Updated version and assets for release v0.30.0

- Added comments to explain the use of the file.
- Added comments to advise that space/hash containing values would need
to be quoted.

Related to #2258

.env.example

@@ -1,3 +1,11 @@
+# This file, when named as ".env" in the root of your BookStack install
+# folder, is used for the core configuration of the application.
+# By default this file contains the most common required options but
+# a full list of options can be found in the '.env.example.complete' file.
+
+# NOTE: If any of your values contain a space or a hash you will need to
+# wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer")
+
 # Application key
 # Used for encryption where needed.
 # Run `php artisan key:generate` to generate a valid key.
@@ -5,7 +13,7 @@ APP_KEY=SomeRandomString
 
 # Application URL
 # Remove the hash below and set a URL if using BookStack behind
-# a proxy, if using a third-party authentication option.
+# a proxy or if using a third-party authentication option.
 # This must be the root URL that you want to host BookStack on.
 # All URL's in BookStack will be generated using this value.
 #APP_URL=https://example.com
@@ -25,11 +33,10 @@ MAIL_FROM_NAME=BookStack
 MAIL_FROM=bookstack@example.com
 
 # SMTP mail options
+# These settings can be checked using the "Send a Test Email"
+# feature found in the "Settings > Maintenance" area of the system.
 MAIL_HOST=localhost
 MAIL_PORT=1025
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
-
-
-# A full list of options can be found in the '.env.example.complete' file.
+MAIL_ENCRYPTION=null

.env.example.complete

@@ -238,7 +238,10 @@ DISABLE_EXTERNAL_SERVICES=false
 # Example: AVATAR_URL=https://seccdn.libravatar.org/avatar/${hash}?s=${size}&d=identicon
 AVATAR_URL=
 
-# Enable Draw.io integration
+# Enable draw.io integration
+# Can simply be true/false to enable/disable the integration.
+# Alternatively, It can be URL to the draw.io instance you want to use.
+# For URLs, The following URL parameters should be included: embed=1&proto=json&spin=1
 DRAWIO=true
 
 # Default item listing view
@@ -267,4 +270,12 @@ API_DEFAULT_ITEM_COUNT=100
 API_MAX_ITEM_COUNT=500
 
 # The number of API requests that can be made per minute by a single user.
-API_REQUESTS_PER_MIN=180
+API_REQUESTS_PER_MIN=180
+
+# Enable the logging of failed email+password logins with the given message.
+# The default log channel below uses the php 'error_log' function which commonly
+# results in messages being output to the webserver error logs.
+# The message can contain a %u parameter which will be replaced with the login
+# user identifier (Username or email).
+LOG_FAILED_LOGIN_MESSAGE=false
+LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver

.github/translators.txt

@@ -61,7 +61,7 @@ Rodrigo Saczuk Niz (rodrigoniz) :: Portuguese, Brazilian
 aekramer :: Dutch
 JachuPL :: Polish
 milesteg :: Hungarian
-Beenbag :: German
+Beenbag :: German; German Informal
 Lett3rs :: Danish
 Julian (julian.henneberg) :: German; German Informal
 3GNWn :: Danish
@@ -87,3 +87,36 @@ Rafael (raribeir) :: Portuguese, Brazilian
 Hiroyuki Odake (dakesan) :: Japanese
 Alex Lee (qianmengnet) :: Chinese Simplified
 swinn37 :: French
+Hasan Özbey (the-turk) :: Turkish
+rcy :: Swedish
+Ali Yasir Yılmaz (ayyilmaz) :: Turkish
+scureza :: Italian
+Biepa :: German Informal; German
+syecu :: Chinese Simplified
+Lap1t0r :: French
+Thinkverse (thinkverse) :: Swedish
+alef (toishoki) :: Turkish
+Robbert Feunekes (Muukuro) :: Dutch
+seohyeon.joo :: Korean
+Orenda (OREDNA) :: Bulgarian
+Marek Pavelka (marapavelka) :: Czech
+Venkinovec :: Czech
+Tommy Ku (tommyku) :: Chinese Traditional; Japanese
+Michał Bielejewski  (bielej) :: Polish
+jozefrebjak :: Slovak
+Ikhwan Koo (Ikhwan.Koo) :: Korean
+Whay (remkovdhoef) :: Dutch
+jc7115 :: Chinese Traditional
+주서현 (seohyeon.joo) :: Korean
+ReadySystems :: Arabic
+HFinch :: German; German Informal
+brechtgijsens :: Dutch
+Lowkey (v587ygq) :: Chinese Simplified
+sdl-blue :: German Informal
+sqlik :: Polish
+Roy van Schaijk (royvanschaijk) :: Dutch
+Simsimpicpic :: French
+Zenahr Barzani (Zenahr) :: German; Japanese; Dutch; German Informal
+tatsuya.info :: Japanese
+fadiapp :: Arabic
+Jakub “Jéžiš” Bouček (jakubboucek) :: Czech

.github/workflows/phpunit.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: [7.2, 7.3]
+        php: [7.2, 7.4]
     steps:
     - uses: actions/checkout@v1
 

app/Actions/Activity.php

@@ -50,10 +50,8 @@ class Activity extends Model
 
     /**
      * Checks if another Activity matches the general information of another.
-     * @param $activityB
-     * @return bool
      */
-    public function isSimilarTo($activityB)
+    public function isSimilarTo(Activity $activityB): bool
     {
         return [$this->key, $this->entity_type, $this->entity_id] === [$activityB->key, $activityB->entity_type, $activityB->entity_id];
     }

app/Actions/ActivityService.php

@@ -1,8 +1,10 @@
 <?php namespace BookStack\Actions;
 
 use BookStack\Auth\Permissions\PermissionService;
-use BookStack\Entities\Book;
+use BookStack\Auth\User;
 use BookStack\Entities\Entity;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Log;
 
 class ActivityService
 {
@@ -12,8 +14,6 @@ class ActivityService
 
     /**
      * ActivityService constructor.
-     * @param Activity $activity
-     * @param PermissionService $permissionService
      */
     public function __construct(Activity $activity, PermissionService $permissionService)
     {
@@ -24,11 +24,8 @@ class ActivityService
 
     /**
      * Add activity data to database.
-     * @param \BookStack\Entities\Entity $entity
-     * @param string $activityKey
-     * @param int $bookId
      */
-    public function add(Entity $entity, string $activityKey, int $bookId = null)
+    public function add(Entity $entity, string $activityKey, ?int $bookId = null)
     {
         $activity = $this->newActivityForUser($activityKey, $bookId);
         $entity->activity()->save($activity);
@@ -37,11 +34,8 @@ class ActivityService
 
     /**
      * Adds a activity history with a message, without binding to a entity.
-     * @param string $activityKey
-     * @param string $message
-     * @param int $bookId
      */
-    public function addMessage(string $activityKey, string $message, int $bookId = null)
+    public function addMessage(string $activityKey, string $message, ?int $bookId = null)
     {
         $this->newActivityForUser($activityKey, $bookId)->forceFill([
             'extra' => $message
@@ -52,14 +46,11 @@ class ActivityService
 
     /**
      * Get a new activity instance for the current user.
-     * @param string $key
-     * @param int|null $bookId
-     * @return Activity
      */
-    protected function newActivityForUser(string $key, int $bookId = null)
+    protected function newActivityForUser(string $key, ?int $bookId = null): Activity
     {
         return $this->activity->newInstance()->forceFill([
-            'key' => strtolower($key),
+            'key'     => strtolower($key),
             'user_id' => $this->user->id,
             'book_id' => $bookId ?? 0,
         ]);
@@ -69,34 +60,27 @@ class ActivityService
      * Removes the entity attachment from each of its activities
      * and instead uses the 'extra' field with the entities name.
      * Used when an entity is deleted.
-     * @param \BookStack\Entities\Entity $entity
-     * @return mixed
      */
-    public function removeEntity(Entity $entity)
+    public function removeEntity(Entity $entity): Collection
     {
-        // TODO - Rewrite to db query.
-        $activities = $entity->activity;
-        foreach ($activities as $activity) {
-            $activity->extra = $entity->name;
-            $activity->entity_id = 0;
-            $activity->entity_type = null;
-            $activity->save();
-        }
+        $activities = $entity->activity()->get();
+        $entity->activity()->update([
+            'extra'       => $entity->name,
+            'entity_id'   => 0,
+            'entity_type' => '',
+        ]);
         return $activities;
     }
 
     /**
      * Gets the latest activity.
-     * @param int $count
-     * @param int $page
-     * @return array
      */
-    public function latest($count = 20, $page = 0)
+    public function latest(int $count = 20, int $page = 0): array
     {
         $activityList = $this->permissionService
             ->filterRestrictedEntityRelations($this->activity, 'activities', 'entity_id', 'entity_type')
             ->orderBy('created_at', 'desc')
-            ->with('user', 'entity')
+            ->with(['user', 'entity'])
             ->skip($count * $page)
             ->take($count)
             ->get();
@@ -107,20 +91,16 @@ class ActivityService
     /**
      * Gets the latest activity for an entity, Filtering out similar
      * items to prevent a message activity list.
-     * @param \BookStack\Entities\Entity $entity
-     * @param int $count
-     * @param int $page
-     * @return array
      */
-    public function entityActivity($entity, $count = 20, $page = 1)
+    public function entityActivity(Entity $entity, int $count = 20, int $page = 1): array
     {
         if ($entity->isA('book')) {
-            $query = $this->activity->where('book_id', '=', $entity->id);
+            $query = $this->activity->newQuery()->where('book_id', '=', $entity->id);
         } else {
-            $query = $this->activity->where('entity_type', '=', $entity->getMorphClass())
+            $query = $this->activity->newQuery()->where('entity_type', '=', $entity->getMorphClass())
                 ->where('entity_id', '=', $entity->id);
         }
-        
+
         $activity = $this->permissionService
             ->filterRestrictedEntityRelations($query, 'activities', 'entity_id', 'entity_type')
             ->orderBy('created_at', 'desc')
@@ -133,18 +113,18 @@ class ActivityService
     }
 
     /**
-     * Get latest activity for a user, Filtering out similar
-     * items.
-     * @param $user
-     * @param int $count
-     * @param int $page
-     * @return array
+     * Get latest activity for a user, Filtering out similar items.
      */
-    public function userActivity($user, $count = 20, $page = 0)
+    public function userActivity(User $user, int $count = 20, int $page = 0): array
     {
         $activityList = $this->permissionService
             ->filterRestrictedEntityRelations($this->activity, 'activities', 'entity_id', 'entity_type')
-            ->orderBy('created_at', 'desc')->where('user_id', '=', $user->id)->skip($count * $page)->take($count)->get();
+            ->orderBy('created_at', 'desc')
+            ->where('user_id', '=', $user->id)
+            ->skip($count * $page)
+            ->take($count)
+            ->get();
+
         return $this->filterSimilar($activityList);
     }
 
@@ -153,29 +133,26 @@ class ActivityService
      * @param Activity[] $activities
      * @return array
      */
-    protected function filterSimilar($activities)
+    protected function filterSimilar(iterable $activities): array
     {
         $newActivity = [];
-        $previousItem = false;
+        $previousItem = null;
+
         foreach ($activities as $activityItem) {
-            if ($previousItem === false) {
-                $previousItem = $activityItem;
-                $newActivity[] = $activityItem;
-                continue;
-            }
-            if (!$activityItem->isSimilarTo($previousItem)) {
+            if (!$previousItem || !$activityItem->isSimilarTo($previousItem)) {
                 $newActivity[] = $activityItem;
             }
+
             $previousItem = $activityItem;
         }
+
         return $newActivity;
     }
 
     /**
      * Flashes a notification message to the session if an appropriate message is available.
-     * @param $activityKey
      */
-    protected function setNotification($activityKey)
+    protected function setNotification(string $activityKey)
     {
         $notificationTextKey = 'activities.' . $activityKey . '_notification';
         if (trans()->has($notificationTextKey)) {
@@ -183,4 +160,20 @@ class ActivityService
             session()->flash('success', $message);
         }
     }
+
+    /**
+     * Log out a failed login attempt, Providing the given username
+     * as part of the message if the '%u' string is used.
+     */
+    public function logFailedLogin(string $username)
+    {
+        $message = config('logging.failed_login.message');
+        if (!$message) {
+            return;
+        }
+
+        $message = str_replace("%u", $username, $message);
+        $channel = config('logging.failed_login.channel');
+        Log::channel($channel)->warning($message);
+    }
 }

app/Actions/Comment.php

@@ -2,9 +2,15 @@
 
 use BookStack\Ownable;
 
+/**
+ * @property string text
+ * @property string html
+ * @property int|null parent_id
+ * @property int local_id
+ */
 class Comment extends Ownable
 {
-    protected $fillable = ['text', 'html', 'parent_id'];
+    protected $fillable = ['text', 'parent_id'];
     protected $appends = ['created', 'updated'];
 
     /**

app/Actions/CommentRepo.php

@@ -1,23 +1,20 @@
 <?php namespace BookStack\Actions;
 
 use BookStack\Entities\Entity;
+use League\CommonMark\CommonMarkConverter;
 
 /**
  * Class CommentRepo
- * @package BookStack\Repos
  */
 class CommentRepo
 {
 
     /**
-     * @var \BookStack\Actions\Comment $comment
+     * @var Comment $comment
      */
     protected $comment;
 
-    /**
-     * CommentRepo constructor.
-     * @param \BookStack\Actions\Comment $comment
-     */
+
     public function __construct(Comment $comment)
     {
         $this->comment = $comment;
@@ -25,65 +22,71 @@ class CommentRepo
 
     /**
      * Get a comment by ID.
-     * @param $id
-     * @return \BookStack\Actions\Comment|\Illuminate\Database\Eloquent\Model
      */
-    public function getById($id)
+    public function getById(int $id): Comment
     {
         return $this->comment->newQuery()->findOrFail($id);
     }
 
     /**
      * Create a new comment on an entity.
-     * @param \BookStack\Entities\Entity $entity
-     * @param array $data
-     * @return \BookStack\Actions\Comment
      */
-    public function create(Entity $entity, $data = [])
+    public function create(Entity $entity, string $text, ?int $parent_id): Comment
     {
         $userId = user()->id;
-        $comment = $this->comment->newInstance($data);
+        $comment = $this->comment->newInstance();
+
+        $comment->text = $text;
+        $comment->html = $this->commentToHtml($text);
         $comment->created_by = $userId;
         $comment->updated_by = $userId;
         $comment->local_id = $this->getNextLocalId($entity);
+        $comment->parent_id = $parent_id;
+
         $entity->comments()->save($comment);
         return $comment;
     }
 
     /**
      * Update an existing comment.
-     * @param \BookStack\Actions\Comment $comment
-     * @param array $input
-     * @return mixed
      */
-    public function update($comment, $input)
+    public function update(Comment $comment, string $text): Comment
     {
         $comment->updated_by = user()->id;
-        $comment->update($input);
+        $comment->text = $text;
+        $comment->html = $this->commentToHtml($text);
+        $comment->save();
         return $comment;
     }
 
     /**
      * Delete a comment from the system.
-     * @param \BookStack\Actions\Comment $comment
-     * @return mixed
      */
-    public function delete($comment)
+    public function delete(Comment $comment)
     {
-        return $comment->delete();
+        $comment->delete();
+    }
+
+    /**
+     * Convert the given comment markdown text to HTML.
+     */
+    public function commentToHtml(string $commentText): string
+    {
+        $converter = new CommonMarkConverter([
+            'html_input' => 'strip',
+            'max_nesting_level' => 10,
+            'allow_unsafe_links' => false,
+        ]);
+
+        return $converter->convertToHtml($commentText);
     }
 
     /**
      * Get the next local ID relative to the linked entity.
-     * @param \BookStack\Entities\Entity $entity
-     * @return int
      */
-    protected function getNextLocalId(Entity $entity)
+    protected function getNextLocalId(Entity $entity): int
     {
         $comments = $entity->comments(false)->orderBy('local_id', 'desc')->first();
-        if ($comments === null) {
-            return 1;
-        }
-        return $comments->local_id + 1;
+        return ($comments->local_id ?? 0) + 1;
     }
 }

app/Actions/Tag.php

@@ -9,6 +9,7 @@ use BookStack\Model;
 class Tag extends Model
 {
     protected $fillable = ['name', 'value', 'order'];
+    protected $hidden = ['id', 'entity_id', 'entity_type'];
 
     /**
      * Get the entity that this tag belongs to

app/Actions/TagRepo.php

@@ -2,71 +2,31 @@
 
 use BookStack\Auth\Permissions\PermissionService;
 use BookStack\Entities\Entity;
+use DB;
+use Illuminate\Support\Collection;
 
-/**
- * Class TagRepo
- * @package BookStack\Repos
- */
 class TagRepo
 {
 
     protected $tag;
-    protected $entity;
     protected $permissionService;
 
     /**
      * TagRepo constructor.
-     * @param \BookStack\Actions\Tag $attr
-     * @param \BookStack\Entities\Entity $ent
-     * @param \BookStack\Auth\Permissions\PermissionService $ps
      */
-    public function __construct(Tag $attr, Entity $ent, PermissionService $ps)
+    public function __construct(Tag $tag, PermissionService $ps)
     {
-        $this->tag = $attr;
-        $this->entity = $ent;
+        $this->tag = $tag;
         $this->permissionService = $ps;
     }
 
