Logical Theme System: Add event to register web routes #4308

New Issue

OVERLORD · 2026-02-05T08:30:16+03:00

OVERLORD commented

2026-02-05 08:30:16 +03:00

Originally created by @ssddanbrown on GitHub (Nov 10, 2023).

To allow easy registration of extra routes that require session and middlware.
Potentially have an option for registering auth routes? Maybe extra event or a passed parameter?

Originally created by @ssddanbrown on GitHub (Nov 10, 2023). To allow easy registration of extra routes that require session and middlware. Potentially have an option for registering auth routes? Maybe extra event or a passed parameter?

OVERLORD added the 🛠️ Enhancement 🏭 Back-End labels 2026-02-05 08:30:16 +03:00

OVERLORD closed this issue

2026-02-05 08:30:19 +03:00

OVERLORD commented

2026-02-05 08:30:25 +03:00

@ssddanbrown commented on GitHub (Nov 17, 2023):

Added via 22a9cf1e48

@ssddanbrown commented on GitHub (Nov 17, 2023): Added via 22a9cf1e482d493d4080357be58ef7649cce8fb1

OVERLORD commented

2026-02-05 08:30:26 +03:00

@ssddanbrown commented on GitHub (Nov 17, 2023):

Usage Example

<?php

use BookStack\Theming\ThemeEvents;
use BookStack\Facades\Theme;
use Illuminate\Routing\Router;

Theme::listen(ThemeEvents::ROUTES_REGISTER_WEB, function (Router $router) {

    $router->get('/counter', function () {
        $count = session()->get('counter', 0) + 1;
        session()->put('counter', $count);
        return "Count: {$count}";
    });
});

Theme::listen(ThemeEvents::ROUTES_REGISTER_WEB_AUTH, function (Router $router) {

    $router->get('/counter-auth', function () {
        $count = session()->get('secret-counter', 0) + 1;
        session()->put('secret-counter', $count);
        return "Count Authed: {$count}";
    });
});

@ssddanbrown commented on GitHub (Nov 17, 2023): ### Usage Example ```php <?php use BookStack\Theming\ThemeEvents; use BookStack\Facades\Theme; use Illuminate\Routing\Router; Theme::listen(ThemeEvents::ROUTES_REGISTER_WEB, function (Router $router) { $router->get('/counter', function () { $count = session()->get('counter', 0) + 1; session()->put('counter', $count); return "Count: {$count}"; }); }); Theme::listen(ThemeEvents::ROUTES_REGISTER_WEB_AUTH, function (Router $router) { $router->get('/counter-auth', function () { $count = session()->get('secret-counter', 0) + 1; session()->put('secret-counter', $count); return "Count Authed: {$count}"; }); }); ```

OVERLORD commented

2026-02-05 08:30:35 +03:00

@kekcsi commented on GitHub (Oct 22, 2024):

Hello! Many thanks for this example because the bookstack web doesn't document this hack in detail. Unfortunately it wasn't enough for me to get it working. I am trying to add an endpoint to the API for programatic access. The browser session authenticates OK but when trying from curl command line, I keep getting Page expired 419 http responses. I am sending it the same token that I tested with built-in APIs like page listing e.g. That one accepted the token authentication http header, but not the cusom one created using the ROUTES_REGISTER_WEB_AUTH hook. What do you think went wrong? How can I debug?
By the way, I was expecting the ROUTES_REGISTER_WEB_AUTH router to create the endpoint with an /api path prefix but it's not the case.

@kekcsi commented on GitHub (Oct 22, 2024): Hello! Many thanks for this example because the bookstack web doesn't document this hack in detail. Unfortunately it wasn't enough for me to get it working. I am trying to add an endpoint to the API for programatic access. The browser session authenticates OK but when trying from `curl` command line, I keep getting Page expired 419 http responses. I am sending it the same token that I tested with built-in APIs like page listing e.g. That one accepted the token authentication http header, but not the cusom one created using the ROUTES_REGISTER_WEB_AUTH hook. What do you think went wrong? How can I debug? By the way, I was expecting the ROUTES_REGISTER_WEB_AUTH router to create the endpoint with an /api path prefix but it's not the case.

OVERLORD commented

2026-02-05 08:30:38 +03:00

@ssddanbrown commented on GitHub (Oct 22, 2024):

@kekcsi Yeah, routes register this way won't have the ability to authenticate via the API, those theme events are just for web (within-UI) routes.

You could instead directly register the route like so (have not tested this, but think it should work) in your theme functions.php file:

<?php

use Illuminate\Support\Facades\Route;

Route::get('/api/hello', function () {
    return response()->json([
        'message' => 'hello!'
    ]);
})->middleware(['api']);

Otherwise feel free to also open a feature request for a ROUTES_REGISTER_API theme event.

@ssddanbrown commented on GitHub (Oct 22, 2024): @kekcsi Yeah, routes register this way won't have the ability to authenticate via the API, those theme events are just for web (within-UI) routes. You could instead directly register the route like so (have not tested this, but think it should work) in your theme `functions.php` file: ```php <?php use Illuminate\Support\Facades\Route; Route::get('/api/hello', function () { return response()->json([ 'message' => 'hello!' ]); })->middleware(['api']); ``` Otherwise feel free to also open a feature request for a `ROUTES_REGISTER_API` theme event.

OVERLORD commented

2026-02-05 08:30:42 +03:00

@kekcsi commented on GitHub (Oct 22, 2024):

@ssddanbrown thanks for the quick response, I tried the ->middleware(['api']) way and it works. You even have a session and endpoint will check the token. Great stuff! I'm not sure what benefits it would have if we had a theme event.

@kekcsi commented on GitHub (Oct 22, 2024): @ssddanbrown thanks for the quick response, I tried the ->middleware(['api']) way and it works. You even have a session and endpoint will check the token. Great stuff! I'm not sure what benefits it would have if we had a theme event.

OVERLORD referenced this issue

2026-02-05 08:51:56 +03:00

Activity page #4422

OVERLORD referenced this issue

2026-02-05 09:25:18 +03:00

Need an "Exec" role #4907

Sign in to join this conversation.