BookshelfApiController::class, 'update']);`
			`Route::delete('shelves/{id}', [BookshelfApiController::class, 'delete']);`
Test API Endpoint for users 2021-05-05 11:46:14 +00:00
Refactored existing user API work - Updated routes to use new format. - Changed how hidden fields are exposed to be more flexible to different use-cases. - Updated properties available on read/list results. - Started adding testing coverage. - Removed old unused UserRepo 'getAllUsers' function. Related to #2701, Progression of #2734 2022-02-03 12:33:26 +00:00			`Route::get('users', [UserApiController::class, 'list']);`
Added user-create API endpoint - Required extracting logic into repo. - Changed some existing creation paths to standardise behaviour. - Added test to cover new endpoint. - Added extra test for user delete to test migration. - Changed how permission errors are thrown to ensure the right status code can be reported when handled in API. 2022-02-04 00:26:19 +00:00			`Route::post('users', [UserApiController::class, 'create']);`
Added users-delete API endpoint - Refactored some delete checks into repo. - Added tests to cover. - Moved some translations to align with activity/logging system. 2022-02-03 15:12:50 +00:00			`Route::get('users/{id}', [UserApiController::class, 'read']);`
Added user-update API endpoint - Required changing the docs generator to handle more complex object-style rules. Bit of a hack for some types (password). - Extracted core update logic to repo for sharing with API. - Moved user update language string to align with activity/logging system. - Added tests to cover. 2022-02-03 16:52:28 +00:00			`Route::put('users/{id}', [UserApiController::class, 'update']);`
Updated with latest styleci changes 2022-02-08 15:29:58 +00:00			`Route::delete('users/{id}', [UserApiController::class, 'delete']);`
Start recycle bin API endpoints: list, restore, delete 2022-04-06 20:57:18 +00:00
Aded roles API controller methods Altered & updated permissions repo, and existing connected RoleController to suit. Also extracts in-app success notifications to auto activity system. Tweaked tests where required. 2023-02-18 18:36:34 +00:00			`Route::get('roles', [RoleApiController::class, 'list']);`
			`Route::post('roles', [RoleApiController::class, 'create']);`
			`Route::get('roles/{id}', [RoleApiController::class, 'read']);`
			`Route::put('roles/{id}', [RoleApiController::class, 'update']);`
			`Route::delete('roles/{id}', [RoleApiController::class, 'delete']);`

Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing. 2022-04-25 16:54:59 +00:00			`Route::get('recycle-bin', [RecycleBinApiController::class, 'list']);`
			`Route::put('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'restore']);`
			`Route::delete('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'destroy']);`
Started build of content-permissions API endpoints 2023-03-13 13:18:33 +00:00
Started Image API build 2023-03-14 12:19:19 +00:00			`Route::get('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'read']);`
			`Route::put('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'update']);`