-    /**
-     * Get an entity instance of its particular type.
-     * @param $entityType
-     * @param $entityId
-     * @param string $action
-     * @return \Illuminate\Database\Eloquent\Model|null|static
-     */
-    public function getEntity($entityType, $entityId, $action = 'view')
-    {
-        $entityInstance = $this->entity->getEntityInstance($entityType);
-        $searchQuery = $entityInstance->where('id', '=', $entityId)->with('tags');
-        $searchQuery = $this->permissionService->enforceEntityRestrictions($entityType, $searchQuery, $action);
-        return $searchQuery->first();
-    }
-
-    /**
-     * Get all tags for a particular entity.
-     * @param string $entityType
-     * @param int $entityId
-     * @return mixed
-     */
-    public function getForEntity($entityType, $entityId)
-    {
-        $entity = $this->getEntity($entityType, $entityId);
-        if ($entity === null) {
-            return collect();
-        }
-
-        return $entity->tags;
-    }
-
     /**
      * Get tag name suggestions from scanning existing tag names.
      * If no search term is given the 50 most popular tag names are provided.
-     * @param $searchTerm
-     * @return array
      */
-    public function getNameSuggestions($searchTerm = false)
+    public function getNameSuggestions(?string $searchTerm): Collection
     {
-        $query = $this->tag->select('*', \DB::raw('count(*) as count'))->groupBy('name');
+        $query = $this->tag->select('*', DB::raw('count(*) as count'))->groupBy('name');
 
         if ($searchTerm) {
             $query = $query->where('name', 'LIKE', $searchTerm . '%')->orderBy('name', 'desc');
@@ -82,13 +42,10 @@ class TagRepo
      * Get tag value suggestions from scanning existing tag values.
      * If no search is given the 50 most popular values are provided.
      * Passing a tagName will only find values for a tags with a particular name.
-     * @param $searchTerm
-     * @param $tagName
-     * @return array
      */
-    public function getValueSuggestions($searchTerm = false, $tagName = false)
+    public function getValueSuggestions(?string $searchTerm, ?string $tagName): Collection
     {
-        $query = $this->tag->select('*', \DB::raw('count(*) as count'))->groupBy('value');
+        $query = $this->tag->select('*', DB::raw('count(*) as count'))->groupBy('value');
 
         if ($searchTerm) {
             $query = $query->where('value', 'LIKE', $searchTerm . '%')->orderBy('value', 'desc');
@@ -96,7 +53,7 @@ class TagRepo
             $query = $query->orderBy('count', 'desc')->take(50);
         }
 
-        if ($tagName !== false) {
+        if ($tagName) {
             $query = $query->where('name', '=', $tagName);
         }
 
@@ -106,35 +63,28 @@ class TagRepo
 
     /**
      * Save an array of tags to an entity
-     * @param \BookStack\Entities\Entity $entity
-     * @param array $tags
-     * @return array|\Illuminate\Database\Eloquent\Collection
      */
-    public function saveTagsToEntity(Entity $entity, $tags = [])
+    public function saveTagsToEntity(Entity $entity, array $tags = []): iterable
     {
         $entity->tags()->delete();
-        $newTags = [];
-        foreach ($tags as $tag) {
-            if (trim($tag['name']) === '') {
-                continue;
-            }
-            $newTags[] = $this->newInstanceFromInput($tag);
-        }
+
+        $newTags = collect($tags)->filter(function ($tag) {
+            return boolval(trim($tag['name']));
+        })->map(function ($tag) {
+            return $this->newInstanceFromInput($tag);
+        })->all();
 
         return $entity->tags()->saveMany($newTags);
     }
 
     /**
      * Create a new Tag instance from user input.
-     * @param $input
-     * @return \BookStack\Actions\Tag
+     * Input must be an array with a 'name' and an optional 'value' key.
      */
-    protected function newInstanceFromInput($input)
+    protected function newInstanceFromInput(array $input): Tag
     {
         $name = trim($input['name']);
         $value = isset($input['value']) ? trim($input['value']) : '';
-        // Any other modification or cleanup required can go here
-        $values = ['name' => $name, 'value' => $value];
-        return $this->tag->newInstance($values);
+        return $this->tag->newInstance(['name' => $name, 'value' => $value]);
     }
 }

app/Api/ApiDocsGenerator.php

@@ -3,6 +3,7 @@
 use BookStack\Http\Controllers\Api\ApiController;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Str;
 use ReflectionClass;
 use ReflectionException;
 use ReflectionMethod;
@@ -117,6 +118,7 @@ class ApiDocsGenerator
                 'method' => $route->methods[0],
                 'controller' => $controller,
                 'controller_method' => $controllerMethod,
+                'controller_method_kebab' => Str::kebab($controllerMethod),
                 'base_model' => $baseModelName,
             ];
         });

app/Api/ListingResponseBuilder.php

@@ -36,8 +36,10 @@ class ListingResponseBuilder
      */
     public function toResponse()
     {
-        $data = $this->fetchData();
-        $total = $this->query->count();
+        $filteredQuery = $this->filterQuery($this->query);
+
+        $total = $filteredQuery->count();
+        $data = $this->fetchData($filteredQuery);
 
         return response()->json([
             'data' => $data,
@@ -48,23 +50,22 @@ class ListingResponseBuilder
     /**
      * Fetch the data to return in the response.
      */
-    protected function fetchData(): Collection
+    protected function fetchData(Builder $query): Collection
     {
-        $this->applyCountAndOffset($this->query);
-        $this->applySorting($this->query);
-        $this->applyFiltering($this->query);
-
-        return $this->query->get($this->fields);
+        $query = $this->countAndOffsetQuery($query);
+        $query = $this->sortQuery($query);
+        return $query->get($this->fields);
     }
 
     /**
      * Apply any filtering operations found in the request.
      */
-    protected function applyFiltering(Builder $query)
+    protected function filterQuery(Builder $query): Builder
     {
+        $query = clone $query;
         $requestFilters = $this->request->get('filter', []);
         if (!is_array($requestFilters)) {
-            return;
+            return $query;
         }
 
         $queryFilters = collect($requestFilters)->map(function ($value, $key) {
@@ -73,7 +74,7 @@ class ListingResponseBuilder
             return !is_null($value);
         })->values()->toArray();
 
-        $query->where($queryFilters);
+        return $query->where($queryFilters);
     }
 
     /**
@@ -101,8 +102,9 @@ class ListingResponseBuilder
      * Apply sorting operations to the query from given parameters
      * otherwise falling back to the first given field, ascending.
      */
-    protected function applySorting(Builder $query)
+    protected function sortQuery(Builder $query): Builder
     {
+        $query = clone $query;
         $defaultSortName = $this->fields[0];
         $direction = 'asc';
 
@@ -116,20 +118,21 @@ class ListingResponseBuilder
             $sortName = $defaultSortName;
         }
 
-        $query->orderBy($sortName, $direction);
+        return $query->orderBy($sortName, $direction);
     }
 
     /**
      * Apply count and offset for paging, based on params from the request while falling
      * back to system defined default, taking the max limit into account.
      */
-    protected function applyCountAndOffset(Builder $query)
+    protected function countAndOffsetQuery(Builder $query): Builder
     {
+        $query = clone $query;
         $offset = max(0, $this->request->get('offset', 0));
         $maxCount = config('api.max_item_count');
         $count = $this->request->get('count', config('api.default_item_count'));
         $count = max(min($maxCount, $count), 1);
 
-        $query->skip($offset)->take($count);
+        return $query->skip($offset)->take($count);
     }
 }

app/Auth/Access/ExternalAuthService.php

@@ -3,6 +3,8 @@
 use BookStack\Auth\Role;
 use BookStack\Auth\User;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
 
 class ExternalAuthService
 {
@@ -39,22 +41,14 @@ class ExternalAuthService
     /**
      * Match an array of group names to BookStack system roles.
      * Formats group names to be lower-case and hyphenated.
-     * @param array $groupNames
-     * @return \Illuminate\Support\Collection
      */
-    protected function matchGroupsToSystemsRoles(array $groupNames)
+    protected function matchGroupsToSystemsRoles(array $groupNames): Collection
     {
         foreach ($groupNames as $i => $groupName) {
             $groupNames[$i] = str_replace(' ', '-', trim(strtolower($groupName)));
         }
 
-        $roles = Role::query()->where(function (Builder $query) use ($groupNames) {
-            $query->whereIn('name', $groupNames);
-            foreach ($groupNames as $groupName) {
-                $query->orWhere('external_auth_id', 'LIKE', '%' . $groupName . '%');
-            }
-        })->get();
-
+        $roles = Role::query()->get(['id', 'external_auth_id', 'display_name']);
         $matchedRoles = $roles->filter(function (Role $role) use ($groupNames) {
             return $this->roleMatchesGroupNames($role, $groupNames);
         });

app/Auth/Access/Guards/LdapSessionGuard.php

@@ -60,10 +60,8 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
      * @param array $credentials
      * @param bool $remember
      * @return bool
-     * @throws LoginAttemptEmailNeededException
      * @throws LoginAttemptException
      * @throws LdapException
-     * @throws UserRegistrationException
      */
     public function attempt(array $credentials = [], $remember = false)
     {
@@ -82,7 +80,11 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
         }
 
         if (is_null($user)) {
-            $user = $this->createNewFromLdapAndCreds($userDetails, $credentials);
+            try {
+                $user = $this->createNewFromLdapAndCreds($userDetails, $credentials);
+            } catch (UserRegistrationException $exception) {
+                throw new LoginAttemptException($exception->message);
+            }
         }
 
         // Sync LDAP groups if required

app/Auth/Access/RegistrationService.php

@@ -71,15 +71,15 @@ class RegistrationService
         // Start email confirmation flow if required
         if ($this->emailConfirmationService->confirmationRequired() && !$emailConfirmed) {
             $newUser->save();
-            $message = '';
 
             try {
                 $this->emailConfirmationService->sendConfirmation($newUser);
+                session()->flash('sent-email-confirmation', true);
             } catch (Exception $e) {
                 $message = trans('auth.email_confirm_send_error');
+                throw new UserRegistrationException($message, '/register/confirm');
             }
 
-            throw new UserRegistrationException($message, '/register/confirm');
         }
 
         return $newUser;
@@ -106,13 +106,4 @@ class RegistrationService
         }
     }
 
-    /**
-     * Alias to the UserRepo method of the same name.
-     * Attaches the default system role, if configured, to the given user.
-     */
-    public function attachDefaultRole(User $user): void
-    {
-        $this->userRepo->attachDefaultRole($user);
-    }
-
 }

app/Auth/Access/Saml2Service.php

@@ -311,7 +311,6 @@ class Saml2Service extends ExternalAuthService
 
     /**
      * Get the user from the database for the specified details.
-     * @throws SamlException
      * @throws UserRegistrationException
      */
     protected function getOrRegisterUser(array $userDetails): ?User

app/Auth/Permissions/JointPermission.php

@@ -3,25 +3,26 @@
 use BookStack\Auth\Role;
 use BookStack\Entities\Entity;
 use BookStack\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\Eloquent\Relations\MorphOne;
 
 class JointPermission extends Model
 {
+    protected $primaryKey = null;
     public $timestamps = false;
 
     /**
      * Get the role that this points to.
-     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
      */
-    public function role()
+    public function role(): BelongsTo
     {
         return $this->belongsTo(Role::class);
     }
 
     /**
      * Get the entity this points to.
-     * @return \Illuminate\Database\Eloquent\Relations\MorphOne
      */
-    public function entity()
+    public function entity(): MorphOne
     {
         return $this->morphOne(Entity::class, 'entity');
     }

app/Auth/Permissions/PermissionsRepo.php

@@ -1,8 +1,9 @@
 <?php namespace BookStack\Auth\Permissions;
 
-use BookStack\Auth\Permissions;
 use BookStack\Auth\Role;
 use BookStack\Exceptions\PermissionsException;
+use Exception;
+use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Str;
 
 class PermissionsRepo
@@ -16,11 +17,8 @@ class PermissionsRepo
 
     /**
      * PermissionsRepo constructor.
-     * @param RolePermission $permission
-     * @param Role $role
-     * @param \BookStack\Auth\Permissions\PermissionService $permissionService
      */
-    public function __construct(RolePermission $permission, Role $role, Permissions\PermissionService $permissionService)
+    public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
     {
         $this->permission = $permission;
         $this->role = $role;
@@ -29,46 +27,34 @@ class PermissionsRepo
 
     /**
      * Get all the user roles from the system.
-     * @return \Illuminate\Database\Eloquent\Collection|static[]
      */
-    public function getAllRoles()
+    public function getAllRoles(): Collection
     {
         return $this->role->all();
     }
 
     /**
      * Get all the roles except for the provided one.
-     * @param Role $role
-     * @return mixed
      */
-    public function getAllRolesExcept(Role $role)
+    public function getAllRolesExcept(Role $role): Collection
     {
         return $this->role->where('id', '!=', $role->id)->get();
     }
 
     /**
      * Get a role via its ID.
-     * @param $id
-     * @return mixed
      */
-    public function getRoleById($id)
+    public function getRoleById($id): Role
     {
-        return $this->role->findOrFail($id);
+        return $this->role->newQuery()->findOrFail($id);
     }
 
     /**
      * Save a new role into the system.
-     * @param array $roleData
-     * @return Role
      */
-    public function saveNewRole($roleData)
+    public function saveNewRole(array $roleData): Role
     {
         $role = $this->role->newInstance($roleData);
-        $role->name = str_replace(' ', '-', strtolower($roleData['display_name']));
-        // Prevent duplicate names
-        while ($this->role->where('name', '=', $role->name)->count() > 0) {
-            $role->name .= strtolower(Str::random(2));
-        }
         $role->save();
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
@@ -80,13 +66,11 @@ class PermissionsRepo
     /**
      * Updates an existing role.
      * Ensure Admin role always have core permissions.
-     * @param $roleId
-     * @param $roleData
-     * @throws PermissionsException
      */
-    public function updateRole($roleId, $roleData)
+    public function updateRole($roleId, array $roleData)
     {
-        $role = $this->role->findOrFail($roleId);
+        /** @var Role $role */
+        $role = $this->role->newQuery()->findOrFail($roleId);
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         if ($role->system_name === 'admin') {
@@ -108,16 +92,19 @@ class PermissionsRepo
 
     /**
      * Assign an list of permission names to an role.
-     * @param Role $role
-     * @param array $permissionNameArray
      */
-    public function assignRolePermissions(Role $role, $permissionNameArray = [])
+    public function assignRolePermissions(Role $role, array $permissionNameArray = [])
     {
         $permissions = [];
         $permissionNameArray = array_values($permissionNameArray);
-        if ($permissionNameArray && count($permissionNameArray) > 0) {
-            $permissions = $this->permission->whereIn('name', $permissionNameArray)->pluck('id')->toArray();
+
+        if ($permissionNameArray) {
+            $permissions = $this->permission->newQuery()
+                ->whereIn('name', $permissionNameArray)
+                ->pluck('id')
+                ->toArray();
         }
+
         $role->permissions()->sync($permissions);
     }
 
@@ -126,13 +113,13 @@ class PermissionsRepo
      * Check it's not an admin role or set as default before deleting.
      * If an migration Role ID is specified the users assign to the current role
      * will be added to the role of the specified id.
-     * @param $roleId
-     * @param $migrateRoleId
      * @throws PermissionsException
+     * @throws Exception
      */
     public function deleteRole($roleId, $migrateRoleId)
     {
-        $role = $this->role->findOrFail($roleId);
+        /** @var Role $role */
+        $role = $this->role->newQuery()->findOrFail($roleId);
 
         // Prevent deleting admin role or default registration role.
         if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
@@ -142,9 +129,9 @@ class PermissionsRepo
         }
 
         if ($migrateRoleId) {
-            $newRole = $this->role->find($migrateRoleId);
+            $newRole = $this->role->newQuery()->find($migrateRoleId);
             if ($newRole) {
-                $users = $role->users->pluck('id')->toArray();
+                $users = $role->users()->pluck('id')->toArray();
                 $newRole->users()->sync($users);
             }
         }

app/Auth/Permissions/RolePermission.php

@@ -3,6 +3,9 @@
 use BookStack\Auth\Role;
 use BookStack\Model;
 
+/**
+ * @property int $id
+ */
 class RolePermission extends Model
 {
     /**

app/Auth/Role.php

@@ -3,13 +3,16 @@
 use BookStack\Auth\Permissions\JointPermission;
 use BookStack\Auth\Permissions\RolePermission;
 use BookStack\Model;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Database\Eloquent\Relations\HasMany;
 
 /**
  * Class Role
+ * @property int $id
  * @property string $display_name
  * @property string $description
  * @property string $external_auth_id
- * @package BookStack\Auth
+ * @property string $system_name
  */
 class Role extends Model
 {
@@ -26,9 +29,8 @@ class Role extends Model
 
     /**
      * Get all related JointPermissions.
-     * @return \Illuminate\Database\Eloquent\Relations\HasMany
      */
-    public function jointPermissions()
+    public function jointPermissions(): HasMany
     {
         return $this->hasMany(JointPermission::class);
     }
@@ -43,10 +45,8 @@ class Role extends Model
 
     /**
      * Check if this role has a permission.
-     * @param $permissionName
-     * @return bool
      */
-    public function hasPermission($permissionName)
+    public function hasPermission(string $permissionName): bool
     {
         $permissions = $this->getRelationValue('permissions');
         foreach ($permissions as $permission) {
@@ -59,7 +59,6 @@ class Role extends Model
 
     /**
      * Add a permission to this role.
-     * @param RolePermission $permission
      */
     public function attachPermission(RolePermission $permission)
     {
@@ -68,7 +67,6 @@ class Role extends Model
 
     /**
      * Detach a single permission from this role.
-     * @param RolePermission $permission
      */
     public function detachPermission(RolePermission $permission)
     {
@@ -76,39 +74,33 @@ class Role extends Model
     }
 
     /**
-     * Get the role object for the specified role.
-     * @param $roleName
-     * @return Role
+     * Get the role of the specified display name.
      */
-    public static function getRole($roleName)
+    public static function getRole(string $displayName): ?Role
     {
-        return static::query()->where('name', '=', $roleName)->first();
+        return static::query()->where('display_name', '=', $displayName)->first();
     }
 
     /**
      * Get the role object for the specified system role.
-     * @param $roleName
-     * @return Role
      */
-    public static function getSystemRole($roleName)
+    public static function getSystemRole(string $systemName): ?Role
     {
-        return static::query()->where('system_name', '=', $roleName)->first();
+        return static::query()->where('system_name', '=', $systemName)->first();
     }
 
