web.php

<?php

use App\Features\ShowAuthButtons;
use App\Features\ShowPlugins;
use App\Http\Controllers\ApplinksController;
use App\Http\Controllers\Auth\CustomerAuthController;
use App\Http\Controllers\Auth\EmailVerificationController;
use App\Http\Controllers\BundleController;
use App\Http\Controllers\CartController;
use App\Http\Controllers\CustomerLicenseController;
use App\Http\Controllers\CustomerSubLicenseController;
use App\Http\Controllers\DeveloperOnboardingController;
use App\Http\Controllers\DiscordIntegrationController;
use App\Http\Controllers\GitHubAuthController;
use App\Http\Controllers\GitHubIntegrationController;
use App\Http\Controllers\LicenseRenewalController;
use App\Http\Controllers\NotificationUnsubscribeController;
use App\Http\Controllers\OpenCollectiveWebhookController;
use App\Http\Controllers\PluginDirectoryController;
use App\Http\Controllers\PluginWebhookController;
use App\Http\Controllers\ProductController;
use App\Http\Controllers\ShowBlogController;
use App\Http\Controllers\ShowcaseController;
use App\Http\Controllers\ShowDocumentationController;
use App\Http\Controllers\SupportTicketAttachmentController;
use App\Http\Controllers\TeamController;
use App\Http\Controllers\TeamUserController;
use App\Http\Controllers\UltraController;
use App\Livewire\ClaimDonationLicense;
use App\Livewire\Customer\Course\LessonShow;
use App\Livewire\Customer\Dashboard;
use App\Livewire\Customer\Developer\Onboarding;
use App\Livewire\Customer\Integrations;
use App\Livewire\Customer\Licenses\Index;
use App\Livewire\Customer\Licenses\Show;
use App\Livewire\Customer\Notifications;
use App\Livewire\Customer\Settings;
use App\Livewire\Customer\Showcase\Edit;
use App\Livewire\Customer\WallOfLove\Create;
use App\Livewire\LicenseRenewalSuccess;
use App\Livewire\OrderSuccess;
use App\Livewire\PluginDirectory;
use App\Models\Course;
use App\Models\Product;
use App\Services\CartService;
use Illuminate\Http\Request;
use Illuminate\Routing\Exceptions\UrlGenerationException;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Str;
use Laravel\Pennant\Middleware\EnsureFeaturesAreActive;

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/

Route::redirect('newsletter', 'https://simonhamp.mailcoach.app/nativephp');
Route::redirect('phpverse-2025', 'https://lp.jetbrains.com/phpverse-2025');
Route::redirect('docs/1/getting-started/sponsoring', '/sponsor');
Route::redirect('docs/desktop/1/getting-started/sponsoring', '/sponsor');
Route::redirect('discord', 'https://discord.gg/nativephp');
Route::redirect('bifrost', 'https://bifrost.nativephp.com');
Route::redirect('jump', '/docs/mobile/the-basics/jump');
Route::redirect('mobile', 'blog/nativephp-for-mobile-is-now-free');
Route::redirect('ios', 'blog/nativephp-for-mobile-is-now-free');
Route::redirect('t-shirt', 'blog/nativephp-for-mobile-is-now-free');
Route::redirect('tshirt', 'blog/nativephp-for-mobile-is-now-free');

// Redirect mobile v3 core plugin docs to plugin directory pages
Route::get('docs/mobile/3/plugins/core/{page}', function (string $page) {
    return redirect("/plugins/nativephp/mobile-{$page}", 301);
})->where('page', '[a-z-]+');

// Redirect old mobile v3 API docs to plugin directory pages
Route::get('docs/mobile/3/apis/{page}', function (string $page) {
    return redirect("/plugins/nativephp/mobile-{$page}", 301);
})->where('page', '[a-z-]+');

// Webhook routes (must be outside web middleware for CSRF bypass)
Route::post('opencollective/contribution', [OpenCollectiveWebhookController::class, 'handle'])->name('opencollective.webhook');

// OpenCollective donation claim route
Route::get('opencollective/claim', ClaimDonationLicense::class)->name('opencollective.claim');

