middleware('auth')->except(['index', 'show', 'showByToken', 'publicPlaylists', 'userPlaylists', 'recordShare', 'accessShare']); } // List user's playlists public function index() { $user = Auth::user(); $playlists = $user->playlists()->orderBy('created_at', 'desc')->get(); return view('playlists.index', compact('playlists')); } // View a single playlist public function show(Playlist $playlist) { // Check if user can view this playlist if (! $playlist->canView(Auth::user())) { abort(404, 'Playlist not found'); } $playlist->loadMissing('user'); $videos = $playlist->videos()->with('user')->orderBy('position')->get(); return view('playlists.show', compact('playlist', 'videos')); } // View playlist via unguessable share token (unlisted playlists) public function showByToken(string $token) { $playlist = Playlist::where('share_token', $token)->firstOrFail(); if (! $playlist->canViewViaToken(Auth::user())) { abort(404, 'Playlist not found'); } $playlist->loadMissing('user'); $videos = $playlist->videos()->with('user')->orderBy('position')->get(); return view('playlists.show', compact('playlist', 'videos')); } // Generate (or reuse) a per-user share tracking token and return the tracking URL public function recordShare(Playlist $playlist) { $userId = Auth::id(); if ($userId) { $existing = DB::table('playlist_shares') ->where('playlist_id', $playlist->id) ->where('user_id', $userId) ->first(); if ($existing) { return response()->json(['url' => route('playlists.accessShare', $existing->token)]); } } do { $token = Str::random(10); } while (DB::table('playlist_shares')->where('token', $token)->exists()); DB::table('playlist_shares')->insert([ 'playlist_id' => $playlist->id, 'user_id' => $userId, 'token' => $token, 'created_at' => now(), ]); return response()->json(['url' => route('playlists.accessShare', $token)]); } // Handle a share link click: record the access, then redirect to the playlist public function accessShare(Request $request, string $token) { $share = DB::table('playlist_shares')->where('token', $token)->first(); if (! $share) { return redirect('/'); } $playlist = Playlist::find($share->playlist_id); if (! $playlist || ! $playlist->canViewViaToken(Auth::user())) { return redirect('/'); } $did = $request->cookie('_did') ?: (string) Str::uuid(); $seen = DB::table('playlist_share_accesses') ->where('share_id', $share->id) ->where('device_id', $did) ->exists(); if (! $seen) { $ip = $request->header('CF-Connecting-IP') ?? $request->header('X-Real-IP') ?? $request->ip(); $geo = GeoIpService::lookup($ip); DB::table('playlist_share_accesses')->insert([ 'share_id' => $share->id, 'device_id' => $did, 'ip_address' => $ip, 'country' => $geo['country'] ?? null, 'country_name' => $geo['country_name'] ?? null, 'accessed_at' => now(), ]); } $firstVideo = $playlist->videos()->orderBy('position')->first(); $destination = $firstVideo ? route('videos.show', $firstVideo) . '?playlist=' . $playlist->share_token : route('playlists.showByToken', $playlist->share_token); return redirect($destination) ->withCookie(cookie('_did', $did, 60 * 24 * 365 * 5)); } // Create new playlist form public function create() { return view('playlists.create'); } // Store new playlist public function store(Request $request) { $request->validate([ 'name' => 'required|string|max:100', 'description' => 'nullable|string|max:500', 'visibility' => 'nullable|in:public,private,unlisted', 'thumbnail' => 'nullable|image|mimes:jpeg,png,gif,webp|max:20480', ]); $playlistData = [ 'user_id' => Auth::id(), 'name' => $request->name, 'description' => $request->description, 'visibility' => $request->visibility ?? 