routes/api-client.php

<?php

use App\Enums\ResourceLimit;
use App\Http\Controllers\Api\Client;
use App\Http\Middleware\Activity\AccountSubject;
use App\Http\Middleware\Activity\ServerSubject;
use App\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;
use App\Http\Middleware\Api\Client\Server\ResourceBelongsToServer;
use Illuminate\Support\Facades\Route;

/*
|--------------------------------------------------------------------------
| Client Control API
|--------------------------------------------------------------------------
|
| Endpoint: /api/client
|
*/
Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index');
Route::get('/permissions', [Client\ClientController::class, 'permissions']);

Route::prefix('/account')->middleware(AccountSubject::class)->group(function () {
    Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account');

    Route::put('/username', [Client\AccountController::class, 'updateUsername'])->name('api:client.account.update-username');
    Route::put('/email', [Client\AccountController::class, 'updateEmail'])->name('api:client.account.update-email');
    Route::put('/password', [Client\AccountController::class, 'updatePassword'])->name('api:client.account.update-password');

    Route::get('/activity', Client\ActivityLogController::class)->name('api:client.account.activity');

    Route::prefix('/api-keys')->group(function () {
        Route::get('/', [Client\ApiKeyController::class, 'index']);
        Route::post('/', [Client\ApiKeyController::class, 'store']);
        Route::delete('/{identifier}', [Client\ApiKeyController::class, 'delete']);
    });

    Route::prefix('/ssh-keys')->group(function () {
        Route::get('/', [Client\SSHKeyController::class, 'index']);
        Route::post('/', [Client\SSHKeyController::class, 'store']);
        Route::delete('/{fingerprint}', [Client\SSHKeyController::class, 'delete']);
    });
});

/*
|--------------------------------------------------------------------------
| Client Control API
|--------------------------------------------------------------------------
|
| Endpoint: /api/client/servers/{server}
|
*/
Route::prefix('/servers/{server:uuid}')->middleware([ServerSubject::class, AuthenticateServerAccess::class, ResourceBelongsToServer::class])->group(function () {
    Route::get('/', [Client\Servers\ServerController::class, 'index'])->name('api:client:server.view');
    Route::middleware([ResourceLimit::Websocket->middleware()])
        ->get('/websocket', Client\Servers\WebsocketController::class)
        ->name('api:client:server.ws');
    Route::get('/resources', Client\Servers\ResourceUtilizationController::class)->name('api:client:server.resources');
    Route::get('/activity', Client\Servers\ActivityLogController::class)->name('api:client:server.activity');

    Route::post('/command', [Client\Servers\CommandController::class, 'index']);
    Route::post('/power', [Client\Servers\PowerController::class, 'index']);

    Route::prefix('/databases')->group(function () {
        Route::get('/', [Client\Servers\DatabaseController::class, 'index']);
        Route::middleware([ResourceLimit::DatabaseCreate->middleware()])
            ->post('/', [Client\Servers\DatabaseController::class, 'store']);
        Route::post('/{database}/rotate-password', [Client\Servers\DatabaseController::class, 'rotatePassword']);
        Route::delete('/{database}', [Client\Servers\DatabaseController::class, 'delete']);
    });

    Route::prefix('/files')->group(function () {
        Route::get('/list', [Client\Servers\FileController::class, 'directory']);
        Route::get('/contents', [Client\Servers\FileController::class, 'contents']);
        Route::get('/download', [Client\Servers\FileController::class, 'download']);
        Route::put('/rename', [Client\Servers\FileController::class, 'rename']);
        Route::post('/copy', [Client\Servers\FileController::class, 'copy']);
        Route::post('/write', [Client\Servers\FileController::class, 'write']);
        Route::post('/compress', [Client\Servers\FileController::class, 'compress']);
        Route::post('/decompress', [Client\Servers\FileController::class, 'decompress']);
        Route::post('/delete', [Client\Servers\FileController::class, 'delete']);
        Route::post('/create-folder', [Client\Servers\FileController::class, 'create']);
        Route::post('/chmod', [Client\Servers\FileController::class, 'chmod']);
        Route::middleware([ResourceLimit::FilePull->middleware()])
            ->post('/pull', [Client\Servers\FileController::class, 'pull']);
        Route::get('/upload', Client\Servers\FileUploadController::class);
    });