     /**
      * Get all visible roles
-     * @return mixed
      */
-    public static function visible()
+    public static function visible(): Collection
     {
         return static::query()->where('hidden', '=', false)->orderBy('name')->get();
     }
 
     /**
      * Get the roles that can be restricted.
-     * @return \Illuminate\Database\Eloquent\Builder[]|\Illuminate\Database\Eloquent\Collection
      */
-    public static function restrictable()
+    public static function restrictable(): Collection
     {
         return static::query()->where('system_name', '!=', 'admin')->get();
     }

app/Auth/User.php

@@ -47,7 +47,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
      * The attributes excluded from the model's JSON form.
      * @var array
      */
-    protected $hidden = ['password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email'];
+    protected $hidden = [
+        'password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email',
+        'created_at', 'updated_at', 'image_id',
+    ];
 
     /**
      * This holds the user's permissions when loaded.
@@ -98,12 +101,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
     /**
      * Check if the user has a role.
-     * @param $role
-     * @return mixed
      */
-    public function hasRole($role)
+    public function hasRole($roleId): bool
     {
-        return $this->roles->pluck('name')->contains($role);
+        return $this->roles->pluck('id')->contains($roleId);
     }
 
     /**
@@ -160,7 +161,6 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
     /**
      * Attach a role to this user.
-     * @param Role $role
      */
     public function attachRole(Role $role)
     {

app/Auth/UserRepo.php

@@ -238,7 +238,7 @@ class UserRepo
      */
     public function getAllRoles()
     {
-        return $this->role->newQuery()->orderBy('name', 'asc')->get();
+        return $this->role->newQuery()->orderBy('display_name', 'asc')->get();
     }
 
     /**

app/Config/app.php

@@ -52,7 +52,7 @@ return [
     'locale' => env('APP_LANG', 'en'),
 
     // Locales available
-    'locales' => ['en', 'ar', 'cs', 'da', 'de', 'de_informal', 'es', 'es_AR', 'fa', 'fr', 'he', 'hu', 'it', 'ja', 'ko', 'nl', 'pt', 'pt_BR', 'sk', 'sl', 'sv', 'pl',  'ru', 'tr', 'uk', 'vi', 'zh_CN', 'zh_TW',],
+    'locales' => ['en', 'ar', 'bg', 'cs', 'da', 'de', 'de_informal', 'es', 'es_AR', 'fa', 'fr', 'he', 'hu', 'it', 'ja', 'ko', 'nl', 'pt', 'pt_BR', 'sk', 'sl', 'sv', 'pl',  'ru', 'th', 'tr', 'uk', 'vi', 'zh_CN', 'zh_TW',],
 
     //  Application Fallback Locale
     'fallback_locale' => 'en',

app/Config/logging.php

@@ -1,5 +1,7 @@
 <?php
 
+use Monolog\Formatter\LineFormatter;
+use Monolog\Handler\ErrorLogHandler;
 use Monolog\Handler\NullHandler;
 use Monolog\Handler\StreamHandler;
 
@@ -73,10 +75,38 @@ return [
             'level' => 'debug',
         ],
 
+        // Custom errorlog implementation that logs out a plain,
+        // non-formatted message intended for the webserver log.
+        'errorlog_plain_webserver' => [
+            'driver' => 'monolog',
+            'level' => 'debug',
+            'handler' => ErrorLogHandler::class,
+            'handler_with' => [4],
+            'formatter' => LineFormatter::class,
+            'formatter_with' => [
+                'format' => "%message%",
+            ],
+        ],
+
         'null' => [
             'driver' => 'monolog',
             'handler' => NullHandler::class,
         ],
+
+        // Testing channel
+        // Uses a shared testing instance during tests
+        // so that logs can be checked against.
+        'testing' => [
+            'driver' => 'testing',
+        ],
+    ],
+
+
+    // Failed Login Message
+    // Allows a configurable message to be logged when a login request fails.
+    'failed_login' => [
+        'message' => env('LOG_FAILED_LOGIN_MESSAGE', null),
+        'channel' => env('LOG_FAILED_LOGIN_CHANNEL', 'errorlog_plain_webserver'),
     ],
 
 ];

app/Config/saml2.php

@@ -101,7 +101,7 @@ return [
                 'url' => env('SAML2_IDP_SLO', null),
                 // URL location of the IdP where the SP will send the SLO Response (ResponseLocation)
                 // if not set, url for the SLO Request will be used
-                'responseUrl' => '',
+                'responseUrl' => null,
                 // SAML protocol binding to be used when returning the <Response>
                 // message.  Onelogin Toolkit supports for this endpoint the
                 // HTTP-Redirect binding only

app/Config/snappy.php

@@ -13,7 +13,9 @@ return [
         'enabled' => true,
         'binary'  => file_exists(base_path('wkhtmltopdf')) ? base_path('wkhtmltopdf') : env('WKHTMLTOPDF', false),
         'timeout' => false,
-        'options' => [],
+        'options' => [
+            'outline' => true
+        ],
         'env'     => [],
     ],
     'image' => [

app/Console/Commands/ClearViews.php

@@ -18,7 +18,7 @@ class ClearViews extends Command
      *
      * @var string
      */
-    protected $description = 'Clear all view-counts for all entities.';
+    protected $description = 'Clear all view-counts for all entities';
 
     /**
      * Create a new command instance.

app/Console/Commands/CopyShelfPermissions.php

@@ -23,7 +23,7 @@ class CopyShelfPermissions extends Command
      *
      * @var string
      */
-    protected $description = 'Copy shelf permissions to all child books.';
+    protected $description = 'Copy shelf permissions to all child books';
 
     /**
      * @var BookshelfRepo

app/Console/Commands/DeleteUsers.php

@@ -25,7 +25,7 @@ class DeleteUsers extends Command
      *
      * @var string
      */
-    protected $description = 'Delete users that are not "admin" or system users.';
+    protected $description = 'Delete users that are not "admin" or system users';
 
     public function __construct(User $user, UserRepo $userRepo)
     {

app/Console/Commands/RegenerateCommentContent.php

@@ -0,0 +1,61 @@
+<?php
+
+namespace BookStack\Console\Commands;
+
+use BookStack\Actions\Comment;
+use BookStack\Actions\CommentRepo;
+use Illuminate\Console\Command;
+
+class RegenerateCommentContent extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'bookstack:regenerate-comment-content {--database= : The database connection to use.}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Regenerate the stored HTML of all comments';
+
+    /**
+     * @var CommentRepo
+     */
+    protected $commentRepo;
+
+    /**
+     * Create a new command instance.
+     */
+    public function __construct(CommentRepo $commentRepo)
+    {
+        $this->commentRepo = $commentRepo;
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $connection = \DB::getDefaultConnection();
+        if ($this->option('database') !== null) {
+            \DB::setDefaultConnection($this->option('database'));
+        }
+
+        Comment::query()->chunk(100, function ($comments) {
+            foreach ($comments as $comment) {
+                $comment->html = $this->commentRepo->commentToHtml($comment->text);
+                $comment->save();
+            }
+        });
+
+        \DB::setDefaultConnection($connection);
+        $this->comment('Comment HTML content has been regenerated');
+    }
+}

app/Console/Commands/RegeneratePermissions.php

@@ -30,8 +30,6 @@ class RegeneratePermissions extends Command
 
     /**
      * Create a new command instance.
-     *
-     * @param \BookStack\Auth\\BookStack\Auth\Permissions\PermissionService $permissionService
      */
     public function __construct(PermissionService $permissionService)
     {

app/Console/Commands/RegenerateSearch.php

@@ -3,6 +3,7 @@
 namespace BookStack\Console\Commands;
 
 use BookStack\Entities\SearchService;
+use DB;
 use Illuminate\Console\Command;
 
 class RegenerateSearch extends Command
@@ -26,7 +27,7 @@ class RegenerateSearch extends Command
     /**
      * Create a new command instance.
      *
-     * @param \BookStack\Entities\SearchService $searchService
+     * @param SearchService $searchService
      */
     public function __construct(SearchService $searchService)
     {
@@ -41,14 +42,14 @@ class RegenerateSearch extends Command
      */
     public function handle()
     {
-        $connection = \DB::getDefaultConnection();
+        $connection = DB::getDefaultConnection();
         if ($this->option('database') !== null) {
-            \DB::setDefaultConnection($this->option('database'));
-            $this->searchService->setConnection(\DB::connection($this->option('database')));
+            DB::setDefaultConnection($this->option('database'));
+            $this->searchService->setConnection(DB::connection($this->option('database')));
         }
 
         $this->searchService->indexAllEntities();
-        \DB::setDefaultConnection($connection);
+        DB::setDefaultConnection($connection);
         $this->comment('Search index regenerated');
     }
 }

app/Console/Commands/UpdateUrl.php

@@ -0,0 +1,91 @@
+<?php
+
+namespace BookStack\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Database\Connection;
+
+class UpdateUrl extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'bookstack:update-url
+                            {oldUrl : URL to replace}
+                            {newUrl : URL to use as the replacement}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Find and replace the given URLs in your BookStack database';
+
+    protected $db;
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct(Connection $db)
+    {
+        $this->db = $db;
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $oldUrl = str_replace("'", '', $this->argument('oldUrl'));
+        $newUrl = str_replace("'", '', $this->argument('newUrl'));
+
+        $urlPattern = '/https?:\/\/(.+)/';
+        if (!preg_match($urlPattern, $oldUrl) || !preg_match($urlPattern, $newUrl)) {
+            $this->error("The given urls are expected to be full urls starting with http:// or https://");
+            return 1;
+        }
+
+        if (!$this->checkUserOkayToProceed($oldUrl, $newUrl)) {
+            return 1;
+        }
+
+        $columnsToUpdateByTable = [
+            "attachments" => ["path"],
+            "pages" => ["html", "text", "markdown"],
+            "images" => ["url"],
+            "comments" => ["html", "text"],
+        ];
+
+        foreach ($columnsToUpdateByTable as $table => $columns) {
+            foreach ($columns as $column) {
+                $changeCount = $this->db->table($table)->update([
+                    $column => $this->db->raw("REPLACE({$column}, '{$oldUrl}', '{$newUrl}')")
+                ]);
+                $this->info("Updated {$changeCount} rows in {$table}->{$column}");
+            }
+        }
+
+        $this->info("URL update procedure complete.");
+        return 0;
+    }
+
+    /**
+     * Warn the user of the dangers of this operation.
+     * Returns a boolean indicating if they've accepted the warnings.
+     */
+    protected function checkUserOkayToProceed(string $oldUrl, string $newUrl): bool
+    {
+        $dangerWarning = "This will search for \"{$oldUrl}\" in your database and replace it with  \"{$newUrl}\".\n";
+        $dangerWarning .= "Are you sure you want to proceed?";
+        $backupConfirmation = "This operation could cause issues if used incorrectly. Have you made a backup of your existing database?";
+
+        return $this->confirm($dangerWarning) && $this->confirm($backupConfirmation);
+    }
+}

app/Entities/Book.php

@@ -19,7 +19,7 @@ class Book extends Entity implements HasCoverImage
     public $searchFactor = 2;
 
     protected $fillable = ['name', 'description'];
-    protected $hidden = ['restricted'];
+    protected $hidden = ['restricted', 'pivot', 'image_id'];
 
     /**
      * Get the url for this book.

app/Entities/Bookshelf.php

@@ -12,6 +12,8 @@ class Bookshelf extends Entity implements HasCoverImage
 
     protected $fillable = ['name', 'description', 'image_id'];
 
+    protected $hidden = ['restricted', 'image_id'];
+
     /**
      * Get the books in this shelf.
      * Should not be used directly since does not take into account permissions.

app/Entities/Chapter.php

@@ -12,6 +12,7 @@ class Chapter extends BookChild
     public $searchFactor = 1.3;
 
     protected $fillable = ['name', 'description', 'priority', 'book_id'];
+    protected $hidden = ['restricted', 'pivot'];
 
     /**
      * Get the pages that this chapter contains.

app/Entities/Entity.php

@@ -238,10 +238,8 @@ class Entity extends Ownable
 
     /**
      * Gets a limited-length version of the entities name.
-     * @param int $length
-     * @return string
      */
-    public function getShortName($length = 25)
+    public function getShortName(int $length = 25): string
     {
         if (mb_strlen($this->name) <= $length) {
             return $this->name;
@@ -288,7 +286,7 @@ class Entity extends Ownable
     public function rebuildPermissions()
     {
         /** @noinspection PhpUnhandledExceptionInspection */
-        Permissions::buildJointPermissionsForEntity($this);
+        Permissions::buildJointPermissionsForEntity(clone $this);
     }
 
     /**
@@ -297,7 +295,7 @@ class Entity extends Ownable
     public function indexForSearch()
     {
         $searchService = app()->make(SearchService::class);
-        $searchService->indexEntity($this);
+        $searchService->indexEntity(clone $this);
     }
 
     /**

app/Entities/Managers/PageContent.php

@@ -108,7 +108,7 @@ class PageContent
     protected function toPlainText(): string
     {
         $html = $this->render(true);
-        return strip_tags($html);
+        return html_entity_decode(strip_tags($html));
     }
 
     /**

app/Entities/Page.php

@@ -21,12 +21,14 @@ use Permissions;
  */
 class Page extends BookChild
 {
-    protected $fillable = ['name', 'html', 'priority', 'markdown'];
+    protected $fillable = ['name', 'priority', 'markdown'];
 
     protected $simpleAttributes = ['name', 'id', 'slug'];
 
     public $textField = 'text';
 
+    protected $hidden = ['html', 'markdown', 'text', 'restricted', 'pivot'];
+
     /**
      * Get the entities that are visible to the current user.
      */

app/Entities/Repos/BookshelfRepo.php

@@ -28,8 +28,10 @@ class BookshelfRepo
      */
     public function getAllPaginated(int $count = 20, string $sort = 'name', string $order = 'asc'): LengthAwarePaginator
     {
-        return Bookshelf::visible()->with('visibleBooks')
-            ->orderBy($sort, $order)->paginate($count);
+        return Bookshelf::visible()
+            ->with('visibleBooks')
+            ->orderBy($sort, $order)
+            ->paginate($count);
     }
 
     /**
@@ -91,10 +93,14 @@ class BookshelfRepo
     /**
      * Create a new shelf in the system.
      */
-    public function update(Bookshelf $shelf, array $input, array $bookIds): Bookshelf
+    public function update(Bookshelf $shelf, array $input, ?array $bookIds): Bookshelf
     {
         $this->baseRepo->update($shelf, $input);
-        $this->updateBooks($shelf, $bookIds);
+
+        if (!is_null($bookIds)) {
+            $this->updateBooks($shelf, $bookIds);
+        }
+
         return $shelf;
     }
 

app/Entities/Repos/PageRepo.php

@@ -180,12 +180,11 @@ class PageRepo
             $page->template = ($input['template'] === 'true');
         }
 
+        $pageContent = new PageContent($page);
+        $pageContent->setNewHTML($input['html']);
         $this->baseRepo->update($page, $input);
 
         // Update with new details
-        $page->fill($input);
-        $pageContent = new PageContent($page);
-        $pageContent->setNewHTML($input['html']);
         $page->revision_count++;
 
         if (setting('app-editor') !== 'markdown') {
@@ -211,7 +210,7 @@ class PageRepo
      */
     protected function savePageRevision(Page $page, string $summary = null)
     {
-        $revision = new PageRevision($page->toArray());
+        $revision = new PageRevision($page->getAttributes());
 
         if (setting('app-editor') !== 'markdown') {
             $revision->markdown = '';
@@ -279,7 +278,7 @@ class PageRepo
         $revision = $page->revisions()->where('id', '=', $revisionId)->first();
         $page->fill($revision->toArray());
         $content = new PageContent($page);
-        $content->setNewHTML($page->html);
+        $content->setNewHTML($revision->html);
         $page->updated_by = user()->id;
         $page->refreshSlug();
         $page->save();

app/Entities/SearchOptions.php

@@ -0,0 +1,141 @@
+<?php namespace BookStack\Entities;
+
+use Illuminate\Http\Request;
+
+class SearchOptions
+{
+
+    /**
+     * @var array
+     */
+    public $searches = [];
+
+    /**
+     * @var array
+     */
+    public $exacts = [];
+
+    /**
+     * @var array
+     */
+    public $tags = [];
+
+    /**
+     * @var array
+     */
+    public $filters = [];
+
+    /**
+     * Create a new instance from a search string.
+     */
+    public static function fromString(string $search): SearchOptions
+    {
+        $decoded = static::decode($search);
+        $instance = new static();
+        foreach ($decoded as $type => $value) {
+            $instance->$type = $value;
+        }
+        return $instance;
+    }
+
+    /**
+     * Create a new instance from a request.
+     * Will look for a classic string term and use that
+     * Otherwise we'll use the details from an advanced search form.
+     */
+    public static function fromRequest(Request $request): SearchOptions
+    {
+        if (!$request->has('search') && !$request->has('term')) {
+            return static::fromString('');
+        }
+
+        if ($request->has('term')) {
+            return static::fromString($request->get('term'));
+        }
+
+        $instance = new static();
+        $inputs = $request->only(['search', 'types', 'filters', 'exact', 'tags']);
+        $instance->searches = explode(' ', $inputs['search'] ?? []);
+        $instance->exacts = array_filter($inputs['exact'] ?? []);
+        $instance->tags = array_filter($inputs['tags'] ?? []);
+        foreach (($inputs['filters'] ?? []) as $filterKey => $filterVal) {
+            if (empty($filterVal)) {
+                continue;
+            }
+            $instance->filters[$filterKey] = $filterVal === 'true' ? '' : $filterVal;
+        }
+        if (isset($inputs['types']) && count($inputs['types']) < 4) {
+            $instance->filters['type'] = implode('|', $inputs['types']);
+        }
+        return $instance;
+    }
+
+    /**
+     * Decode a search string into an array of terms.
+     */
+    protected static function decode(string $searchString): array
+    {
+        $terms = [
+            'searches' => [],
+            'exacts' => [],
+            'tags' => [],
+            'filters' => []
+        ];
+
+        $patterns = [
+            'exacts' => '/"(.*?)"/',
+            'tags' => '/\[(.*?)\]/',
+            'filters' => '/\{(.*?)\}/'
+        ];
+
+        // Parse special terms
+        foreach ($patterns as $termType => $pattern) {
+            $matches = [];
+            preg_match_all($pattern, $searchString, $matches);
+            if (count($matches) > 0) {
+                $terms[$termType] = $matches[1];
+                $searchString = preg_replace($pattern, '', $searchString);
+            }
+        }
+
+        // Parse standard terms
+        foreach (explode(' ', trim($searchString)) as $searchTerm) {
+            if ($searchTerm !== '') {
+                $terms['searches'][] = $searchTerm;
+            }
+        }
+
+        // Split filter values out
+        $splitFilters = [];
+        foreach ($terms['filters'] as $filter) {
+            $explodedFilter = explode(':', $filter, 2);
+            $splitFilters[$explodedFilter[0]] = (count($explodedFilter) > 1) ? $explodedFilter[1] : '';
+        }
+        $terms['filters'] = $splitFilters;
+
+        return $terms;
+    }
+
+    /**
+     * Encode this instance to a search string.
+     */
+    public function toString(): string
+    {
+        $string = implode(' ', $this->searches ?? []);
+
+        foreach ($this->exacts as $term) {
+            $string .= ' "' . $term . '"';
+        }
+
+        foreach ($this->tags as $term) {
+            $string .= " [{$term}]";
+        }
+
+        foreach ($this->filters as $filterName => $filterVal) {
+            $string .= ' {' . $filterName . ($filterVal ? ':' . $filterVal : '') . '}';
+        }
+
+        return $string;
+    }
+
+}

app/Entities/SearchService.php

@@ -39,10 +39,6 @@ class SearchService
 
     /**
      * SearchService constructor.
-     * @param SearchTerm $searchTerm
-     * @param EntityProvider $entityProvider
-     * @param Connection $db
-     * @param PermissionService $permissionService
      */
     public function __construct(SearchTerm $searchTerm, EntityProvider $entityProvider, Connection $db, PermissionService $permissionService)
     {
@@ -54,7 +50,6 @@ class SearchService
 