'private', 'is_default' => false, 'share_token' => Str::random(32), ]; // Create playlist first to get ID for thumbnail naming $playlist = Playlist::create($playlistData); // Handle thumbnail upload if ($request->hasFile('thumbnail')) { $file = $request->file('thumbnail'); $filename = self::generateFilename($file->getClientOriginalExtension()); $file->storeAs('public/thumbnails', $filename); $playlist->update(['thumbnail' => $filename]); } // Reload playlist with thumbnail $playlist->refresh(); if ($request->expectsJson() || $request->ajax()) { return response()->json([ 'success' => true, 'playlist' => [ 'id' => $playlist->id, 'name' => $playlist->name, 'visibility' => $playlist->visibility, 'thumbnail_url' => $playlist->thumbnail_url, ], ]); } return redirect()->route('playlists.show', $playlist)->with('success', 'Playlist created!'); } // Edit playlist form public function edit(Playlist $playlist) { // Check ownership if (! $playlist->canEdit(Auth::user())) { abort(403, 'You do not have permission to edit this playlist.'); } if (request()->expectsJson() || request()->ajax()) { return response()->json([ 'success' => true, 'playlist' => [ 'id' => $playlist->id, 'name' => $playlist->name, 'description' => $playlist->description, 'visibility' => $playlist->visibility, ], ]); } return view('playlists.edit', compact('playlist')); } // Update playlist public function update(Request $request, Playlist $playlist) { // Check ownership if (! $playlist->canEdit(Auth::user())) { abort(403, 'You do not have permission to edit this playlist.'); } $request->validate([ 'name' => 'required|string|max:100', 'description' => 'nullable|string|max:500', 'visibility' => 'nullable|in:public,private,unlisted', 'thumbnail' => 'nullable|image|mimes:jpeg,png,gif,webp|max:20480', ]); $updateData = [ 'name' => $request->name, 'description' => $request->description, 'visibility' => $request->visibility ?? 'private', ]; // Handle thumbnail upload if ($request->hasFile('thumbnail')) { // Delete old thumbnail if exists if ($playlist->thumbnail) { $oldPath = storage_path('app/public/thumbnails/'.$playlist->thumbnail); if (file_exists($oldPath)) { unlink($oldPath); } } // Upload new thumbnail $file = $request->file('thumbnail'); $filename = self::generateFilename($file->getClientOriginalExtension()); $file->storeAs('public/thumbnails', $filename); $updateData['thumbnail'] = $filename; } // Handle thumbnail removal if ($request->input('remove_thumbnail') == '1') { if ($playlist->thumbnail) { $oldPath = storage_path('app/public/thumbnails/'.$playlist->thumbnail); if (file_exists($oldPath)) { unlink($oldPath); } $updateData['thumbnail'] = null; } } $playlist->update($updateData); if ($request->expectsJson() || $request->ajax()) { return response()->json([ 'success' => true, 'message' => 'Playlist updated!', 'playlist' => [ 'id' => $playlist->id, 'name' => $playlist->name, 'visibility' => $playlist->visibility, ], ]); } return redirect()->route('playlists.show', $playlist)->with('success', 'Playlist updated!'); } // Delete playlist public function destroy(Request $request, Playlist $playlist) { // Check ownership if (! $playlist->canEdit(Auth::user())) { abort(403, 'You do not have permission to delete this playlist.'); } // Don't allow deleting default playlists if ($playlist->is_default) { abort(400, 'Cannot delete default playlist.'); } $playlist->delete(); if ($request->expectsJson() || $request->ajax()) { return response()->json([ 'success' => true, 'message' => 'Playlist deleted!', ]); } return redirect()->route('playlists.index')->with('success', 'Playlist deleted!'); } // Add video to playlist public function addVideo(Request $request, Playlist $playlist) { // Check ownership if (! $playlist->canEdit(Auth::user())) { abort(403, 'You do not have permission to edit this playlist.'); } $request->validate([ 'video_id' => 'required|exists:videos,id', ]); $video = Video::findOrFail($request->video_id); // Check if video can be viewed if (! $video->canView(Auth::user())) { abort(403, 'You cannot add this video to your playlist.'); } $added = $playlist->addVideo($video); if ($request->expectsJson() || $request->ajax()) { return response()->json([ 'success' => true, 'message' => $added ? 