Route::view('/', 'welcome')->name('welcome');
Route::view('ultra', 'pricing')->name('pricing');
Route::view('alt-pricing', 'alt-pricing')->name('alt-pricing')->middleware('signed');
Route::get('course', function () {
    $user = auth()->user();
    $product = Product::where('slug', 'nativephp-masterclass')->first();
    $alreadyOwned = $user && $product && $product->isOwnedBy($user);

    $course = Course::where('is_published', true)
        ->with(['modules' => function ($query) {
            $query->where('is_published', true)->orderBy('sort_order')->withCount('lessons');
        }])
        ->first();

    $priceIncreaseAt = config('services.stripe.course_price_increase_at');
    $priceIncreased = now()->gte($priceIncreaseAt);

    return view('course', [
        'alreadyOwned' => $alreadyOwned,
        'course' => $course,
        'priceIncreaseAt' => $priceIncreaseAt,
        'priceIncreased' => $priceIncreased,
        'currentPrice' => $priceIncreased ? 299 : 199,
    ]);
})->name('course');

Route::post('course/checkout', function (Request $request) {
    $user = $request->user();

    if (! $user) {
        session(['url.intended' => route('course', ['checkout' => 1])]);

        return to_route('customer.login')
            ->with('message', 'Please log in or create an account to complete your purchase.');
    }

    $product = Product::where('slug', 'nativephp-masterclass')->firstOrFail();

    if ($product->isOwnedBy($user)) {
        return to_route('course')->with('error', 'You already own this course.');
    }

    $priceIncreased = now()->gte(config('services.stripe.course_price_increase_at'));
    $priceId = $priceIncreased
        ? config('services.stripe.course_price_id_299')
        : config('services.stripe.course_price_id_199');

    if (! $priceId) {
        return to_route('course')->with('error', 'Course checkout is not configured yet.');
    }

    $user->createOrGetStripeCustomer();

    $cartService = resolve(CartService::class);
    $cart = $cartService->getCart($user);
    $cartService->addProduct($cart, $product);

    $metadata = ['cart_id' => (string) $cart->id];

    return $user->checkout([$priceId => 1], [
        'success_url' => route('cart.success').'?session_id={CHECKOUT_SESSION_ID}',
        'cancel_url' => route('course'),
        'metadata' => $metadata,
        'allow_promotion_codes' => true,
        'billing_address_collection' => 'required',
        'tax_id_collection' => ['enabled' => true],
        'invoice_creation' => [
            'enabled' => true,
            'invoice_data' => [
                'description' => 'NativePHP Masterclass Purchase',
                'metadata' => $metadata,
            ],
        ],
    ]);
})->name('course.checkout');

Route::view('wall-of-love', 'wall-of-love')->name('wall-of-love');
Route::view('brand', 'brand')->name('brand');
Route::get('showcase/{platform?}', [ShowcaseController::class, 'index'])
    ->where('platform', 'mobile|desktop')
    ->name('showcase');
Route::view('laracon-us-2025-giveaway', 'laracon-us-2025-giveaway')->name('laracon-us-2025-giveaway');
Route::view('privacy-policy', 'privacy-policy')->name('privacy-policy');
Route::view('terms-of-service', 'terms-of-service')->name('terms-of-service');
Route::view('developer-terms', 'developer-terms')->name('developer-terms');
Route::view('partners', 'partners')->name('partners');
Route::view('build-my-app', 'build-my-app')->name('build-my-app');
Route::view('consulting', 'consulting')->name('consulting');
Route::view('the-vibes', 'the-vibes')->name('the-vibes');
Route::view('the-vibes-prospectus', 'the-vibes-prospectus')->name('the-vibes-prospectus');

// Public plugin directory routes
Route::middleware(EnsureFeaturesAreActive::using(ShowPlugins::class))->group(function (): void {
    Route::get('plugins', [PluginDirectoryController::class, 'index'])->name('plugins');
    Route::get('plugins/marketplace', PluginDirectory::class)->name('plugins.marketplace');
    Route::get('plugins/{vendor}/{package}', [PluginDirectoryController::class, 'show'])->name('plugins.show');
    Route::get('plugins/{vendor}/{package}/license', [PluginDirectoryController::class, 'license'])->name('plugins.license');
});