     /**
      * Set the database connection
-     * @param Connection $connection
      */
     public function setConnection(Connection $connection)
     {
@@ -63,23 +58,18 @@ class SearchService
 
     /**
      * Search all entities in the system.
-     * @param string $searchString
-     * @param string $entityType
-     * @param int $page
-     * @param int $count - Count of each entity to search, Total returned could can be larger and not guaranteed.
-     * @param string $action
-     * @return array[int, Collection];
+     * The provided count is for each entity to search,
+     * Total returned could can be larger and not guaranteed.
      */
-    public function searchEntities($searchString, $entityType = 'all', $page = 1, $count = 20, $action = 'view')
+    public function searchEntities(SearchOptions $searchOpts, string $entityType = 'all', int $page = 1, int $count = 20, string $action = 'view'): array
     {
-        $terms = $this->parseSearchString($searchString);
         $entityTypes = array_keys($this->entityProvider->all());
         $entityTypesToSearch = $entityTypes;
 
         if ($entityType !== 'all') {
             $entityTypesToSearch = $entityType;
-        } else if (isset($terms['filters']['type'])) {
-            $entityTypesToSearch = explode('|', $terms['filters']['type']);
+        } else if (isset($searchOpts->filters['type'])) {
+            $entityTypesToSearch = explode('|', $searchOpts->filters['type']);
         }
 
         $results = collect();
@@ -90,8 +80,8 @@ class SearchService
             if (!in_array($entityType, $entityTypes)) {
                 continue;
             }
-            $search = $this->searchEntityTable($terms, $entityType, $page, $count, $action);
-            $entityTotal = $this->searchEntityTable($terms, $entityType, $page, $count, $action, true);
+            $search = $this->searchEntityTable($searchOpts, $entityType, $page, $count, $action);
+            $entityTotal = $this->searchEntityTable($searchOpts, $entityType, $page, $count, $action, true);
             if ($entityTotal > $page * $count) {
                 $hasMore = true;
             }
@@ -103,29 +93,26 @@ class SearchService
             'total' => $total,
             'count' => count($results),
             'has_more' => $hasMore,
-            'results' => $results->sortByDesc('score')->values()
+            'results' => $results->sortByDesc('score')->values(),
         ];
     }
 
 
     /**
      * Search a book for entities
-     * @param integer $bookId
-     * @param string $searchString
-     * @return Collection
      */
-    public function searchBook($bookId, $searchString)
+    public function searchBook(int $bookId, string $searchString): Collection
     {
-        $terms = $this->parseSearchString($searchString);
+        $opts = SearchOptions::fromString($searchString);
         $entityTypes = ['page', 'chapter'];
-        $entityTypesToSearch = isset($terms['filters']['type']) ? explode('|', $terms['filters']['type']) : $entityTypes;
+        $entityTypesToSearch = isset($opts->filters['type']) ? explode('|', $opts->filters['type']) : $entityTypes;
 
         $results = collect();
         foreach ($entityTypesToSearch as $entityType) {
             if (!in_array($entityType, $entityTypes)) {
                 continue;
             }
-            $search = $this->buildEntitySearchQuery($terms, $entityType)->where('book_id', '=', $bookId)->take(20)->get();
+            $search = $this->buildEntitySearchQuery($opts, $entityType)->where('book_id', '=', $bookId)->take(20)->get();
             $results = $results->merge($search);
         }
         return $results->sortByDesc('score')->take(20);
@@ -133,30 +120,23 @@ class SearchService
 
     /**
      * Search a book for entities
-     * @param integer $chapterId
-     * @param string $searchString
-     * @return Collection
      */
-    public function searchChapter($chapterId, $searchString)
+    public function searchChapter(int $chapterId, string $searchString): Collection
     {
-        $terms = $this->parseSearchString($searchString);
-        $pages = $this->buildEntitySearchQuery($terms, 'page')->where('chapter_id', '=', $chapterId)->take(20)->get();
+        $opts = SearchOptions::fromString($searchString);
+        $pages = $this->buildEntitySearchQuery($opts, 'page')->where('chapter_id', '=', $chapterId)->take(20)->get();
         return $pages->sortByDesc('score');
     }
 
     /**
      * Search across a particular entity type.
-     * @param array $terms
-     * @param string $entityType
-     * @param int $page
-     * @param int $count
-     * @param string $action
-     * @param bool $getCount Return the total count of the search
+     * Setting getCount = true will return the total
+     * matching instead of the items themselves.
      * @return \Illuminate\Database\Eloquent\Collection|int|static[]
      */
-    public function searchEntityTable($terms, $entityType = 'page', $page = 1, $count = 20, $action = 'view', $getCount = false)
+    public function searchEntityTable(SearchOptions $searchOpts, string $entityType = 'page', int $page = 1, int $count = 20, string $action = 'view', bool $getCount = false)
     {
-        $query = $this->buildEntitySearchQuery($terms, $entityType, $action);
+        $query = $this->buildEntitySearchQuery($searchOpts, $entityType, $action);
         if ($getCount) {
             return $query->count();
         }
@@ -167,22 +147,18 @@ class SearchService
 
     /**
      * Create a search query for an entity
-     * @param array $terms
-     * @param string $entityType
-     * @param string $action
-     * @return EloquentBuilder
      */
-    protected function buildEntitySearchQuery($terms, $entityType = 'page', $action = 'view')
+    protected function buildEntitySearchQuery(SearchOptions $searchOpts, string $entityType = 'page', string $action = 'view'): EloquentBuilder
     {
         $entity = $this->entityProvider->get($entityType);
         $entitySelect = $entity->newQuery();
 
         // Handle normal search terms
-        if (count($terms['search']) > 0) {
+        if (count($searchOpts->searches) > 0) {
             $subQuery = $this->db->table('search_terms')->select('entity_id', 'entity_type', \DB::raw('SUM(score) as score'));
             $subQuery->where('entity_type', '=', $entity->getMorphClass());
-            $subQuery->where(function (Builder $query) use ($terms) {
-                foreach ($terms['search'] as $inputTerm) {
+            $subQuery->where(function (Builder $query) use ($searchOpts) {
+                foreach ($searchOpts->searches as $inputTerm) {
                     $query->orWhere('term', 'like', $inputTerm .'%');
                 }
             })->groupBy('entity_type', 'entity_id');
@@ -193,9 +169,9 @@ class SearchService
         }
 
         // Handle exact term matching
-        if (count($terms['exact']) > 0) {
-            $entitySelect->where(function (EloquentBuilder $query) use ($terms, $entity) {
-                foreach ($terms['exact'] as $inputTerm) {
+        if (count($searchOpts->exacts) > 0) {
+            $entitySelect->where(function (EloquentBuilder $query) use ($searchOpts, $entity) {
+                foreach ($searchOpts->exacts as $inputTerm) {
                     $query->where(function (EloquentBuilder $query) use ($inputTerm, $entity) {
                         $query->where('name', 'like', '%'.$inputTerm .'%')
                             ->orWhere($entity->textField, 'like', '%'.$inputTerm .'%');
@@ -205,12 +181,12 @@ class SearchService
         }
 
         // Handle tag searches
-        foreach ($terms['tags'] as $inputTerm) {
+        foreach ($searchOpts->tags as $inputTerm) {
             $this->applyTagSearch($entitySelect, $inputTerm);
         }
 
         // Handle filters
-        foreach ($terms['filters'] as $filterTerm => $filterValue) {
+        foreach ($searchOpts->filters as $filterTerm => $filterValue) {
             $functionName = Str::camel('filter_' . $filterTerm);
             if (method_exists($this, $functionName)) {
                 $this->$functionName($entitySelect, $entity, $filterValue);
@@ -220,60 +196,10 @@ class SearchService
         return $this->permissionService->enforceEntityRestrictions($entityType, $entitySelect, $action);
     }
 
-
-    /**
-     * Parse a search string into components.
-     * @param $searchString
-     * @return array
-     */
-    protected function parseSearchString($searchString)
-    {
-        $terms = [
-            'search' => [],
-            'exact' => [],
-            'tags' => [],
-            'filters' => []
-        ];
-
-        $patterns = [
-            'exact' => '/"(.*?)"/',
-            'tags' => '/\[(.*?)\]/',
-            'filters' => '/\{(.*?)\}/'
-        ];
-
-        // Parse special terms
-        foreach ($patterns as $termType => $pattern) {
-            $matches = [];
-            preg_match_all($pattern, $searchString, $matches);
-            if (count($matches) > 0) {
-                $terms[$termType] = $matches[1];
-                $searchString = preg_replace($pattern, '', $searchString);
-            }
-        }
-
-        // Parse standard terms
-        foreach (explode(' ', trim($searchString)) as $searchTerm) {
-            if ($searchTerm !== '') {
-                $terms['search'][] = $searchTerm;
-            }
-        }
-
-        // Split filter values out
-        $splitFilters = [];
-        foreach ($terms['filters'] as $filter) {
-            $explodedFilter = explode(':', $filter, 2);
-            $splitFilters[$explodedFilter[0]] = (count($explodedFilter) > 1) ? $explodedFilter[1] : '';
-        }
-        $terms['filters'] = $splitFilters;
-
-        return $terms;
-    }
-
     /**
      * Get the available query operators as a regex escaped list.
-     * @return mixed
      */
-    protected function getRegexEscapedOperators()
+    protected function getRegexEscapedOperators(): string
     {
         $escapedOperators = [];
         foreach ($this->queryOperators as $operator) {
@@ -284,11 +210,8 @@ class SearchService
 
     /**
      * Apply a tag search term onto a entity query.
-     * @param EloquentBuilder $query
-     * @param string $tagTerm
-     * @return mixed
      */
-    protected function applyTagSearch(EloquentBuilder $query, $tagTerm)
+    protected function applyTagSearch(EloquentBuilder $query, string $tagTerm): EloquentBuilder
     {
         preg_match("/^(.*?)((".$this->getRegexEscapedOperators().")(.*?))?$/", $tagTerm, $tagSplit);
         $query->whereHas('tags', function (EloquentBuilder $query) use ($tagSplit) {
@@ -318,7 +241,6 @@ class SearchService
 
     /**
      * Index the given entity.
-     * @param Entity $entity
      */
     public function indexEntity(Entity $entity)
     {

app/Entities/SlugGenerator.php

@@ -1,5 +1,7 @@
 <?php namespace BookStack\Entities;
 
+use Illuminate\Support\Str;
+
 class SlugGenerator
 {
 
@@ -32,9 +34,7 @@ class SlugGenerator
      */
     protected function formatNameAsSlug(string $name): string
     {
-        $slug = preg_replace('/[\+\/\\\?\@\}\{\.\,\=\[\]\#\&\!\*\'\;\:\$\%]/', '', mb_strtolower($name));
-        $slug = preg_replace('/\s{2,}/', ' ', $slug);
-        $slug = str_replace(' ', '-', $slug);
+        $slug = Str::slug($name);
         if ($slug === "") {
             $slug = substr(md5(rand(1, 500)), 0, 5);
         }

app/Exceptions/Handler.php

@@ -9,7 +9,6 @@ use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use Illuminate\Validation\ValidationException;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -26,6 +25,7 @@ class Handler extends ExceptionHandler
         HttpException::class,
         ModelNotFoundException::class,
         ValidationException::class,
+        NotFoundException::class,
     ];
 
     /**

app/Exceptions/NotifyException.php

@@ -8,8 +8,6 @@ class NotifyException extends \Exception
 
     /**
      * NotifyException constructor.
-     * @param string $message
-     * @param string    $redirectLocation
      */
     public function __construct(string $message, string $redirectLocation = "/")
     {

app/Http/Controllers/Api/BookApiController.php

@@ -8,7 +8,7 @@ use Illuminate\Contracts\Container\BindingResolutionException;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
 
-class BooksApiController extends ApiController
+class BookApiController extends ApiController
 {
 
     protected $bookRepo;
@@ -17,10 +17,12 @@ class BooksApiController extends ApiController
         'create' => [
             'name' => 'required|string|max:255',
             'description' => 'string|max:1000',
+            'tags' => 'array',
         ],
         'update' => [
             'name' => 'string|min:1|max:255',
             'description' => 'string|max:1000',
+            'tags' => 'array',
         ],
     ];
 

app/Http/Controllers/Api/BookExportApiController.php

@@ -0,0 +1,54 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Entities\Book;
+use BookStack\Entities\ExportService;
+use BookStack\Entities\Repos\BookRepo;
+use Throwable;
+
+class BookExportApiController extends ApiController
+{
+    protected $bookRepo;
+    protected $exportService;
+
+    /**
+     * BookExportController constructor.
+     */
+    public function __construct(BookRepo $bookRepo, ExportService $exportService)
+    {
+        $this->bookRepo = $bookRepo;
+        $this->exportService = $exportService;
+        parent::__construct();
+    }
+
+    /**
+     * Export a book as a PDF file.
+     * @throws Throwable
+     */
+    public function exportPdf(int $id)
+    {
+        $book = Book::visible()->findOrFail($id);
+        $pdfContent = $this->exportService->bookToPdf($book);
+        return $this->downloadResponse($pdfContent, $book->slug . '.pdf');
+    }
+
+    /**
+     * Export a book as a contained HTML file.
+     * @throws Throwable
+     */
+    public function exportHtml(int $id)
+    {
+        $book = Book::visible()->findOrFail($id);
+        $htmlContent = $this->exportService->bookToContainedHtml($book);
+        return $this->downloadResponse($htmlContent, $book->slug . '.html');
+    }
+
+    /**
+     * Export a book as a plain text file.
+     */
+    public function exportPlainText(int $id)
+    {
+        $book = Book::visible()->findOrFail($id);
+        $textContent = $this->exportService->bookToPlainText($book);
+        return $this->downloadResponse($textContent, $book->slug . '.txt');
+    }
+}

app/Http/Controllers/Api/BookshelfApiController.php

@@ -0,0 +1,122 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Facades\Activity;
+use BookStack\Entities\Repos\BookshelfRepo;
+use BookStack\Entities\Bookshelf;
+use Exception;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
+
+class BookshelfApiController extends ApiController
+{
+
+    /**
+     * @var BookshelfRepo
+     */
+    protected $bookshelfRepo;
+
+    protected $rules = [
+        'create' => [
+            'name' => 'required|string|max:255',
+            'description' => 'string|max:1000',
+            'books' => 'array',
+        ],
+        'update' => [
+            'name' => 'string|min:1|max:255',
+            'description' => 'string|max:1000',
+            'books' => 'array',
+        ],
+    ];
+
+    /**
+     * BookshelfApiController constructor.
+     * @param BookshelfRepo $bookshelfRepo
+     */
+    public function __construct(BookshelfRepo $bookshelfRepo)
+    {
+        $this->bookshelfRepo = $bookshelfRepo;
+    }
+
+    /**
+     * Get a listing of shelves visible to the user.
+     */
+    public function list()
+    {
+        $shelves = Bookshelf::visible();
+        return $this->apiListingResponse($shelves, [
+            'id', 'name', 'slug', 'description', 'created_at', 'updated_at', 'created_by', 'updated_by', 'image_id',
+        ]);
+    }
+
+    /**
+     * Create a new shelf in the system.
+     * An array of books IDs can be provided in the request. These
+     * will be added to the shelf in the same order as provided.
+     * @throws ValidationException
+     */
+    public function create(Request $request)
+    {
+        $this->checkPermission('bookshelf-create-all');
+        $requestData = $this->validate($request, $this->rules['create']);
+
+        $bookIds = $request->get('books', []);
+        $shelf = $this->bookshelfRepo->create($requestData, $bookIds);
+
+        Activity::add($shelf, 'bookshelf_create', $shelf->id);
+        return response()->json($shelf);
+    }
+
+    /**
+     * View the details of a single shelf.
+     */
+    public function read(string $id)
+    {
+        $shelf = Bookshelf::visible()->with([
+            'tags', 'cover', 'createdBy', 'updatedBy',
+            'books' => function (BelongsToMany $query) {
+                $query->visible()->get(['id', 'name', 'slug']);
+            }
+        ])->findOrFail($id);
+        return response()->json($shelf);
+    }
+
+    /**
+     * Update the details of a single shelf.
+     * An array of books IDs can be provided in the request. These
+     * will be added to the shelf in the same order as provided and overwrite
+     * any existing book assignments.
+     * @throws ValidationException
+     */
+    public function update(Request $request, string $id)
+    {
+        $shelf = Bookshelf::visible()->findOrFail($id);
+        $this->checkOwnablePermission('bookshelf-update', $shelf);
+
+        $requestData = $this->validate($request, $this->rules['update']);
+
+        $bookIds = $request->get('books', null);
+
+        $shelf = $this->bookshelfRepo->update($shelf, $requestData, $bookIds);
+        Activity::add($shelf, 'bookshelf_update', $shelf->id);
+
+        return response()->json($shelf);
+    }
+
+
+
+    /**
+     * Delete a single shelf from the system.
+     * @throws Exception
+     */
+    public function delete(string $id)
+    {
+        $shelf = Bookshelf::visible()->findOrFail($id);
+        $this->checkOwnablePermission('bookshelf-delete', $shelf);
+
+        $this->bookshelfRepo->destroy($shelf);
+        Activity::addMessage('bookshelf_delete', $shelf->name);
+
+        return response('', 204);
+    }
+}