    Route::prefix('/schedules')->group(function () {
        Route::get('/', [Client\Servers\ScheduleController::class, 'index']);
        Route::middleware([ResourceLimit::ScheduleCreate->middleware()])
            ->post('/', [Client\Servers\ScheduleController::class, 'store']);
        Route::get('/{schedule}', [Client\Servers\ScheduleController::class, 'view']);
        Route::post('/{schedule}', [Client\Servers\ScheduleController::class, 'update']);
        Route::post('/{schedule}/execute', [Client\Servers\ScheduleController::class, 'execute']);
        Route::delete('/{schedule}', [Client\Servers\ScheduleController::class, 'delete']);

        Route::post('/{schedule}/tasks', [Client\Servers\ScheduleTaskController::class, 'store']);
        Route::post('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'update']);
        Route::delete('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'delete']);
    });

    Route::prefix('/network/allocations')->group(function () {
        Route::get('/', [Client\Servers\NetworkAllocationController::class, 'index']);
        Route::middleware([ResourceLimit::AllocationCreate->middleware()])
            ->post('/', [Client\Servers\NetworkAllocationController::class, 'store']);
        Route::post('/{allocation}', [Client\Servers\NetworkAllocationController::class, 'update']);
        Route::post('/{allocation}/primary', [Client\Servers\NetworkAllocationController::class, 'setPrimary']);
        Route::delete('/{allocation}', [Client\Servers\NetworkAllocationController::class, 'delete']);
    });

    Route::prefix('/users')->group(function () {
        Route::get('/', [Client\Servers\SubuserController::class, 'index']);
        Route::middleware([ResourceLimit::SubuserCreate->middleware()])
            ->post('/', [Client\Servers\SubuserController::class, 'store']);
        Route::get('/{user:uuid}', [Client\Servers\SubuserController::class, 'view']);
        Route::post('/{user:uuid}', [Client\Servers\SubuserController::class, 'update']);
        Route::delete('/{user:uuid}', [Client\Servers\SubuserController::class, 'delete']);
    });

    Route::prefix('/backups')->group(function () {
        Route::get('/', [Client\Servers\BackupController::class, 'index']);
        Route::post('/', [Client\Servers\BackupController::class, 'store']);
        Route::get('/{backup:uuid}', [Client\Servers\BackupController::class, 'view']);
        Route::get('/{backup:uuid}/download', [Client\Servers\BackupController::class, 'download']);
        Route::put('/{backup:uuid}/rename', [Client\Servers\BackupController::class, 'rename']);
        Route::post('/{backup:uuid}/lock', [Client\Servers\BackupController::class, 'toggleLock']);
        Route::middleware([ResourceLimit::BackupRestore->middleware()])
            ->post('/{backup:uuid}/restore', [Client\Servers\BackupController::class, 'restore']);
        Route::delete('/{backup:uuid}', [Client\Servers\BackupController::class, 'delete']);
    });

    Route::prefix('/startup')->group(function () {
        Route::get('/', [Client\Servers\StartupController::class, 'index']);
        Route::put('/variable', [Client\Servers\StartupController::class, 'update']);
    });

    Route::prefix('/settings')->group(function () {
        Route::post('/rename', [Client\Servers\SettingsController::class, 'rename']);
        Route::post('/description', [Client\Servers\SettingsController::class, 'description']);
        Route::post('/reinstall', [Client\Servers\SettingsController::class, 'reinstall']);
        Route::put('/docker-image', [Client\Servers\SettingsController::class, 'dockerImage']);
    });
});
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00			`<?php`

Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`use App\Enums\ResourceLimit;`
Switch namespace back to App 2024-03-12 22:39:16 -04:00			`use App\Http\Controllers\Api\Client;`
			`use App\Http\Middleware\Activity\AccountSubject;`
Enable "ordered imports" (#1746) 2025-09-24 13:34:19 +02:00			`use App\Http\Middleware\Activity\ServerSubject;`
Switch namespace back to App 2024-03-12 22:39:16 -04:00			`use App\Http\Middleware\Api\Client\Server\AuthenticateServerAccess;`
Enable "ordered imports" (#1746) 2025-09-24 13:34:19 +02:00			`use App\Http\Middleware\Api\Client\Server\ResourceBelongsToServer;`
			`use Illuminate\Support\Facades\Route;`
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00
			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Client Control API`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Endpoint: /api/client`
			`\|`
			`*/`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/', [Client\ClientController::class, 'index'])->name('api:client.index');`
			`Route::get('/permissions', [Client\ClientController::class, 'permissions']);`
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00
Code cleanup for facades 2022-06-18 12:07:32 -04:00			`Route::prefix('/account')->middleware(AccountSubject::class)->group(function () {`
Filament v4 🎉 (#1651) Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> Co-authored-by: Boy132 <Boy132@users.noreply.github.com> Co-authored-by: Lance Pioch <git@lance.sh> 2025-09-08 13:12:33 -04:00			`Route::get('/', [Client\AccountController::class, 'index'])->name('api:client.account');`
Get the base email update working through the API. Still going to need to determine the best course of action to update the token on the client side. 2018-06-11 22:56:57 -07:00
Add api endpoint for updating username (#1826) 2025-11-03 08:31:07 +01:00			`Route::put('/username', [Client\AccountController::class, 'updateUsername'])->name('api:client.account.update-username');`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::put('/email', [Client\AccountController::class, 'updateEmail'])->name('api:client.account.update-email');`
			`Route::put('/password', [Client\AccountController::class, 'updatePassword'])->name('api:client.account.update-password');`
Add base support for creating a new API key for an account 2020-03-22 18:15:38 -07:00
Add support for returning transforming activity logs on the front-end 2022-05-29 20:34:48 -04:00			`Route::get('/activity', Client\ActivityLogController::class)->name('api:client.account.activity');`

Delete ssh keys shouldn't be a POST & Cleanup routes (#1934) 2025-11-27 15:26:47 +00:00			`Route::prefix('/api-keys')->group(function () {`
			`Route::get('/', [Client\ApiKeyController::class, 'index']);`
			`Route::post('/', [Client\ApiKeyController::class, 'store']);`
			`Route::delete('/{identifier}', [Client\ApiKeyController::class, 'delete']);`
			`});`
Add support for storing SSH keys on user accounts 2022-05-14 17:31:53 -04:00
			`Route::prefix('/ssh-keys')->group(function () {`
			`Route::get('/', [Client\SSHKeyController::class, 'index']);`
			`Route::post('/', [Client\SSHKeyController::class, 'store']);`
Delete ssh keys shouldn't be a POST & Cleanup routes (#1934) 2025-11-27 15:26:47 +00:00			`Route::delete('/{fingerprint}', [Client\SSHKeyController::class, 'delete']);`
Add support for storing SSH keys on user accounts 2022-05-14 17:31:53 -04:00			`});`
Base attempt at using vuex to handle logins 2018-06-05 23:00:01 -07:00			`});`

Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Client Control API`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Endpoint: /api/client/servers/{server}`
			`\|`
			`*/`
This is no longer needed 2024-03-20 03:02:35 -04:00			`Route::prefix('/servers/{server:uuid}')->middleware([ServerSubject::class, AuthenticateServerAccess::class, ResourceBelongsToServer::class])->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/', [Client\Servers\ServerController::class, 'index'])->name('api:client:server.view');`
Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`Route::middleware([ResourceLimit::Websocket->middleware()])`
			`->get('/websocket', Client\Servers\WebsocketController::class)`
			`->name('api:client:server.ws');`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/resources', Client\Servers\ResourceUtilizationController::class)->name('api:client:server.resources');`
Add basic server activity log view 2022-06-12 15:16:48 -04:00			`Route::get('/activity', Client\Servers\ActivityLogController::class)->name('api:client:server.activity');`
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::post('/command', [Client\Servers\CommandController::class, 'index']);`
			`Route::post('/power', [Client\Servers\PowerController::class, 'index']);`
Add basic database listing for server 2018-08-21 21:47:01 -07:00
Use more fluent methods 2024-03-19 16:47:52 -04:00			`Route::prefix('/databases')->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/', [Client\Servers\DatabaseController::class, 'index']);`
Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`Route::middleware([ResourceLimit::DatabaseCreate->middleware()])`
			`->post('/', [Client\Servers\DatabaseController::class, 'store']);`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::post('/{database}/rotate-password', [Client\Servers\DatabaseController::class, 'rotatePassword']);`
			`Route::delete('/{database}', [Client\Servers\DatabaseController::class, 'delete']);`
Add basic database listing for server 2018-08-21 21:47:01 -07:00			`});`
Initial attempt trying to get file downloading to work 2019-03-16 17:10:04 -07:00
Use more fluent methods 2024-03-19 16:47:52 -04:00			`Route::prefix('/files')->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/list', [Client\Servers\FileController::class, 'directory']);`
			`Route::get('/contents', [Client\Servers\FileController::class, 'contents']);`
			`Route::get('/download', [Client\Servers\FileController::class, 'download']);`
			`Route::put('/rename', [Client\Servers\FileController::class, 'rename']);`
			`Route::post('/copy', [Client\Servers\FileController::class, 'copy']);`
			`Route::post('/write', [Client\Servers\FileController::class, 'write']);`
			`Route::post('/compress', [Client\Servers\FileController::class, 'compress']);`
			`Route::post('/decompress', [Client\Servers\FileController::class, 'decompress']);`
			`Route::post('/delete', [Client\Servers\FileController::class, 'delete']);`
			`Route::post('/create-folder', [Client\Servers\FileController::class, 'create']);`
			`Route::post('/chmod', [Client\Servers\FileController::class, 'chmod']);`
Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`Route::middleware([ResourceLimit::FilePull->middleware()])`
			`->post('/pull', [Client\Servers\FileController::class, 'pull']);`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/upload', Client\Servers\FileUploadController::class);`
Initial attempt trying to get file downloading to work 2019-03-16 17:10:04 -07:00			`});`
Add base code to support retrieving allocations as a client 2019-03-23 17:47:20 -07:00
Use more fluent methods 2024-03-19 16:47:52 -04:00			`Route::prefix('/schedules')->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/', [Client\Servers\ScheduleController::class, 'index']);`
Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`Route::middleware([ResourceLimit::ScheduleCreate->middleware()])`
			`->post('/', [Client\Servers\ScheduleController::class, 'store']);`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/{schedule}', [Client\Servers\ScheduleController::class, 'view']);`
			`Route::post('/{schedule}', [Client\Servers\ScheduleController::class, 'update']);`
			`Route::post('/{schedule}/execute', [Client\Servers\ScheduleController::class, 'execute']);`
			`Route::delete('/{schedule}', [Client\Servers\ScheduleController::class, 'delete']);`

			`Route::post('/{schedule}/tasks', [Client\Servers\ScheduleTaskController::class, 'store']);`
			`Route::post('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'update']);`
			`Route::delete('/{schedule}/tasks/{task}', [Client\Servers\ScheduleTaskController::class, 'delete']);`
Add basic listing of server schedules 2020-02-08 15:23:08 -08:00			`});`