Route::view('sponsor', 'sponsoring')->name('sponsoring');
Route::view('vs-react-native-expo', 'vs-react-native-expo')->name('vs-react-native-expo');
Route::view('vs-flutter', 'vs-flutter')->name('vs-flutter');

Route::get('blog', [ShowBlogController::class, 'index'])->name('blog');
Route::get('blog/{article}', [ShowBlogController::class, 'show'])->name('article');

Route::get('docs/{platform}/{version}/{page}.md', [ShowDocumentationController::class, 'serveRawMarkdown'])
    ->where('page', '(.*)')
    ->where('platform', '[a-z]+')
    ->where('version', '[0-9]+')
    ->name('docs.raw');

Route::get('docs/{platform}/{version}/{page?}', ShowDocumentationController::class)
    ->where('page', '(.*)')
    ->where('platform', '[a-z]+')
    ->where('version', '[0-9]+')
    ->name('docs.show');

// Forward platform requests without version to the latest version
Route::get('docs/{platform}/{page?}', function (string $platform, $page = null) {
    $page ??= 'getting-started/introduction';

    // Find the latest version for this platform
    $docsPath = resource_path('views/docs/'.$platform);

    if (! is_dir($docsPath)) {
        abort(404);
    }

    $versions = collect(scandir($docsPath))
        ->filter(fn ($dir) => is_numeric($dir))
        ->sort()
        ->values();

    $latestVersion = $versions->last() ?? '1';

    return redirect("/docs/{$platform}/{$latestVersion}/{$page}", 301);
})
    ->where('platform', 'desktop|mobile')
    ->where('page', '.*')
    ->name('docs.latest');

// Docs platform chooser
Route::view('docs', 'docs.chooser')->name('docs');

// Forward unversioned requests to the latest version
Route::get('docs/{page}', function (string $page) {
    $version = session('viewing_docs_version', '1');
    $platform = session('viewing_docs_platform', 'mobile');

    $referer = request()->header('referer');

    // If coming from elsewhere in the docs, match the current version being viewed
    if (
        parse_url($referer, PHP_URL_HOST) === parse_url(url('/'), PHP_URL_HOST)
        && str($referer)->contains('/docs/')
    ) {
        $path = Str::after($referer, url('/docs/'));
        $path = ltrim($path, '/');
        $segments = explode('/', $path);

        if (count($segments) >= 2 && in_array($segments[0], ['desktop', 'mobile']) && is_numeric($segments[1])) {
            $platform = $segments[0];
            $version = $segments[1];
        }
    }

    try {
        return to_route('docs.show', [
            'platform' => $platform,
            'version' => $version,
            'page' => $page,
        ]);
    } catch (UrlGenerationException) {
        return to_route('docs.show', [
            'platform' => $platform,
            'version' => $version,
            'page' => 'introduction',
        ]);
    }
})->name('docs.unversioned')->where('page', '.*');

Route::get('order/{checkoutSessionId}', OrderSuccess::class)->name('order.success');

// License renewal routes (public success page)
Route::get('license/{license:key}/renewal/success', LicenseRenewalSuccess::class)->name('license.renewal.success');

// Customer authentication routes
Route::middleware(['guest'])->group(function (): void {
    Route::get('login', [CustomerAuthController::class, 'showLogin'])->name('customer.login');
    Route::post('login', [CustomerAuthController::class, 'login']);

    Route::get('register', [CustomerAuthController::class, 'showRegister'])->name('customer.register');
    Route::post('register', [CustomerAuthController::class, 'register'])->middleware('throttle:5,1');

    Route::get('forgot-password', [CustomerAuthController::class, 'showForgotPassword'])->name('password.request');
    Route::post('forgot-password', [CustomerAuthController::class, 'sendPasswordResetLink'])->name('password.email');

    Route::get('reset-password/{token}', [CustomerAuthController::class, 'showResetPassword'])->name('password.reset');
    Route::post('reset-password', [CustomerAuthController::class, 'resetPassword'])->name('password.update');

    Route::get('auth/github/login', [GitHubAuthController::class, 'redirect'])->name('login.github');
});