app/Http/Controllers/Api/ChapterApiController.php

@@ -0,0 +1,104 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Entities\Book;
+use BookStack\Entities\Chapter;
+use BookStack\Entities\Repos\ChapterRepo;
+use BookStack\Facades\Activity;
+use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Http\Request;
+
+class ChapterApiController extends ApiController
+{
+    protected $chapterRepo;
+
+    protected $rules = [
+        'create' => [
+            'book_id' => 'required|integer',
+            'name' => 'required|string|max:255',
+            'description' => 'string|max:1000',
+            'tags' => 'array',
+        ],
+        'update' => [
+            'book_id' => 'integer',
+            'name' => 'string|min:1|max:255',
+            'description' => 'string|max:1000',
+            'tags' => 'array',
+        ],
+    ];
+
+    /**
+     * ChapterController constructor.
+     */
+    public function __construct(ChapterRepo $chapterRepo)
+    {
+        $this->chapterRepo = $chapterRepo;
+    }
+
+    /**
+     * Get a listing of chapters visible to the user.
+     */
+    public function list()
+    {
+        $chapters = Chapter::visible();
+        return $this->apiListingResponse($chapters, [
+            'id', 'book_id', 'name', 'slug', 'description', 'priority',
+            'created_at', 'updated_at', 'created_by', 'updated_by',
+        ]);
+    }
+
+    /**
+     * Create a new chapter in the system.
+     */
+    public function create(Request $request)
+    {
+        $this->validate($request, $this->rules['create']);
+
+        $bookId = $request->get('book_id');
+        $book = Book::visible()->findOrFail($bookId);
+        $this->checkOwnablePermission('chapter-create', $book);
+
+        $chapter = $this->chapterRepo->create($request->all(), $book);
+        Activity::add($chapter, 'chapter_create', $book->id);
+
+        return response()->json($chapter->load(['tags']));
+    }
+
+    /**
+     * View the details of a single chapter.
+     */
+    public function read(string $id)
+    {
+        $chapter = Chapter::visible()->with(['tags', 'createdBy', 'updatedBy', 'pages' => function (HasMany $query) {
+            $query->visible()->get(['id', 'name', 'slug']);
+        }])->findOrFail($id);
+        return response()->json($chapter);
+    }
+
+    /**
+     * Update the details of a single chapter.
+     */
+    public function update(Request $request, string $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $this->checkOwnablePermission('chapter-update', $chapter);
+
+        $updatedChapter = $this->chapterRepo->update($chapter, $request->all());
+        Activity::add($chapter, 'chapter_update', $chapter->book->id);
+
+        return response()->json($updatedChapter->load(['tags']));
+    }
+
+    /**
+     * Delete a chapter from the system.
+     */
+    public function delete(string $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $this->checkOwnablePermission('chapter-delete', $chapter);
+
+        $this->chapterRepo->destroy($chapter);
+        Activity::addMessage('chapter_delete', $chapter->name, $chapter->book->id);
+
+        return response('', 204);
+    }
+}

app/Http/Controllers/Api/ChapterExportApiController.php

@@ -0,0 +1,54 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Entities\Chapter;
+use BookStack\Entities\ExportService;
+use BookStack\Entities\Repos\BookRepo;
+use Throwable;
+
+class ChapterExportApiController extends ApiController
+{
+    protected $chapterRepo;
+    protected $exportService;
+
+    /**
+     * ChapterExportController constructor.
+     */
+    public function __construct(BookRepo $chapterRepo, ExportService $exportService)
+    {
+        $this->chapterRepo = $chapterRepo;
+        $this->exportService = $exportService;
+        parent::__construct();
+    }
+
+    /**
+     * Export a chapter as a PDF file.
+     * @throws Throwable
+     */
+    public function exportPdf(int $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $pdfContent = $this->exportService->chapterToPdf($chapter);
+        return $this->downloadResponse($pdfContent, $chapter->slug . '.pdf');
+    }
+
+    /**
+     * Export a chapter as a contained HTML file.
+     * @throws Throwable
+     */
+    public function exportHtml(int $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $htmlContent = $this->exportService->chapterToContainedHtml($chapter);
+        return $this->downloadResponse($htmlContent, $chapter->slug . '.html');
+    }
+
+    /**
+     * Export a chapter as a plain text file.
+     */
+    public function exportPlainText(int $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $textContent = $this->exportService->chapterToPlainText($chapter);
+        return $this->downloadResponse($textContent, $chapter->slug . '.txt');
+    }
+}

app/Http/Controllers/AttachmentController.php

@@ -8,6 +8,7 @@ use BookStack\Uploads\AttachmentService;
 use Exception;
 use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use Illuminate\Http\Request;
+use Illuminate\Support\MessageBag;
 use Illuminate\Validation\ValidationException;
 
 class AttachmentController extends Controller
@@ -60,25 +61,17 @@ class AttachmentController extends Controller
     /**
      * Update an uploaded attachment.
      * @throws ValidationException
-     * @throws NotFoundException
      */
     public function uploadUpdate(Request $request, $attachmentId)
     {
         $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id',
             'file' => 'required|file'
         ]);
 
-        $pageId = $request->get('uploaded_to');
-        $page = $this->pageRepo->getById($pageId);
-        $attachment = $this->attachment->findOrFail($attachmentId);
-
-        $this->checkOwnablePermission('page-update', $page);
+        $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
+        $this->checkOwnablePermission('view', $attachment->page);
+        $this->checkOwnablePermission('page-update', $attachment->page);
         $this->checkOwnablePermission('attachment-create', $attachment);
-        
-        if (intval($pageId) !== intval($attachment->uploaded_to)) {
-            return $this->jsonError(trans('errors.attachment_page_mismatch'));
-        }
 
         $uploadedFile = $request->file('file');
 
@@ -92,57 +85,87 @@ class AttachmentController extends Controller
     }
 
     /**
-     * Update the details of an existing file.
-     * @throws ValidationException
-     * @throws NotFoundException
+     * Get the update form for an attachment.
+     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
-    public function update(Request $request, $attachmentId)
+    public function getUpdateForm(string $attachmentId)
     {
-        $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id',
-            'name' => 'required|string|min:1|max:255',
-            'link' =>  'string|min:1|max:255'
-        ]);
-
-        $pageId = $request->get('uploaded_to');
-        $page = $this->pageRepo->getById($pageId);
         $attachment = $this->attachment->findOrFail($attachmentId);
 
-        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('page-update', $attachment->page);
         $this->checkOwnablePermission('attachment-create', $attachment);
 
-        if (intval($pageId) !== intval($attachment->uploaded_to)) {
-            return $this->jsonError(trans('errors.attachment_page_mismatch'));
+        return view('attachments.manager-edit-form', [
+            'attachment' => $attachment,
+        ]);
+    }
+
+    /**
+     * Update the details of an existing file.
+     */
+    public function update(Request $request, string $attachmentId)
+    {
+        $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
+
+        try {
+            $this->validate($request, [
+                'attachment_edit_name' => 'required|string|min:1|max:255',
+                'attachment_edit_url' =>  'string|min:1|max:255'
+            ]);
+        } catch (ValidationException $exception) {
+            return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
+                'attachment' => $attachment,
+                'errors' => new MessageBag($exception->errors()),
+            ]), 422);
         }
 
-        $attachment = $this->attachmentService->updateFile($attachment, $request->all());
-        return response()->json($attachment);
+        $this->checkOwnablePermission('view', $attachment->page);
+        $this->checkOwnablePermission('page-update', $attachment->page);
+        $this->checkOwnablePermission('attachment-create', $attachment);
+
+        $attachment = $this->attachmentService->updateFile($attachment, [
+            'name' => $request->get('attachment_edit_name'),
+            'link' => $request->get('attachment_edit_url'),
+        ]);
+
+        return view('attachments.manager-edit-form', [
+            'attachment' => $attachment,
+        ]);
     }
 
     /**
      * Attach a link to a page.
-     * @throws ValidationException
      * @throws NotFoundException
      */
     public function attachLink(Request $request)
     {
-        $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id',
-            'name' => 'required|string|min:1|max:255',
-            'link' =>  'required|string|min:1|max:255'
-        ]);
+        $pageId = $request->get('attachment_link_uploaded_to');
+
+        try {
+            $this->validate($request, [
+                'attachment_link_uploaded_to' => 'required|integer|exists:pages,id',
+                'attachment_link_name' => 'required|string|min:1|max:255',
+                'attachment_link_url' =>  'required|string|min:1|max:255'
+            ]);
+        } catch (ValidationException $exception) {
+            return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
+                'pageId' => $pageId,
+                'errors' => new MessageBag($exception->errors()),
+            ]), 422);
+        }
 
-        $pageId = $request->get('uploaded_to');
         $page = $this->pageRepo->getById($pageId);
 
         $this->checkPermission('attachment-create-all');
         $this->checkOwnablePermission('page-update', $page);
 
-        $attachmentName = $request->get('name');
-        $link = $request->get('link');
+        $attachmentName = $request->get('attachment_link_name');
+        $link = $request->get('attachment_link_url');
         $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
 
-        return response()->json($attachment);
+        return view('attachments.manager-link-form', [
+            'pageId' => $pageId,
+        ]);
     }
 
     /**
@@ -152,7 +175,9 @@ class AttachmentController extends Controller
     {
         $page = $this->pageRepo->getById($pageId);
         $this->checkOwnablePermission('page-view', $page);
-        return response()->json($page->attachments);
+        return view('attachments.manager-list', [
+            'attachments' => $page->attachments->all(),
+        ]);
     }
 
     /**
@@ -163,14 +188,13 @@ class AttachmentController extends Controller
     public function sortForPage(Request $request, int $pageId)
     {
         $this->validate($request, [
-            'files' => 'required|array',
-            'files.*.id' => 'required|integer',
+            'order' => 'required|array',
         ]);
         $page = $this->pageRepo->getById($pageId);
         $this->checkOwnablePermission('page-update', $page);
 
-        $attachments = $request->get('files');
-        $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
+        $attachmentOrder = $request->get('order');
+        $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
         return response()->json(['message' => trans('entities.attachments_order_updated')]);
     }
 
@@ -179,7 +203,7 @@ class AttachmentController extends Controller
      * @throws FileNotFoundException
      * @throws NotFoundException
      */
-    public function get(int $attachmentId)
+    public function get(string $attachmentId)
     {
         $attachment = $this->attachment->findOrFail($attachmentId);
         try {
@@ -200,11 +224,9 @@ class AttachmentController extends Controller
 
     /**
      * Delete a specific attachment in the system.
-     * @param $attachmentId
-     * @return mixed
      * @throws Exception
      */
-    public function delete(int $attachmentId)
+    public function delete(string $attachmentId)
     {
         $attachment = $this->attachment->findOrFail($attachmentId);
         $this->checkOwnablePermission('attachment-delete', $attachment);

app/Http/Controllers/AuditLogController.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace BookStack\Http\Controllers;
+
+use BookStack\Actions\Activity;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+
+class AuditLogController extends Controller
+{
+
+    public function index(Request $request)
+    {
+        $this->checkPermission('settings-manage');
+        $this->checkPermission('users-manage');
+
+        $listDetails = [
+            'order' => $request->get('order', 'desc'),
+            'event' => $request->get('event', ''),
+            'sort' => $request->get('sort', 'created_at'),
+            'date_from' => $request->get('date_from', ''),
+            'date_to' => $request->get('date_to', ''),
+        ];
+
+        $query = Activity::query()
+            ->with(['entity', 'user'])
+            ->orderBy($listDetails['sort'], $listDetails['order']);
+
+        if ($listDetails['event']) {
+            $query->where('key', '=', $listDetails['event']);
+        }
+
+        if ($listDetails['date_from']) {
+            $query->where('created_at', '>=', $listDetails['date_from']);
+        }
+        if ($listDetails['date_to']) {
+            $query->where('created_at', '<=', $listDetails['date_to']);
+        }
+
+        $activities = $query->paginate(100);
+        $activities->appends($listDetails);
+
+        $keys = DB::table('activities')->select('key')->distinct()->pluck('key');
+        $this->setPageTitle(trans('settings.audit'));
+        return view('settings.audit', [
+            'activities' => $activities,
+            'listDetails' => $listDetails,
+            'activityKeys' => $keys,
+        ]);
+    }
+}

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -5,7 +5,7 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\Request;
-use Password;
+use Illuminate\Support\Facades\Password;
 
 class ForgotPasswordController extends Controller
 {
@@ -52,8 +52,8 @@ class ForgotPasswordController extends Controller
             $request->only('email')
         );
 
-        if ($response === Password::RESET_LINK_SENT) {
-            $message = trans('auth.reset_password_sent_success', ['email' => $request->get('email')]);
+        if ($response === Password::RESET_LINK_SENT || $response === Password::INVALID_USER) {
+            $message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);
             $this->showSuccessNotification($message);
             return back()->with('status', trans($response));
         }

app/Http/Controllers/Auth/LoginController.php

@@ -2,6 +2,7 @@
 
 namespace BookStack\Http\Controllers\Auth;
 
+use Activity;
 use BookStack\Auth\Access\SocialAuthService;
 use BookStack\Exceptions\LoginAttemptEmailNeededException;
 use BookStack\Exceptions\LoginAttemptException;
@@ -76,9 +77,13 @@ class LoginController extends Controller
             ]);
         }
 
+        // Store the previous location for redirect after login
         $previous = url()->previous('');
-        if (setting('app-public') && $previous && $previous !== url('/login')) {
-            redirect()->setIntendedUrl($previous);
+        if ($previous && $previous !== url('/login') && setting('app-public')) {
+            $isPreviousFromInstance = (strpos($previous, url('/')) === 0);
+            if ($isPreviousFromInstance) {
+                redirect()->setIntendedUrl($previous);
+            }
         }
 
         return view('auth.login', [
@@ -98,6 +103,7 @@ class LoginController extends Controller
     public function login(Request $request)
     {
         $this->validateLogin($request);
+        $username = $request->get($this->username());
 
         // If the class is using the ThrottlesLogins trait, we can automatically throttle
         // the login attempts for this application. We'll key this by the username and
@@ -106,6 +112,7 @@ class LoginController extends Controller
             $this->hasTooManyLoginAttempts($request)) {
             $this->fireLockoutEvent($request);
 
+            Activity::logFailedLogin($username);
             return $this->sendLockoutResponse($request);
         }
 
@@ -114,6 +121,7 @@ class LoginController extends Controller
                 return $this->sendLoginResponse($request);
             }
         } catch (LoginAttemptException $exception) {
+            Activity::logFailedLogin($username);
             return $this->sendLoginAttemptExceptionResponse($exception, $request);
         }
 
@@ -122,9 +130,30 @@ class LoginController extends Controller
         // user surpasses their maximum number of attempts they will get locked out.
         $this->incrementLoginAttempts($request);
 
+        Activity::logFailedLogin($username);
         return $this->sendFailedLoginResponse($request);
     }
 
+    /**
+     * The user has been authenticated.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  mixed  $user
+     * @return mixed
+     */
+    protected function authenticated(Request $request, $user)
+    {
+        // Authenticate on all session guards if a likely admin
+        if ($user->can('users-manage') && $user->can('user-roles-manage')) {
+            $guards = ['standard', 'ldap', 'saml2'];
+            foreach ($guards as $guard) {
+                auth($guard)->login($user);
+            }
+        }
+
+        return redirect()->intended($this->redirectPath());
+    }
+
     /**
      * Validate the user login request.
      *

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -5,6 +5,7 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ResetsPasswords;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Password;
 
 class ResetPasswordController extends Controller
 {
@@ -49,4 +50,24 @@ class ResetPasswordController extends Controller
         return redirect($this->redirectPath())
             ->with('status', trans($response));
     }
+
+    /**
+     * Get the response for a failed password reset.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  string  $response
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
+     */
+    protected function sendResetFailedResponse(Request $request, $response)
+    {
+        // We show invalid users as invalid tokens as to not leak what
+        // users may exist in the system.
+        if ($response === Password::INVALID_USER) {
+            $response = Password::INVALID_TOKEN;
+        }
+
+        return redirect()->back()
+            ->withInput($request->only('email'))
+            ->withErrors(['email' => trans($response)]);
+    }
 }

app/Http/Controllers/BookController.php

@@ -114,6 +114,7 @@ class BookController extends Controller
     {
         $book = $this->bookRepo->getBySlug($slug);
         $bookChildren = (new BookContents($book))->getTree(true);
+        $bookParentShelves = $book->shelves()->visible()->get();
 