Delete ssh keys shouldn't be a POST & Cleanup routes (#1934) 2025-11-27 15:26:47 +00:00			`Route::prefix('/network/allocations')->group(function () {`
			`Route::get('/', [Client\Servers\NetworkAllocationController::class, 'index']);`
Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`Route::middleware([ResourceLimit::AllocationCreate->middleware()])`
			`->post('/', [Client\Servers\NetworkAllocationController::class, 'store']);`
Delete ssh keys shouldn't be a POST & Cleanup routes (#1934) 2025-11-27 15:26:47 +00:00			`Route::post('/{allocation}', [Client\Servers\NetworkAllocationController::class, 'update']);`
			`Route::post('/{allocation}/primary', [Client\Servers\NetworkAllocationController::class, 'setPrimary']);`
			`Route::delete('/{allocation}', [Client\Servers\NetworkAllocationController::class, 'delete']);`
Add base code to support retrieving allocations as a client 2019-03-23 17:47:20 -07:00			`});`
Add basic subuser listing for servers 2019-11-03 12:20:11 -08:00
Use more fluent methods 2024-03-19 16:47:52 -04:00			`Route::prefix('/users')->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/', [Client\Servers\SubuserController::class, 'index']);`
Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`Route::middleware([ResourceLimit::SubuserCreate->middleware()])`
			`->post('/', [Client\Servers\SubuserController::class, 'store']);`
Better route model binding 2024-03-22 21:32:12 -04:00			`Route::get('/{user:uuid}', [Client\Servers\SubuserController::class, 'view']);`
			`Route::post('/{user:uuid}', [Client\Servers\SubuserController::class, 'update']);`
			`Route::delete('/{user:uuid}', [Client\Servers\SubuserController::class, 'delete']);`
Add basic subuser listing for servers 2019-11-03 12:20:11 -08:00			`});`
Add ability for user to change server's name 2019-12-09 22:03:10 -08:00
Use more fluent methods 2024-03-19 16:47:52 -04:00			`Route::prefix('/backups')->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/', [Client\Servers\BackupController::class, 'index']);`
			`Route::post('/', [Client\Servers\BackupController::class, 'store']);`
Add PHP 8.4 Support (#858) * Add php 8.4 * Update ide helper * Add php 8.4 * Update laravel sanctum * Update laravel framework * Hash rounds were increased * This is always false * Extend model now * This does nothing * Move model validation methods to trait * Remove base model * Backup routes were previously referenced by uuids * Remove commented code * Upgrade laravel/framework * Fix migration * Update ide helper * Update sanctum * Add version to composer * Add this back in, fixed * Make this protected to be safer 2025-01-30 16:39:00 -05:00			`Route::get('/{backup:uuid}', [Client\Servers\BackupController::class, 'view']);`
			`Route::get('/{backup:uuid}/download', [Client\Servers\BackupController::class, 'download']);`
Allow for backups to be renamed (#1546) 2025-07-31 23:47:15 +02:00			`Route::put('/{backup:uuid}/rename', [Client\Servers\BackupController::class, 'rename']);`
Add PHP 8.4 Support (#858) * Add php 8.4 * Update ide helper * Add php 8.4 * Update laravel sanctum * Update laravel framework * Hash rounds were increased * This is always false * Extend model now * This does nothing * Move model validation methods to trait * Remove base model * Backup routes were previously referenced by uuids * Remove commented code * Upgrade laravel/framework * Fix migration * Update ide helper * Update sanctum * Add version to composer * Add this back in, fixed * Make this protected to be safer 2025-01-30 16:39:00 -05:00			`Route::post('/{backup:uuid}/lock', [Client\Servers\BackupController::class, 'toggleLock']);`
Add changes from upstream (#2076) Co-authored-by: DaneEveritt <dane@daneeveritt.com> 2026-01-13 08:39:50 +01:00			`Route::middleware([ResourceLimit::BackupRestore->middleware()])`
			`->post('/{backup:uuid}/restore', [Client\Servers\BackupController::class, 'restore']);`
Add PHP 8.4 Support (#858) * Add php 8.4 * Update ide helper * Add php 8.4 * Update laravel sanctum * Update laravel framework * Hash rounds were increased * This is always false * Extend model now * This does nothing * Move model validation methods to trait * Remove base model * Backup routes were previously referenced by uuids * Remove commented code * Upgrade laravel/framework * Fix migration * Update ide helper * Update sanctum * Add version to composer * Add this back in, fixed * Make this protected to be safer 2025-01-30 16:39:00 -05:00			`Route::delete('/{backup:uuid}', [Client\Servers\BackupController::class, 'delete']);`
Very basic implemention of frontend logic required to display backups and create a new one 2020-04-04 10:59:25 -07:00			`});`

Use more fluent methods 2024-03-19 16:47:52 -04:00			`Route::prefix('/startup')->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::get('/', [Client\Servers\StartupController::class, 'index']);`
			`Route::put('/variable', [Client\Servers\StartupController::class, 'update']);`
Support modifying startup variables for servers 2020-08-22 18:13:59 -07:00			`});`

Use more fluent methods 2024-03-19 16:47:52 -04:00			`Route::prefix('/settings')->group(function () {`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::post('/rename', [Client\Servers\SettingsController::class, 'rename']);`
Create new description endpoint (#1136) Co-authored-by: RMartinOscar <40749467+RMartinOscar@users.noreply.github.com> 2025-06-06 23:06:28 -04:00			`Route::post('/description', [Client\Servers\SettingsController::class, 'description']);`
Switch to more recent Laravel route definition methods 2022-05-14 15:51:05 -04:00			`Route::post('/reinstall', [Client\Servers\SettingsController::class, 'reinstall']);`
			`Route::put('/docker-image', [Client\Servers\SettingsController::class, 'dockerImage']);`
Add ability for user to change server's name 2019-12-09 22:03:10 -08:00			`});`
Move everything around as needed to get things setup for the client API 2018-02-25 15:30:56 -06:00			`});`