// Email verification routes
Route::middleware('auth')->group(function (): void {
    Route::get('email/verify', [EmailVerificationController::class, 'notice'])->name('verification.notice');
    Route::get('email/verify/{id}/{hash}', [EmailVerificationController::class, 'verify'])->middleware(['signed', 'throttle:6,1'])->name('verification.verify');
    Route::post('email/verification-notification', [EmailVerificationController::class, 'resend'])->middleware('throttle:6,1')->name('verification.send');
});

Route::post('logout', [CustomerAuthController::class, 'logout'])
    ->middleware(EnsureFeaturesAreActive::using(ShowAuthButtons::class))
    ->name('customer.logout');

// GitHub OAuth callback (no auth required - handles both login and linking)
Route::get('auth/github/callback', [GitHubIntegrationController::class, 'handleCallback'])->name('github.callback');

// GitHub OAuth routes (auth required)
Route::middleware(['auth', EnsureFeaturesAreActive::using(ShowAuthButtons::class)])->group(function (): void {
    Route::get('auth/github', [GitHubIntegrationController::class, 'redirectToGitHub'])->name('github.redirect');
    Route::post('dashboard/github/request-access', [GitHubIntegrationController::class, 'requestRepoAccess'])->name('github.request-access');
    Route::post('dashboard/github/request-claude-plugins-access', [GitHubIntegrationController::class, 'requestClaudePluginsAccess'])->name('github.request-claude-plugins-access');
    Route::delete('dashboard/github/disconnect', [GitHubIntegrationController::class, 'disconnect'])->name('github.disconnect');
    Route::get('dashboard/github/repositories', [GitHubIntegrationController::class, 'repositories'])->name('github.repositories');
});

// Discord OAuth routes
Route::middleware(['auth', EnsureFeaturesAreActive::using(ShowAuthButtons::class)])->group(function (): void {
    Route::get('auth/discord', [DiscordIntegrationController::class, 'redirectToDiscord'])->name('discord.redirect');
    Route::get('auth/discord/callback', [DiscordIntegrationController::class, 'handleCallback'])->name('discord.callback');
    Route::delete('dashboard/discord/disconnect', [DiscordIntegrationController::class, 'disconnect'])->name('discord.disconnect');
});

Route::get('callback', function (Request $request) {
    $url = $request->query('url');

    if ($url && ! str_starts_with($url, 'http')) {
        return redirect()->away($url.'?token='.uuid_create());
    }

    return response('Goodbye');
})->name('callback');

// Team invitation acceptance (public route - no auth required)
Route::get('team/invitation/{token}', [TeamUserController::class, 'accept'])->name('team.invitation.accept');

// Dashboard route
Route::middleware(['auth', EnsureFeaturesAreActive::using(ShowAuthButtons::class)])->group(function (): void {
    Route::livewire('dashboard', Dashboard::class)->name('dashboard');
});

// Customer license management routes
Route::middleware(['auth', EnsureFeaturesAreActive::using(ShowAuthButtons::class)])->prefix('dashboard')->group(function (): void {
    // License renewal routes (no customer. prefix to preserve route names)
    Route::get('license/{license}/renewal', [LicenseRenewalController::class, 'show'])->name('license.renewal');
    Route::post('license/{license}/renewal/checkout', [LicenseRenewalController::class, 'createCheckoutSession'])->name('license.renewal.checkout');
});

Route::middleware(['auth', EnsureFeaturesAreActive::using(ShowAuthButtons::class)])->prefix('dashboard')->name('customer.')->group(function (): void {
    // Settings page
    Route::livewire('settings', Settings::class)->name('settings');

    // Notifications page
    Route::livewire('notifications', Notifications::class)->name('notifications');

    // License list page
    Route::livewire('licenses', Index::class)->name('licenses.list');
    Route::livewire('integrations', Integrations::class)->name('integrations');

    // Purchased plugins page (requires ShowPlugins feature)
    Route::middleware(EnsureFeaturesAreActive::using(ShowPlugins::class))->group(function (): void {
        Route::livewire('purchased-plugins', App\Livewire\Customer\PurchasedPlugins\Index::class)->name('purchased-plugins.index');
    });

    // Purchase history page
    Route::livewire('purchase-history', App\Livewire\Customer\PurchaseHistory\Index::class)->name('purchase-history.index');