         Views::add($book);
         if ($request->has('shelf')) {
@@ -125,6 +126,7 @@ class BookController extends Controller
             'book' => $book,
             'current' => $book,
             'bookChildren' => $bookChildren,
+            'bookParentShelves' => $bookParentShelves,
             'activity' => Activity::entityActivity($book, 20, 1)
         ]);
     }

app/Http/Controllers/BookshelfController.php

@@ -107,10 +107,12 @@ class BookshelfController extends Controller
 
         Views::add($shelf);
         $this->entityContextManager->setShelfContext($shelf->id);
+        $view = setting()->getForCurrentUser('bookshelf_view_type', config('app.views.books'));
 
         $this->setPageTitle($shelf->getShortName());
         return view('shelves.show', [
             'shelf' => $shelf,
+            'view' => $view,
             'activity' => Activity::entityActivity($shelf, 20, 1)
         ]);
     }

app/Http/Controllers/CommentController.php

@@ -10,9 +10,6 @@ class CommentController extends Controller
 {
     protected $commentRepo;
 
-    /**
-     * CommentController constructor.
-     */
     public function __construct(CommentRepo $commentRepo)
     {
         $this->commentRepo = $commentRepo;
@@ -23,11 +20,11 @@ class CommentController extends Controller
      * Save a new comment for a Page
      * @throws ValidationException
      */
-    public function savePageComment(Request $request, int $pageId, int $commentId = null)
+    public function savePageComment(Request $request, int $pageId)
     {
         $this->validate($request, [
             'text' => 'required|string',
-            'html' => 'required|string',
+            'parent_id' => 'nullable|integer',
         ]);
 
         $page = Page::visible()->find($pageId);
@@ -35,8 +32,6 @@ class CommentController extends Controller
             return response('Not found', 404);
         }
 
-        $this->checkOwnablePermission('page-view', $page);
-
         // Prevent adding comments to draft pages
         if ($page->draft) {
             return $this->jsonError(trans('errors.cannot_add_comment_to_draft'), 400);
@@ -44,7 +39,7 @@ class CommentController extends Controller
 
         // Create a new comment.
         $this->checkPermission('comment-create-all');
-        $comment = $this->commentRepo->create($page, $request->only(['html', 'text', 'parent_id']));
+        $comment = $this->commentRepo->create($page, $request->get('text'), $request->get('parent_id'));
         Activity::add($page, 'commented_on', $page->book->id);
         return view('comments.comment', ['comment' => $comment]);
     }
@@ -57,14 +52,13 @@ class CommentController extends Controller
     {
         $this->validate($request, [
             'text' => 'required|string',
-            'html' => 'required|string',
         ]);
 
         $comment = $this->commentRepo->getById($commentId);
         $this->checkOwnablePermission('page-view', $comment->entity);
         $this->checkOwnablePermission('comment-update', $comment);
 
-        $comment = $this->commentRepo->update($comment, $request->only(['html', 'text']));
+        $comment = $this->commentRepo->update($comment, $request->get('text'));
         return view('comments.comment', ['comment' => $comment]);
     }
 

app/Http/Controllers/Controller.php

@@ -8,6 +8,7 @@ use Illuminate\Foundation\Validation\ValidatesRequests;
 use Illuminate\Http\Exceptions\HttpResponseException;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Validation\ValidationException;
 
 abstract class Controller extends BaseController
 {
@@ -132,23 +133,6 @@ abstract class Controller extends BaseController
         return response()->json(['message' => $messageText, 'status' => 'error'], $statusCode);
     }
 
-    /**
-     * Create the response for when a request fails validation.
-     * @param  \Illuminate\Http\Request  $request
-     * @param  array  $errors
-     * @return \Symfony\Component\HttpFoundation\Response
-     */
-    protected function buildFailedValidationResponse(Request $request, array $errors)
-    {
-        if ($request->expectsJson()) {
-            return response()->json(['validation' => $errors], 422);
-        }
-
-        return redirect()->to($this->getRedirectUrl())
-            ->withInput($request->input())
-            ->withErrors($errors, $this->errorBag());
-    }
-
     /**
      * Create a response that forces a download in the browser.
      * @param string $content
@@ -195,6 +179,6 @@ abstract class Controller extends BaseController
      */
     protected function getImageValidationRules(): string
     {
-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
+        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,webp';
     }
 }

app/Http/Controllers/HomeController.php

@@ -69,11 +69,7 @@ class HomeController extends Controller
         }
 
         if ($homepageOption === 'bookshelves') {
-            $shelfRepo = app(BookshelfRepo::class);
             $shelves = app(BookshelfRepo::class)->getAllPaginated(18, $commonData['sort'], $commonData['order']);
-            foreach ($shelves as $shelf) {
-                $shelf->books = $shelf->visibleBooks;
-            }
             $data = array_merge($commonData, ['shelves' => $shelves]);
             return view('common.home-shelves', $data);
         }

app/Http/Controllers/Images/DrawioImageController.php

@@ -4,6 +4,7 @@ namespace BookStack\Http\Controllers\Images;
 
 use BookStack\Exceptions\ImageUploadException;
 use BookStack\Uploads\ImageRepo;
+use Exception;
 use Illuminate\Http\Request;
 use BookStack\Http\Controllers\Controller;
 
@@ -11,10 +12,6 @@ class DrawioImageController extends Controller
 {
     protected $imageRepo;
 
-    /**
-     * DrawioImageController constructor.
-     * @param ImageRepo $imageRepo
-     */
     public function __construct(ImageRepo $imageRepo)
     {
         $this->imageRepo = $imageRepo;
@@ -24,8 +21,6 @@ class DrawioImageController extends Controller
     /**
      * Get a list of gallery images, in a list.
      * Can be paged and filtered by entity.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function list(Request $request)
     {
@@ -35,14 +30,15 @@ class DrawioImageController extends Controller
         $parentTypeFilter = $request->get('filter_type', null);
 
         $imgData = $this->imageRepo->getEntityFiltered('drawio', $parentTypeFilter, $page, 24, $uploadedToFilter, $searchTerm);
-        return response()->json($imgData);
+        return view('components.image-manager-list', [
+            'images' => $imgData['images'],
+            'hasMore' => $imgData['has_more'],
+        ]);
     }
 
     /**
      * Store a new gallery image in the system.
-     * @param Request $request
-     * @return Illuminate\Http\JsonResponse
-     * @throws \Exception
+     * @throws Exception
      */
     public function create(Request $request)
     {
@@ -66,8 +62,6 @@ class DrawioImageController extends Controller
 
     /**
      * Get the content of an image based64 encoded.
-     * @param $id
-     * @return \Illuminate\Http\JsonResponse|mixed
      */
     public function getAsBase64($id)
     {
@@ -81,6 +75,7 @@ class DrawioImageController extends Controller
         if ($imageData === null) {
             return $this->jsonError("Image data could not be found");
         }
+
         return response()->json([
             'content' => base64_encode($imageData)
         ]);

app/Http/Controllers/Images/GalleryImageController.php

@@ -6,6 +6,7 @@ use BookStack\Exceptions\ImageUploadException;
 use BookStack\Uploads\ImageRepo;
 use Illuminate\Http\Request;
 use BookStack\Http\Controllers\Controller;
+use Illuminate\Validation\ValidationException;
 
 class GalleryImageController extends Controller
 {
@@ -13,7 +14,6 @@ class GalleryImageController extends Controller
 
     /**
      * GalleryImageController constructor.
-     * @param ImageRepo $imageRepo
      */
     public function __construct(ImageRepo $imageRepo)
     {
@@ -24,8 +24,6 @@ class GalleryImageController extends Controller
     /**
      * Get a list of gallery images, in a list.
      * Can be paged and filtered by entity.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function list(Request $request)
     {
@@ -35,14 +33,15 @@ class GalleryImageController extends Controller
         $parentTypeFilter = $request->get('filter_type', null);
 
         $imgData = $this->imageRepo->getEntityFiltered('gallery', $parentTypeFilter, $page, 24, $uploadedToFilter, $searchTerm);
-        return response()->json($imgData);
+        return view('components.image-manager-list', [
+            'images' => $imgData['images'],
+            'hasMore' => $imgData['has_more'],
+        ]);
     }
 
     /**
      * Store a new gallery image in the system.
-     * @param Request $request
-     * @return Illuminate\Http\JsonResponse
-     * @throws \Exception
+     * @throws ValidationException
      */
     public function create(Request $request)
     {

app/Http/Controllers/Images/ImageController.php

@@ -6,8 +6,11 @@ use BookStack\Http\Controllers\Controller;
 use BookStack\Repos\PageRepo;
 use BookStack\Uploads\Image;
 use BookStack\Uploads\ImageRepo;
+use Exception;
 use Illuminate\Filesystem\Filesystem as File;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
 
 class ImageController extends Controller
 {
@@ -17,9 +20,6 @@ class ImageController extends Controller
 
     /**
      * ImageController constructor.
-     * @param Image $image
-     * @param File $file
-     * @param ImageRepo $imageRepo
      */
     public function __construct(Image $image, File $file, ImageRepo $imageRepo)
     {
@@ -31,8 +31,6 @@ class ImageController extends Controller
 
     /**
      * Provide an image file from storage.
-     * @param string $path
-     * @return mixed
      */
     public function showImage(string $path)
     {
@@ -47,13 +45,10 @@ class ImageController extends Controller
 
     /**
      * Update image details
-     * @param Request $request
-     * @param integer $id
-     * @return \Illuminate\Http\JsonResponse
      * @throws ImageUploadException
-     * @throws \Exception
+     * @throws ValidationException
      */
-    public function update(Request $request, $id)
+    public function update(Request $request, string $id)
     {
         $this->validate($request, [
             'name' => 'required|min:2|string'
@@ -64,47 +59,50 @@ class ImageController extends Controller
         $this->checkOwnablePermission('image-update', $image);
 
         $image = $this->imageRepo->updateImageDetails($image, $request->all());
-        return response()->json($image);
+
+        $this->imageRepo->loadThumbs($image);
+        return view('components.image-manager-form', [
+            'image' => $image,
+            'dependantPages' => null,
+        ]);
     }
 
     /**
-     * Show the usage of an image on pages.
+     * Get the form for editing the given image.
+     * @throws Exception
      */
-    public function usage(int $id)
+    public function edit(Request $request, string $id)
     {
         $image = $this->imageRepo->getById($id);
         $this->checkImagePermission($image);
 
-        $pages = Page::visible()->where('html', 'like', '%' . $image->url . '%')->get(['id', 'name', 'slug', 'book_id']);
-        foreach ($pages as $page) {
-            $page->url = $page->getUrl();
-            $page->html = '';
-            $page->text = '';
+        if ($request->has('delete')) {
+            $dependantPages = $this->imageRepo->getPagesUsingImage($image);
         }
-        $result = count($pages) > 0 ? $pages : false;
 
-        return response()->json($result);
+        $this->imageRepo->loadThumbs($image);
+        return view('components.image-manager-form', [
+            'image' => $image,
+            'dependantPages' => $dependantPages ?? null,
+        ]);
     }
 
     /**
      * Deletes an image and all thumbnail/image files
-     * @param int $id
-     * @return \Illuminate\Http\JsonResponse
-     * @throws \Exception
+     * @throws Exception
      */
-    public function destroy($id)
+    public function destroy(string $id)
     {
         $image = $this->imageRepo->getById($id);
         $this->checkOwnablePermission('image-delete', $image);
         $this->checkImagePermission($image);
 
         $this->imageRepo->destroyImage($image);
-        return response()->json(trans('components.images_deleted'));
+        return response('');
     }
 
     /**
      * Check related page permission and ensure type is drawio or gallery.
-     * @param Image $image
      */
     protected function checkImagePermission(Image $image)
     {

app/Http/Controllers/MaintenanceController.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace BookStack\Http\Controllers;
+
+use BookStack\Notifications\TestEmail;
+use BookStack\Uploads\ImageService;
+use Illuminate\Http\Request;
+
+class MaintenanceController extends Controller
+{
+    /**
+     * Show the page for application maintenance.
+     */
+    public function index()
+    {
+        $this->checkPermission('settings-manage');
+        $this->setPageTitle(trans('settings.maint'));
+
+        // Get application version
+        $version = trim(file_get_contents(base_path('version')));
+
+        return view('settings.maintenance', ['version' => $version]);
+    }
+
+    /**
+     * Action to clean-up images in the system.
+     */
+    public function cleanupImages(Request $request, ImageService $imageService)
+    {
+        $this->checkPermission('settings-manage');
+
+        $checkRevisions = !($request->get('ignore_revisions', 'false') === 'true');
+        $dryRun = !($request->has('confirm'));
+
+        $imagesToDelete = $imageService->deleteUnusedImages($checkRevisions, $dryRun);
+        $deleteCount = count($imagesToDelete);
+        if ($deleteCount === 0) {
+            $this->showWarningNotification(trans('settings.maint_image_cleanup_nothing_found'));
+            return redirect('/settings/maintenance')->withInput();
+        }
+
+        if ($dryRun) {
+            session()->flash('cleanup-images-warning', trans('settings.maint_image_cleanup_warning', ['count' => $deleteCount]));
+        } else {
+            $this->showSuccessNotification(trans('settings.maint_image_cleanup_success', ['count' => $deleteCount]));
+        }
+
+        return redirect('/settings/maintenance#image-cleanup')->withInput();
+    }
+
+    /**
+     * Action to send a test e-mail to the current user.
+     */
+    public function sendTestEmail()
+    {
+        $this->checkPermission('settings-manage');
+
+        try {
+            user()->notify(new TestEmail());
+            $this->showSuccessNotification(trans('settings.maint_send_test_email_success', ['address' => user()->email]));
+        } catch (\Exception $exception) {
+            $errorMessage = trans('errors.maintenance_test_email_failure') . "\n" . $exception->getMessage();
+            $this->showErrorNotification($errorMessage);
+        }
+
+        return redirect('/settings/maintenance#image-cleanup')->withInput();
+    }
+}

app/Http/Controllers/PageController.php

@@ -163,6 +163,8 @@ class PageController extends Controller
     public function getPageAjax(int $pageId)
     {
         $page = $this->pageRepo->getById($pageId);
+        $page->setHidden(array_diff($page->getHidden(), ['html', 'markdown']));
+        $page->addHidden(['book']);
         return response()->json($page);
     }
 

app/Http/Controllers/PageRevisionController.php

@@ -1,5 +1,6 @@
 <?php namespace BookStack\Http\Controllers;
 
+use BookStack\Entities\Managers\PageContent;
 use BookStack\Entities\Repos\PageRepo;
 use BookStack\Exceptions\NotFoundException;
 use BookStack\Facades\Activity;
@@ -46,6 +47,9 @@ class PageRevisionController extends Controller
         }
 
         $page->fill($revision->toArray());
+        // TODO - Refactor PageContent so we don't need to juggle this
+        $page->html = $revision->html;
+        $page->html = (new PageContent($page))->render();
 
         $this->setPageTitle(trans('entities.pages_revision_named', ['pageName' => $page->getShortName()]));
         return view('pages.revision', [
@@ -73,6 +77,9 @@ class PageRevisionController extends Controller
         $diff = (new Htmldiff)->diff($prevContent, $revision->html);
 
         $page->fill($revision->toArray());
+        // TODO - Refactor PageContent so we don't need to juggle this
+        $page->html = $revision->html;
+        $page->html = (new PageContent($page))->render();
         $this->setPageTitle(trans('entities.pages_revision_named', ['pageName'=>$page->getShortName()]));
 
         return view('pages.revision', [

app/Http/Controllers/PermissionController.php

@@ -2,7 +2,9 @@
 
 use BookStack\Auth\Permissions\PermissionsRepo;
 use BookStack\Exceptions\PermissionsException;
+use Exception;
 use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
 
 class PermissionController extends Controller
 {
@@ -11,7 +13,6 @@ class PermissionController extends Controller
 
     /**
      * PermissionController constructor.
-     * @param \BookStack\Auth\Permissions\PermissionsRepo $permissionsRepo
      */
     public function __construct(PermissionsRepo $permissionsRepo)
     {
@@ -31,7 +32,6 @@ class PermissionController extends Controller
 
     /**
      * Show the form to create a new role
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
     public function createRole()
     {
@@ -41,15 +41,13 @@ class PermissionController extends Controller
 
     /**
      * Store a new role in the system.
-     * @param Request $request
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      */
     public function storeRole(Request $request)
     {
         $this->checkPermission('user-roles-manage');
         $this->validate($request, [
-            'display_name' => 'required|min:3|max:200',
-            'description' => 'max:250'
+            'display_name' => 'required|min:3|max:180',
+            'description' => 'max:180'
         ]);
 
         $this->permissionsRepo->saveNewRole($request->all());
@@ -59,11 +57,9 @@ class PermissionController extends Controller
 
     /**
      * Show the form for editing a user role.
-     * @param $id
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      * @throws PermissionsException
      */
-    public function editRole($id)
+    public function editRole(string $id)
     {
         $this->checkPermission('user-roles-manage');
         $role = $this->permissionsRepo->getRoleById($id);
@@ -75,18 +71,14 @@ class PermissionController extends Controller
 
     /**
      * Updates a user role.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
-     * @throws PermissionsException
-     * @throws \Illuminate\Validation\ValidationException
+     * @throws ValidationException
      */
-    public function updateRole(Request $request, $id)
+    public function updateRole(Request $request, string $id)
     {
         $this->checkPermission('user-roles-manage');
         $this->validate($request, [
-            'display_name' => 'required|min:3|max:200',
-            'description' => 'max:250'
+            'display_name' => 'required|min:3|max:180',
+            'description' => 'max:180'
         ]);
 