'Video added to playlist!' : 'Video is already in playlist.', 'video_count' => $playlist->video_count, ]); } return back()->with('success', $added ? 'Video added to playlist!' : 'Video is already in playlist.'); } // Remove video from playlist public function removeVideo(Request $request, Playlist $playlist, Video $video) { // Check ownership if (! $playlist->canEdit(Auth::user())) { abort(403, 'You do not have permission to edit this playlist.'); } $removed = $playlist->removeVideo($video); if ($request->expectsJson() || $request->ajax()) { return response()->json([ 'success' => true, 'message' => 'Video removed from playlist.', 'video_count' => $playlist->video_count, ]); } return back()->with('success', 'Video removed from playlist.'); } // Reorder videos in playlist public function reorder(Request $request, Playlist $playlist) { // Check ownership if (! $playlist->canEdit(Auth::user())) { abort(403, 'You do not have permission to edit this playlist.'); } $request->validate([ 'video_ids' => 'required|array', 'video_ids.*' => 'integer|exists:videos,id', ]); $playlist->reorderVideos($request->video_ids); if ($request->expectsJson() || $request->ajax()) { return response()->json([ 'success' => true, 'message' => 'Playlist reordered!', ]); } return back()->with('success', 'Playlist reordered!'); } // Get user's playlists (for dropdown) public function userPlaylists() { // Handle unauthenticated users if (! Auth::check()) { return response()->json([ 'success' => true, 'playlists' => [], 'authenticated' => false, ]); } $user = Auth::user(); $playlists = $user->playlists()->orderBy('name')->get(); // Get video IDs for each playlist $playlistsWithVideoIds = $playlists->map(function ($p) { return [ 'id' => $p->id, 'name' => $p->name, 'description' => $p->description, 'video_count' => $p->videos()->count(), 'formatted_duration' => $p->formatted_duration, 'is_default' => $p->is_default, 'visibility' => $p->visibility, 'thumbnail_url' => $p->thumbnail_url, 'video_ids' => $p->videos()->pluck('videos.id')->toArray(), ]; }); return response()->json([ 'success' => true, 'playlists' => $playlistsWithVideoIds, 'authenticated' => true, ]); } // Quick add to Watch Later public function watchLater(Request $request, Video $video) { $watchLater = Playlist::getWatchLater(Auth::id()); $added = $watchLater->addVideo($video); if ($request->expectsJson() || $request->ajax()) { return response()->json([ 'success' => true, 'message' => $added ? 'Added to Watch Later!' : 'Already in Watch Later.', ]); } return back()->with('success', $added ? 'Added to Watch Later!' : 'Already in Watch Later.'); } // Update watch progress public function updateProgress(Request $request, Playlist $playlist, Video $video) { $request->validate([ 'seconds' => 'required|integer|min:0', ]); $playlist->updateWatchProgress($video, $request->seconds); return response()->json([ 'success' => true, ]); } // Play all videos in playlist (redirect to first video with playlist context) public function playAll(Playlist $playlist) { if (! $playlist->canViewViaToken(Auth::user())) { abort(404, 'Playlist not found'); } $firstVideo = $playlist->videos()->orderBy('position')->first(); if (! $firstVideo) { return back()->with('error', 'Playlist is empty.'); } return redirect(route('videos.show', $firstVideo) . '?playlist=' . $playlist->share_token); } // Shuffle play - redirect to random video public function shuffle(Playlist $playlist) { if (! $playlist->canViewViaToken(Auth::user())) { abort(404, 'Playlist not found'); } $randomVideo = $playlist->getRandomVideo(); if (! $randomVideo) { return back()->with('error', 'Playlist is empty.'); } return redirect(route('videos.show', $randomVideo) . '?playlist=' . $playlist->share_token); } }