    // Support tickets
    Route::livewire('support/tickets', App\Livewire\Customer\Support\Index::class)->name('support.tickets');
    Route::livewire('support/tickets/create', App\Livewire\Customer\Support\Create::class)->name('support.tickets.create');
    Route::livewire('support/tickets/{supportTicket}', App\Livewire\Customer\Support\Show::class)->name('support.tickets.show');
    Route::get('support/tickets/{supportTicket}/attachments/{index}', [SupportTicketAttachmentController::class, 'downloadTicketAttachment'])->name('support.tickets.attachment');
    Route::get('support/tickets/{supportTicket}/replies/{reply}/attachments/{index}', [SupportTicketAttachmentController::class, 'downloadReplyAttachment'])->name('support.tickets.reply.attachment');

    Route::livewire('licenses/{licenseKey}', Show::class)->name('licenses.show');
    Route::patch('licenses/{licenseKey}', [CustomerLicenseController::class, 'update'])->name('licenses.update');
    Route::post('plugin-license-key/rotate', [CustomerLicenseController::class, 'rotatePluginLicenseKey'])->name('plugin-license-key.rotate');
    Route::post('claim-free-plugins', [CustomerLicenseController::class, 'claimFreePlugins'])->name('claim-free-plugins');

    // Course
    Route::livewire('course', App\Livewire\Customer\Course\Index::class)->name('course.index');
    Route::livewire('course/lessons/{lesson:slug}', LessonShow::class)->name('course.lesson');

    // Wall of Love submission
    Route::livewire('wall-of-love/create', Create::class)->name('wall-of-love.create');
    Route::livewire('wall-of-love/{wallOfLoveSubmission}/edit', App\Livewire\Customer\WallOfLove\Edit::class)->name('wall-of-love.edit');

    // Showcase submissions
    Route::livewire('showcase', App\Livewire\Customer\Showcase\Index::class)->name('showcase.index');
    Route::livewire('showcase/create', App\Livewire\Customer\Showcase\Create::class)->name('showcase.create');
    Route::livewire('showcase/{showcase}/edit', Edit::class)->name('showcase.edit');

    // Billing portal
    Route::get('billing-portal', function (Request $request) {
        $user = $request->user();

        // Check if user exists in Stripe, create if they don't
        if (! $user->hasStripeId()) {
            $user->createAsStripeCustomer();
        }

        return $user->redirectToBillingPortal(route('dashboard'));
    })->name('billing-portal');

    // Ultra benefits page
    Route::get('ultra', [UltraController::class, 'index'])->name('ultra.index');

    // Team management routes
    Route::get('team', [TeamController::class, 'index'])->name('team.index');
    Route::post('team', [TeamController::class, 'store'])->name('team.store');
    Route::patch('team', [TeamController::class, 'update'])->name('team.update');
    Route::post('team/invite', [TeamUserController::class, 'invite'])->name('team.invite');
    Route::delete('team/users/{teamUser}', [TeamUserController::class, 'remove'])->name('team.users.remove');
    Route::post('team/users/{teamUser}/resend', [TeamUserController::class, 'resend'])->name('team.users.resend');
    Route::get('team/{team}', [TeamController::class, 'show'])->name('team.show');

    // Sub-license management routes
    Route::post('licenses/{licenseKey}/sub-licenses', [CustomerSubLicenseController::class, 'store'])->name('licenses.sub-licenses.store');
    Route::patch('licenses/{licenseKey}/sub-licenses/{subLicense}', [CustomerSubLicenseController::class, 'update'])->name('licenses.sub-licenses.update');
    Route::delete('licenses/{licenseKey}/sub-licenses/{subLicense}', [CustomerSubLicenseController::class, 'destroy'])->name('licenses.sub-licenses.destroy');
    Route::patch('licenses/{licenseKey}/sub-licenses/{subLicense}/suspend', [CustomerSubLicenseController::class, 'suspend'])->name('licenses.sub-licenses.suspend');
    Route::post('licenses/{licenseKey}/sub-licenses/{subLicense}/send-email', [CustomerSubLicenseController::class, 'sendEmail'])->name('licenses.sub-licenses.send-email');
});