         $this->permissionsRepo->updateRole($id, $request->all());
@@ -97,10 +89,8 @@ class PermissionController extends Controller
     /**
      * Show the view to delete a role.
      * Offers the chance to migrate users.
-     * @param $id
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
-    public function showDeleteRole($id)
+    public function showDeleteRole(string $id)
     {
         $this->checkPermission('user-roles-manage');
         $role = $this->permissionsRepo->getRoleById($id);
@@ -113,11 +103,9 @@ class PermissionController extends Controller
     /**
      * Delete a role from the system,
      * Migrate from a previous role if set.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     * @throws Exception
      */
-    public function deleteRole(Request $request, $id)
+    public function deleteRole(Request $request, string $id)
     {
         $this->checkPermission('user-roles-manage');
 

app/Http/Controllers/SearchController.php

@@ -6,6 +6,7 @@ use BookStack\Entities\Bookshelf;
 use BookStack\Entities\Entity;
 use BookStack\Entities\Managers\EntityContext;
 use BookStack\Entities\SearchService;
+use BookStack\Entities\SearchOptions;
 use Illuminate\Http\Request;
 
 class SearchController extends Controller
@@ -33,20 +34,22 @@ class SearchController extends Controller
      */
     public function search(Request $request)
     {
-        $searchTerm = $request->get('term');
-        $this->setPageTitle(trans('entities.search_for_term', ['term' => $searchTerm]));
+        $searchOpts = SearchOptions::fromRequest($request);
+        $fullSearchString = $searchOpts->toString();
+        $this->setPageTitle(trans('entities.search_for_term', ['term' => $fullSearchString]));
 
         $page = intval($request->get('page', '0')) ?: 1;
-        $nextPageLink = url('/search?term=' . urlencode($searchTerm) . '&page=' . ($page+1));
+        $nextPageLink = url('/search?term=' . urlencode($fullSearchString) . '&page=' . ($page+1));
 
-        $results = $this->searchService->searchEntities($searchTerm, 'all', $page, 20);
+        $results = $this->searchService->searchEntities($searchOpts, 'all', $page, 20);
 
         return view('search.all', [
             'entities'   => $results['results'],
             'totalResults' => $results['total'],
-            'searchTerm' => $searchTerm,
+            'searchTerm' => $fullSearchString,
             'hasNextPage' => $results['has_more'],
-            'nextPageLink' => $nextPageLink
+            'nextPageLink' => $nextPageLink,
+            'options' => $searchOpts,
         ]);
     }
 
@@ -84,7 +87,7 @@ class SearchController extends Controller
         // Search for entities otherwise show most popular
         if ($searchTerm !== false) {
             $searchTerm .= ' {type:'. implode('|', $entityTypes) .'}';
-            $entities = $this->searchService->searchEntities($searchTerm, 'all', 1, 20, $permission)['results'];
+            $entities = $this->searchService->searchEntities(SearchOptions::fromString($searchTerm), 'all', 1, 20, $permission)['results'];
         } else {
             $entities = $this->viewService->getPopular(20, 0, $entityTypes, $permission);
         }

app/Http/Controllers/SettingController.php

@@ -1,9 +1,7 @@
 <?php namespace BookStack\Http\Controllers;
 
 use BookStack\Auth\User;
-use BookStack\Notifications\TestEmail;
 use BookStack\Uploads\ImageRepo;
-use BookStack\Uploads\ImageService;
 use Illuminate\Http\Request;
 
 class SettingController extends Controller
@@ -74,63 +72,4 @@ class SettingController extends Controller
         $redirectLocation = '/settings#' . $request->get('section', '');
         return redirect(rtrim($redirectLocation, '#'));
     }
-
-    /**
-     * Show the page for application maintenance.
-     */
-    public function showMaintenance()
-    {
-        $this->checkPermission('settings-manage');
-        $this->setPageTitle(trans('settings.maint'));
-
-        // Get application version
-        $version = trim(file_get_contents(base_path('version')));
-
-        return view('settings.maintenance', ['version' => $version]);
-    }
-
-    /**
-     * Action to clean-up images in the system.
-     */
-    public function cleanupImages(Request $request, ImageService $imageService)
-    {
-        $this->checkPermission('settings-manage');
-
-        $checkRevisions = !($request->get('ignore_revisions', 'false') === 'true');
-        $dryRun = !($request->has('confirm'));
-
-        $imagesToDelete = $imageService->deleteUnusedImages($checkRevisions, $dryRun);
-        $deleteCount = count($imagesToDelete);
-        if ($deleteCount === 0) {
-            $this->showWarningNotification(trans('settings.maint_image_cleanup_nothing_found'));
-            return redirect('/settings/maintenance')->withInput();
-        }
-
-        if ($dryRun) {
-            session()->flash('cleanup-images-warning', trans('settings.maint_image_cleanup_warning', ['count' => $deleteCount]));
-        } else {
-            $this->showSuccessNotification(trans('settings.maint_image_cleanup_success', ['count' => $deleteCount]));
-        }
-
-        return redirect('/settings/maintenance#image-cleanup')->withInput();
-    }
-
-    /**
-     * Action to send a test e-mail to the current user.
-     */
-    public function sendTestEmail()
-    {
-        $this->checkPermission('settings-manage');
-
-        try {
-            user()->notify(new TestEmail());
-            $this->showSuccessNotification(trans('settings.maint_send_test_email_success', ['address' => user()->email]));
-        } catch (\Exception $exception) {
-            $errorMessage = trans('errors.maintenance_test_email_failure') . "\n" . $exception->getMessage();
-            $this->showErrorNotification($errorMessage);
-        }
-
-
-        return redirect('/settings/maintenance#image-cleanup')->withInput();
-    }
 }

app/Http/Controllers/TagController.php

@@ -10,7 +10,6 @@ class TagController extends Controller
 
     /**
      * TagController constructor.
-     * @param $tagRepo
      */
     public function __construct(TagRepo $tagRepo)
     {
@@ -18,39 +17,23 @@ class TagController extends Controller
         parent::__construct();
     }
 
-    /**
-     * Get all the Tags for a particular entity
-     * @param $entityType
-     * @param $entityId
-     * @return \Illuminate\Http\JsonResponse
-     */
-    public function getForEntity($entityType, $entityId)
-    {
-        $tags = $this->tagRepo->getForEntity($entityType, $entityId);
-        return response()->json($tags);
-    }
-
     /**
      * Get tag name suggestions from a given search term.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function getNameSuggestions(Request $request)
     {
-        $searchTerm = $request->get('search', false);
+        $searchTerm = $request->get('search', null);
         $suggestions = $this->tagRepo->getNameSuggestions($searchTerm);
         return response()->json($suggestions);
     }
 
     /**
      * Get tag value suggestions from a given search term.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function getValueSuggestions(Request $request)
     {
-        $searchTerm = $request->get('search', false);
-        $tagName = $request->get('name', false);
+        $searchTerm = $request->get('search', null);
+        $tagName = $request->get('name', null);
         $suggestions = $this->tagRepo->getValueSuggestions($searchTerm, $tagName);
         return response()->json($suggestions);
     }

app/Http/Controllers/UserController.php

@@ -7,7 +7,6 @@ use BookStack\Auth\UserRepo;
 use BookStack\Exceptions\UserUpdateException;
 use BookStack\Uploads\ImageRepo;
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use Illuminate\Support\Str;
 
 class UserController extends Controller
@@ -20,10 +19,6 @@ class UserController extends Controller
 
     /**
      * UserController constructor.
-     * @param User $user
-     * @param UserRepo $userRepo
-     * @param UserInviteService $inviteService
-     * @param ImageRepo $imageRepo
      */
     public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)
     {
@@ -36,8 +31,6 @@ class UserController extends Controller
 
     /**
      * Display a listing of the users.
-     * @param Request $request
-     * @return Response
      */
     public function index(Request $request)
     {
@@ -55,7 +48,6 @@ class UserController extends Controller
 
     /**
      * Show the form for creating a new user.
-     * @return Response
      */
     public function create()
     {
@@ -67,16 +59,15 @@ class UserController extends Controller
 
     /**
      * Store a newly created user in storage.
-     * @param  Request $request
-     * @return Response
      * @throws UserUpdateException
+     * @throws \Illuminate\Validation\ValidationException
      */
     public function store(Request $request)
     {
         $this->checkPermission('users-manage');
         $validationRules = [
-            'name'             => 'required',
-            'email'            => 'required|email|unique:users,email'
+            'name'  => 'required',
+            'email' => 'required|email|unique:users,email'
         ];
 
         $authMethod = config('auth.method');
@@ -85,7 +76,7 @@ class UserController extends Controller
         if ($authMethod === 'standard' && !$sendInvite) {
             $validationRules['password'] = 'required|min:6';
             $validationRules['password-confirm'] = 'required|same:password';
-        } elseif ($authMethod === 'ldap') {
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
             $validationRules['external_auth_id'] = 'required';
         }
         $this->validate($request, $validationRules);
@@ -94,7 +85,7 @@ class UserController extends Controller
 
         if ($authMethod === 'standard') {
             $user->password = bcrypt($request->get('password', Str::random(32)));
-        } elseif ($authMethod === 'ldap') {
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
             $user->external_auth_id = $request->get('external_auth_id');
         }
 
@@ -138,13 +129,11 @@ class UserController extends Controller
 
     /**
      * Update the specified user in storage.
-     * @param Request $request
-     * @param int $id
-     * @return Response
      * @throws UserUpdateException
      * @throws \BookStack\Exceptions\ImageUploadException
+     * @throws \Illuminate\Validation\ValidationException
      */
-    public function update(Request $request, $id)
+    public function update(Request $request, int $id)
     {
         $this->preventAccessInDemoMode();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
@@ -212,10 +201,8 @@ class UserController extends Controller
 
     /**
      * Show the user delete page.
-     * @param int $id
-     * @return \Illuminate\View\View
      */
-    public function delete($id)
+    public function delete(int $id)
     {
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
@@ -226,11 +213,9 @@ class UserController extends Controller
 
     /**
      * Remove the specified user from storage.
-     * @param  int $id
-     * @return Response
      * @throws \Exception
      */
-    public function destroy($id)
+    public function destroy(int $id)
     {
         $this->preventAccessInDemoMode();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
@@ -255,8 +240,6 @@ class UserController extends Controller
 
     /**
      * Show the user profile page
-     * @param $id
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
     public function showProfilePage($id)
     {
@@ -276,34 +259,32 @@ class UserController extends Controller
 
     /**
      * Update the user's preferred book-list display setting.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse
      */
-    public function switchBookView(Request $request, $id)
+    public function switchBooksView(Request $request, int $id)
     {
         return $this->switchViewType($id, $request, 'books');
     }
 
     /**
      * Update the user's preferred shelf-list display setting.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse
      */
-    public function switchShelfView(Request $request, $id)
+    public function switchShelvesView(Request $request, int $id)
     {
         return $this->switchViewType($id, $request, 'bookshelves');
     }
 
     /**
-     * For a type of list, switch with stored view type for a user.
-     * @param integer $userId
-     * @param Request $request
-     * @param string $listName
-     * @return \Illuminate\Http\RedirectResponse
+     * Update the user's preferred shelf-view book list display setting.
      */
-    protected function switchViewType($userId, Request $request, string $listName)
+    public function switchShelfView(Request $request, int $id)
+    {
+        return $this->switchViewType($id, $request, 'bookshelf');
+    }
+
+    /**
+     * For a type of list, switch with stored view type for a user.
+     */
+    protected function switchViewType(int $userId, Request $request, string $listName)
     {
         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 
@@ -321,10 +302,6 @@ class UserController extends Controller
 
     /**
      * Change the stored sort type for a particular view.
-     * @param Request $request
-     * @param string $id
-     * @param string $type
-     * @return \Illuminate\Http\RedirectResponse
      */
     public function changeSort(Request $request, string $id, string $type)
     {
@@ -335,12 +312,18 @@ class UserController extends Controller
         return $this->changeListSort($id, $request, $type);
     }
 
+    /**
+     * Toggle dark mode for the current user.
+     */
+    public function toggleDarkMode()
+    {
+        $enabled = setting()->getForCurrentUser('dark-mode-enabled', false);
+        setting()->putUser(user(), 'dark-mode-enabled', $enabled ? 'false' : 'true');
+        return redirect()->back();
+    }
+
     /**
      * Update the stored section expansion preference for the given user.
-     * @param Request $request
-     * @param string $id
-     * @param string $key
-     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
      */
     public function updateExpansionPreference(Request $request, string $id, string $key)
     {
@@ -359,10 +342,6 @@ class UserController extends Controller
 
     /**
      * Changed the stored preference for a list sort order.
-     * @param int $userId
-     * @param Request $request
-     * @param string $listName
-     * @return \Illuminate\Http\RedirectResponse
      */
     protected function changeListSort(int $userId, Request $request, string $listName)
     {

app/Http/Kernel.php

@@ -26,7 +26,6 @@ class Kernel extends HttpKernel
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class,
             \BookStack\Http\Middleware\VerifyCsrfToken::class,
             \BookStack\Http\Middleware\Localization::class,
             \BookStack\Http\Middleware\GlobalViewData::class,

app/Http/Middleware/ApiAuthenticate.php

@@ -35,9 +35,9 @@ class ApiAuthenticate
     {
         // Return if the user is already found to be signed in via session-based auth.
         // This is to make it easy to browser the API via browser after just logging into the system.
-        if (signedInUser()) {
+        if (signedInUser() || session()->isStarted()) {
             $this->ensureEmailConfirmedIfRequested();
-            if (!auth()->user()->can('access-api')) {
+            if (!user()->can('access-api')) {
                 throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
             }
             return;

app/Http/Middleware/Authenticate.php

@@ -44,6 +44,10 @@ class Authenticate
             ], 401);
         }
 
+        if (session()->get('sent-email-confirmation') === true) {
+            return redirect('/register/confirm');
+        }
+
         return redirect('/register/confirm/awaiting');
     }
 }

app/Http/Middleware/Localization.php

@@ -19,6 +19,7 @@ class Localization
      */
     protected $localeMap = [
         'ar' => 'ar',
+        'bg' => 'bg_BG',
         'da' => 'da_DK',
         'de' => 'de_DE',
         'de_informal' => 'de_DE',

app/Ownable.php

@@ -2,6 +2,10 @@
 
 use BookStack\Auth\User;
 
+/**
+ * @property int created_by
+ * @property int updated_by
+ */
 abstract class Ownable extends Model
 {
     /**

app/Providers/AppServiceProvider.php

@@ -34,7 +34,7 @@ class AppServiceProvider extends ServiceProvider
 
         // Custom validation methods
         Validator::extend('image_extension', function ($attribute, $value, $parameters, $validator) {
-            $validImageExtensions = ['png', 'jpg', 'jpeg', 'bmp', 'gif', 'tiff', 'webp'];
+            $validImageExtensions = ['png', 'jpg', 'jpeg', 'gif', 'webp'];
             return in_array(strtolower($value->getClientOriginalExtension()), $validImageExtensions);
         });
 

app/Uploads/Attachment.php

@@ -3,6 +3,13 @@
 use BookStack\Entities\Page;
 use BookStack\Ownable;
 
+/**
+ * @property int id
+ * @property string name
+ * @property string path
+ * @property string extension
+ * @property bool external
+ */
 class Attachment extends Ownable
 {
     protected $fillable = ['name', 'order'];
@@ -30,13 +37,28 @@ class Attachment extends Ownable
 
     /**
      * Get the url of this file.
-     * @return string
      */
-    public function getUrl()
+    public function getUrl(): string
     {
         if ($this->external && strpos($this->path, 'http') !== 0) {
             return $this->path;
         }
         return url('/attachments/' . $this->id);
     }
+
+    /**
+     * Generate a HTML link to this attachment.
+     */
+    public function htmlLink(): string
+    {
+        return '<a target="_blank" href="'.e($this->getUrl()).'">'.e($this->name).'</a>';
+    }
+
+    /**
+     * Generate a markdown link to this attachment.
+     */
+    public function markdownLink(): string
+    {
+        return '['. $this->name .']('. $this->getUrl() .')';
+    }
 }

app/Uploads/AttachmentService.php

@@ -109,14 +109,14 @@ class AttachmentService extends UploadService
     }
 
     /**
-     * Updates the file ordering for a listing of attached files.
-     * @param array $attachmentList
-     * @param $pageId
+     * Updates the ordering for a listing of attached files.
      */
-    public function updateFileOrderWithinPage($attachmentList, $pageId)
+    public function updateFileOrderWithinPage(array $attachmentOrder, string $pageId)
     {
-        foreach ($attachmentList as $index => $attachment) {
-            Attachment::where('uploaded_to', '=', $pageId)->where('id', '=', $attachment['id'])->update(['order' => $index]);
+        foreach ($attachmentOrder as $index => $attachmentId) {
+            Attachment::query()->where('uploaded_to', '=', $pageId)
+                ->where('id', '=', $attachmentId)
+                ->update(['order' => $index]);
         }
     }
 

app/Uploads/ImageRepo.php

@@ -138,7 +138,7 @@ class ImageRepo
      */
     public function saveDrawing(string $base64Uri, int $uploadedTo): Image
     {
-        $name = 'Drawing-' . user()->getShortName(40) . '-' . strval(time()) . '.png';
+        $name = 'Drawing-' . strval(user()->id) . '-' . strval(time()) . '.png';
         return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
     }
 
@@ -185,7 +185,7 @@ class ImageRepo
      * Load thumbnails onto an image object.
      * @throws Exception
      */
-    protected function loadThumbs(Image $image)
+    public function loadThumbs(Image $image)
     {
         $image->thumbs = [
             'gallery' => $this->getThumbnail($image, 150, 150, false),
@@ -219,4 +219,20 @@ class ImageRepo
             return null;
         }
     }
+
+    /**
+     * Get the user visible pages using the given image.
+     */
+    public function getPagesUsingImage(Image $image): array
+    {
+        $pages = Page::visible()
+            ->where('html', 'like', '%' . $image->url . '%')
+            ->get(['id', 'name', 'slug', 'book_id']);
+
+        foreach ($pages as $page) {
+            $page->url = $page->getUrl();
+        }
+
+        return $pages->all();
+    }
 }

app/Uploads/ImageService.php

@@ -124,29 +124,24 @@ class ImageService extends UploadService
     }
 
     /**
-     * Saves a new image
-     * @param string $imageName
-     * @param string $imageData
-     * @param string $type
-     * @param int $uploadedTo
-     * @return Image
+     * Save a new image into storage.
      * @throws ImageUploadException
      */
-    private function saveNew($imageName, $imageData, $type, $uploadedTo = 0)
+    private function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image
     {
         $storage = $this->getStorage($type);
         $secureUploads = setting('app-secure-images');
-        $imageName = str_replace(' ', '-', $imageName);
+        $fileName = $this->cleanImageFileName($imageName);
 
         $imagePath = '/uploads/images/' . $type . '/' . Date('Y-m') . '/';
 
-        while ($storage->exists($imagePath . $imageName)) {
-            $imageName = Str::random(3) . $imageName;
+        while ($storage->exists($imagePath . $fileName)) {
+            $fileName = Str::random(3) . $fileName;
         }
 
-        $fullPath = $imagePath . $imageName;
+        $fullPath = $imagePath . $fileName;
         if ($secureUploads) {
-            $fullPath = $imagePath . Str::random(16) . '-' . $imageName;
+            $fullPath = $imagePath . Str::random(16) . '-' . $fileName;
         }
 
         try {
@@ -175,6 +170,23 @@ class ImageService extends UploadService
         return $image;
     }
 
+    /**
+     * Clean up an image file name to be both URL and storage safe.
+     */
+    protected function cleanImageFileName(string $name): string
+    {
+        $name = str_replace(' ', '-', $name);
+        $nameParts = explode('.', $name);
+        $extension = array_pop($nameParts);
+        $name = implode('.', $nameParts);
+        $name = Str::slug($name);
+
+        if (strlen($name) === 0) {
+            $name = Str::random(10);
+        }
+
+        return  $name . '.' . $extension;
+    }
 
     /**
      * Checks if the image is a gif. Returns true if it is, else false.
@@ -223,6 +235,7 @@ class ImageService extends UploadService
         $storage->setVisibility($thumbFilePath, 'public');
         $this->cache->put('images-' . $image->id . '-' . $thumbFilePath, $thumbFilePath, 60 * 60 * 72);
 
+
         return $this->getPublicUrl($thumbFilePath);
     }
 
@@ -292,11 +305,9 @@ class ImageService extends UploadService
 
     /**
      * Destroys an image at the given path.
-     * Searches for image thumbnails in addition to main provided path..
-     * @param string $path
-     * @return bool
+     * Searches for image thumbnails in addition to main provided path.
      */
-    protected function destroyImagesFromPath(string $path)
+    protected function destroyImagesFromPath(string $path): bool
     {
         $storage = $this->getStorage();
 
@@ -306,8 +317,7 @@ class ImageService extends UploadService
 
         // Delete image files
         $imagesToDelete = $allImages->filter(function ($imagePath) use ($imageFileName) {
-            $expectedIndex = strlen($imagePath) - strlen($imageFileName);
-            return strpos($imagePath, $imageFileName) === $expectedIndex;
+            return basename($imagePath) === $imageFileName;
         });
         $storage->delete($imagesToDelete->all());
 

app/helpers.php

@@ -153,10 +153,6 @@ function icon(string $name, array $attrs = []): string
  * Generate a url with multiple parameters for sorting purposes.
  * Works out the logic to set the correct sorting direction
  * Discards empty parameters and allows overriding.
- * @param string $path
- * @param array $data
- * @param array $overrideData
- * @return string
  */
 function sortUrl(string $path, array $data, array $overrideData = []): string
 {
@@ -166,7 +162,7 @@ function sortUrl(string $path, array $data, array $overrideData = []): string
     // Change sorting direction is already sorted on current attribute
     if (isset($overrideData['sort']) && $overrideData['sort'] === $data['sort']) {
         $queryData['order'] = ($data['order'] === 'asc') ? 'desc' : 'asc';
-    } else {
+    } elseif (isset($overrideData['sort'])) {
         $queryData['order'] = 'asc';
     }
 

composer.json

@@ -13,15 +13,18 @@
         "ext-mbstring": "*",
         "ext-tidy": "*",
         "ext-xml": "*",
-        "barryvdh/laravel-dompdf": "^0.8.5",
-        "barryvdh/laravel-snappy": "^0.4.5",
+        "barryvdh/laravel-dompdf": "^0.8.6",
+        "barryvdh/laravel-snappy": "^0.4.7",
         "doctrine/dbal": "^2.9",
+        "facade/ignition": "^1.4",
         "fideloper/proxy": "^4.0",
         "gathercontent/htmldiff": "^0.2.1",
         "intervention/image": "^2.5",
-        "laravel/framework": "^6.12",
-        "laravel/socialite": "^4.2",
+        "laravel/framework": "^6.18",
+        "laravel/socialite": "^4.3.2",
+        "league/commonmark": "^1.4",
         "league/flysystem-aws-s3-v3": "^1.0",
+        "nunomaduro/collision": "^3.0",
         "onelogin/php-saml": "^3.3",
         "predis/predis": "^1.1",
         "socialiteproviders/discord": "^2.0",
@@ -29,9 +32,7 @@
         "socialiteproviders/microsoft-azure": "^3.0",
         "socialiteproviders/okta": "^1.0",
         "socialiteproviders/slack": "^3.0",
-        "socialiteproviders/twitch": "^5.0",
-        "facade/ignition": "^1.4",
-        "nunomaduro/collision": "^3.0"
+        "socialiteproviders/twitch": "^5.0"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "^3.2.8",

database/migrations/2020_08_04_111754_drop_joint_permissions_id.php

@@ -0,0 +1,37 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class DropJointPermissionsId extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('joint_permissions', function (Blueprint $table) {
+            $table->dropColumn('id');
+            $table->primary(['role_id', 'entity_type', 'entity_id', 'action'], 'joint_primary');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('joint_permissions', function (Blueprint $table) {
+            $table->dropPrimary(['role_id', 'entity_type', 'entity_id', 'action']);
+        });
+
+        Schema::table('joint_permissions', function (Blueprint $table) {
+            $table->increments('id')->unsigned();
+        });
+    }
+}

database/migrations/2020_08_04_131052_remove_role_name_field.php

@@ -0,0 +1,37 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\DB;
+
+class RemoveRoleNameField extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->dropColumn('name');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->string('name')->index();
+        });
+
+        DB::table('roles')->update([
+            "name" => DB::raw("lower(replace(`display_name`, ' ', '-'))"),
+        ]);
+    }
+}

database/migrations/2020_09_19_094251_add_activity_indexes.php

@@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddActivityIndexes extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('activities', function(Blueprint $table) {
+            $table->index('key');
+            $table->index('created_at');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('activities', function(Blueprint $table) {
+            $table->dropIndex('key');
+            $table->dropIndex('created_at');
+        });
+    }
+}

dev/api/requests/chapters-create.json

@@ -0,0 +1,9 @@
+{
+  "book_id": 1,
+  "name": "My fantastic new chapter",
+  "description": "This is a great new chapter that I've created via the API",
+  "tags": [
+    {"name": "Category", "value": "Top Content"},
+    {"name": "Rating", "value": "Highest"}
+  ]
+}

dev/api/requests/chapters-update.json

@@ -0,0 +1,9 @@
+{
+  "book_id": 1,
+  "name": "My fantastic updated chapter",
+  "description": "This is an updated chapter that I've altered via the API",
+  "tags": [
+    {"name": "Category", "value": "Kinda Good Content"},
+    {"name": "Rating", "value": "Medium"}
+  ]
+}

dev/api/requests/shelves-create.json

@@ -0,0 +1,5 @@
+{
+  "name": "My shelf",
+  "description": "This is my shelf with some books",
+  "books": [5,1,3]
+}

dev/api/requests/shelves-update.json

@@ -0,0 +1,5 @@
+{
+  "name": "My updated shelf",
+  "description": "This is my update shelf with some books",
+  "books": [5,1,3]
+}

dev/api/responses/books-read.json

@@ -7,19 +7,12 @@
   "updated_at": "2020-01-12 14:11:51",
   "created_by": {
     "id": 1,
-    "name": "Admin",
-    "created_at": "2019-05-05 21:15:13",
-    "updated_at": "2019-12-16 12:18:37",
-    "image_id": 48
+    "name": "Admin"
   },
   "updated_by": {
     "id": 1,
-    "name": "Admin",
-    "created_at": "2019-05-05 21:15:13",
-    "updated_at": "2019-12-16 12:18:37",
-    "image_id": 48
+    "name": "Admin"
   },
-  "image_id": 452,
   "tags": [
     {
       "id": 13,

dev/api/responses/chapters-create.json

@@ -0,0 +1,38 @@
+{
+  "book_id": 1,
+  "priority": 6,
+  "name": "My fantastic new chapter",
+  "description": "This is a great new chapter that I've created via the API",
+  "created_by": 1,
+  "updated_by": 1,
+  "slug": "my-fantastic-new-chapter",
+  "updated_at": "2020-05-22 22:59:55",
+  "created_at": "2020-05-22 22:59:55",
+  "id": 74,
+  "book": {
+    "id": 1,
+    "name": "BookStack User Guide",
+    "slug": "bookstack-user-guide",
+    "description": "This is a general guide on using BookStack on a day-to-day basis.",
+    "created_at": "2019-05-05 21:48:46",
+    "updated_at": "2019-12-11 20:57:31",
+    "created_by": 1,
+    "updated_by": 1
+  },
+  "tags": [
+    {
+      "name": "Category",
+      "value": "Top Content",
+      "order": 0,
+      "created_at": "2020-05-22 22:59:55",
+      "updated_at": "2020-05-22 22:59:55"
+    },
+    {
+      "name": "Rating",
+      "value": "Highest",
+      "order": 0,
+      "created_at": "2020-05-22 22:59:55",
+      "updated_at": "2020-05-22 22:59:55"
+    }
+  ]
+}

dev/api/responses/chapters-list.json

@@ -0,0 +1,29 @@
+{
+  "data": [
+    {
+      "id": 1,
+      "book_id": 1,
+      "name": "Content Creation",
+      "slug": "content-creation",
+      "description": "How to create documentation on whatever subject you need to write about.",
+      "priority": 3,
+      "created_at": "2019-05-05 21:49:56",
+      "updated_at": "2019-09-28 11:24:23",
+      "created_by": 1,
+      "updated_by": 1
+    },
+    {
+      "id": 2,
+      "book_id": 1,
+      "name": "Managing Content",
+      "slug": "managing-content",
+      "description": "How to keep things organised and orderly in the system for easier navigation and better user experience.",
+      "priority": 5,
+      "created_at": "2019-05-05 21:58:07",
+      "updated_at": "2019-10-17 15:05:34",
+      "created_by": 3,
+      "updated_by": 3
+    }
+  ],
+  "total": 40
+}

dev/api/responses/chapters-read.json

@@ -0,0 +1,59 @@
+{
+  "id": 1,
+  "book_id": 1,
+  "slug": "content-creation",
+  "name": "Content Creation",
+  "description": "How to create documentation on whatever subject you need to write about.",
+  "priority": 3,
+  "created_at": "2019-05-05 21:49:56",
+  "updated_at": "2019-09-28 11:24:23",
+  "created_by": {
+    "id": 1,
+    "name": "Admin"
+  },
+  "updated_by": {
+    "id": 1,
+    "name": "Admin"
+  },
+  "tags": [
+    {
+      "name": "Category",
+      "value": "Guide",
+      "order": 0,
+      "created_at": "2020-05-22 22:51:51",
+      "updated_at": "2020-05-22 22:51:51"
+    }
+  ],
+  "pages": [
+    {
+      "id": 1,
+      "book_id": 1,
+      "chapter_id": 1,
+      "name": "How to create page content",
+      "slug": "how-to-create-page-content",
+      "priority": 0,
+      "created_at": "2019-05-05 21:49:58",
+      "updated_at": "2019-08-26 14:32:59",
+      "created_by": 1,
+      "updated_by": 1,
+      "draft": 0,
+      "revision_count": 2,
+      "template": 0
+    },
+    {
+      "id": 7,
+      "book_id": 1,
+      "chapter_id": 1,
+      "name": "Good book structure",
+      "slug": "good-book-structure",
+      "priority": 1,
+      "created_at": "2019-05-05 22:01:55",
+      "updated_at": "2019-06-06 12:03:04",
+      "created_by": 3,
+      "updated_by": 3,
+      "draft": 0,
+      "revision_count": 1,
+      "template": 0
+    }
+  ]
+}

dev/api/responses/chapters-update.json

@@ -0,0 +1,38 @@
+{
+  "id": 75,
+  "book_id": 1,
+  "slug": "my-fantastic-updated-chapter",
+  "name": "My fantastic updated chapter",
+  "description": "This is an updated chapter that I've altered via the API",
+  "priority": 7,
+  "created_at": "2020-05-22 23:03:35",
+  "updated_at": "2020-05-22 23:07:20",
+  "created_by": 1,
+  "updated_by": 1,
+  "book": {
+    "id": 1,
+    "name": "BookStack User Guide",
+    "slug": "bookstack-user-guide",
+    "description": "This is a general guide on using BookStack on a day-to-day basis.",
+    "created_at": "2019-05-05 21:48:46",
+    "updated_at": "2019-12-11 20:57:31",
+    "created_by": 1,
+    "updated_by": 1
+  },
+  "tags": [
+    {
+      "name": "Category",
+      "value": "Kinda Good Content",
+      "order": 0,
+      "created_at": "2020-05-22 23:07:20",
+      "updated_at": "2020-05-22 23:07:20"
+    },
+    {
+      "name": "Rating",
+      "value": "Medium",
+      "order": 0,
+      "created_at": "2020-05-22 23:07:20",
+      "updated_at": "2020-05-22 23:07:20"
+    }
+  ]
+}

dev/api/responses/shelves-create.json

@@ -0,0 +1,10 @@
+{
+  "name": "My shelf",
+  "description": "This is my shelf with some books",
+  "created_by": 1,
+  "updated_by": 1,
+  "slug": "my-shelf",
+  "updated_at": "2020-04-10 13:24:09",
+  "created_at": "2020-04-10 13:24:09",
+  "id": 14
+}

dev/api/responses/shelves-list.json

@@ -0,0 +1,38 @@
+{
+  "data": [
+    {
+      "id": 8,
+      "name": "Qui qui aspernatur autem molestiae libero necessitatibus molestias.",
+      "slug": "qui-qui-aspernatur-autem-molestiae-libero-necessitatibus-molestias",
+      "description": "Enim dolor ut quia error dolores est. Aut distinctio consequuntur non nisi nostrum. Labore cupiditate error labore aliquid provident impedit voluptatibus. Quaerat impedit excepturi eius qui eius voluptatem reiciendis.",
+      "created_at": "2019-05-05 22:10:16",
+      "updated_at": "2020-04-10 13:00:45",
+      "created_by": 4,
+      "updated_by": 1,
+      "image_id": 31
+    },
+    {
+      "id": 9,
+      "name": "Ipsum aut inventore fuga libero non facilis.",
+      "slug": "ipsum-aut-inventore-fuga-libero-non-facilis",
+      "description": "Labore culpa modi perspiciatis harum sit. Maxime non et nam est. Quae ut laboriosam repellendus sunt quisquam. Velit at est perspiciatis nesciunt adipisci nobis illo. Sed possimus odit optio officiis nisi voluptates officiis dolor.",
+      "created_at": "2019-05-05 22:10:16",
+      "updated_at": "2020-04-10 13:00:58",
+      "created_by": 4,
+      "updated_by": 1,
+      "image_id": 28
+    },
+    {
+      "id": 10,
+      "name": "Omnis reiciendis aut molestias sint accusantium.",
+      "slug": "omnis-reiciendis-aut-molestias-sint-accusantium",
+      "description": "Qui ea occaecati alias est dolores voluptatem doloribus. Ad reiciendis corporis vero nostrum omnis et. Non doloribus ut eaque ut quos dolores.",
+      "created_at": "2019-05-05 22:10:16",
+      "updated_at": "2020-04-10 13:00:53",
+      "created_by": 4,
+      "updated_by": 1,
+      "image_id": 30
+    }
+  ],
+  "total": 3
+}

dev/api/responses/shelves-read.json

@@ -0,0 +1,57 @@
+{
+  "id": 14,
+  "name": "My shelf",
+  "slug": "my-shelf",
+  "description": "This is my shelf with some books",
+  "created_by": {
+    "id": 1,
+    "name": "Admin"
+  },
+  "updated_by": {
+    "id": 1,
+    "name": "Admin"
+  },
+  "created_at": "2020-04-10 13:24:09",
+  "updated_at": "2020-04-10 13:31:04",
+  "tags": [
+    {
+      "id": 16,
+      "entity_id": 14,
+      "entity_type": "BookStack\\Bookshelf",
+      "name": "Category",
+      "value": "Guide",
+      "order": 0,
+      "created_at": "2020-04-10 13:31:04",
+      "updated_at": "2020-04-10 13:31:04"
+    }
+  ],
+  "cover": {
+    "id": 501,
+    "name": "anafrancisconi_Sp04AfFCPNM.jpg",
+    "url": "http://bookstack.local/uploads/images/cover_book/2020-04/anafrancisconi_Sp04AfFCPNM.jpg",
+    "created_at": "2020-04-10 13:31:04",
+    "updated_at": "2020-04-10 13:31:04",
+    "created_by": 1,
+    "updated_by": 1,
+    "path": "/uploads/images/cover_book/2020-04/anafrancisconi_Sp04AfFCPNM.jpg",
+    "type": "cover_book",
+    "uploaded_to": 14
+  },
+  "books": [
+    {
+      "id": 5,
+      "name": "Sint explicabo alias sunt.",
+      "slug": "jbsQrzuaXe"
+    },
+    {
+      "id": 1,
+      "name": "BookStack User Guide",
+      "slug": "bookstack-user-guide"
+    },
+    {
+      "id": 3,
+      "name": "Molestiae doloribus sint velit suscipit dolorem.",
+      "slug": "H99QxALaoG"
+    }
+  ]
+}