// Notification unsubscribe/resubscribe (signed URLs, no auth required)
Route::middleware('signed')->group(function (): void {
    Route::get('notifications/unsubscribe/{user}', [NotificationUnsubscribeController::class, 'unsubscribe'])->name('notifications.unsubscribe');
    Route::get('notifications/resubscribe/{user}', [NotificationUnsubscribeController::class, 'resubscribe'])->name('notifications.resubscribe');
});

Route::get('.well-known/assetlinks.json', [ApplinksController::class, 'assetLinks']);

Route::post('webhooks/plugins/{secret}', PluginWebhookController::class)->name('webhooks.plugins');

// Bundle routes (public)
Route::middleware(EnsureFeaturesAreActive::using(ShowPlugins::class))->group(function (): void {
    Route::get('bundles/{bundle:slug}', [BundleController::class, 'show'])->name('bundles.show');
});

// Product routes (public)
Route::middleware(EnsureFeaturesAreActive::using(ShowPlugins::class))->group(function (): void {
    Route::get('products/{product:slug}', [ProductController::class, 'show'])->name('products.show');
});

// Cart routes (public - allows guest cart)
Route::middleware(EnsureFeaturesAreActive::using(ShowPlugins::class))->group(function (): void {
    Route::get('cart', [CartController::class, 'show'])->name('cart.show');
    Route::post('cart/add/{vendor}/{package}', [CartController::class, 'add'])->name('cart.add');
    Route::delete('cart/remove/{vendor}/{package}', [CartController::class, 'remove'])->name('cart.remove');
    Route::post('cart/bundle/{bundle:slug}', [CartController::class, 'addBundle'])->name('cart.bundle.add');
    Route::post('cart/bundle/{bundle:slug}/exchange', [CartController::class, 'exchangeForBundle'])->name('cart.bundle.exchange');
    Route::delete('cart/bundle/{bundle:slug}', [CartController::class, 'removeBundle'])->name('cart.bundle.remove');
    Route::post('cart/product/{product:slug}', [CartController::class, 'addProduct'])->name('cart.product.add');
    Route::delete('cart/product/{product:slug}', [CartController::class, 'removeProduct'])->name('cart.product.remove');
    Route::delete('cart/clear', [CartController::class, 'clear'])->name('cart.clear');
    Route::get('cart/count', [CartController::class, 'count'])->name('cart.count');
    Route::match(['get', 'post'], 'cart/checkout', [CartController::class, 'checkout'])->name('cart.checkout');
    Route::get('cart/success', [CartController::class, 'success'])->name('cart.success')->middleware('auth');
    Route::get('cart/status/{sessionId}', [CartController::class, 'status'])->name('cart.status')->middleware('auth');
    Route::get('cart/cancel', [CartController::class, 'cancel'])->name('cart.cancel');
});

// Support (public hub page)
Route::get('support', fn () => view('support.index'))->name('support.index');

// Developer routes
Route::middleware(['auth', EnsureFeaturesAreActive::using(ShowAuthButtons::class), EnsureFeaturesAreActive::using(ShowPlugins::class)])->prefix('dashboard/developer')->group(function (): void {
    Route::name('customer.developer.')->group(function (): void {
        Route::livewire('/', App\Livewire\Customer\Developer\Dashboard::class)->name('dashboard');
        Route::livewire('onboarding', Onboarding::class)->name('onboarding');
        Route::post('onboarding/start', [DeveloperOnboardingController::class, 'start'])->name('onboarding.start');
        Route::get('onboarding/return', [DeveloperOnboardingController::class, 'return'])->name('onboarding.return');
        Route::get('onboarding/refresh', [DeveloperOnboardingController::class, 'refresh'])->name('onboarding.refresh');
        Route::livewire('settings', App\Livewire\Customer\Developer\Settings::class)->name('settings');
    });

    // Plugin management (keeps customer.plugins.* route names)
    Route::name('customer.')->group(function (): void {
        Route::livewire('plugins', App\Livewire\Customer\Plugins\Index::class)->name('plugins.index');
        Route::livewire('plugins/create', App\Livewire\Customer\Plugins\Create::class)->name('plugins.create');
        Route::livewire('plugins/{vendor}/{package}', App\Livewire\Customer\Plugins\Show::class)->name('plugins.show');
    });
});