Complete Route Reference for Boletilandia Web and API
Full reference for every web and API route in Boletilandia — public, admin-only, user-only, Jetstream/Fortify auto-registered, and Sanctum API endpoints.
Use this file to discover all available pages before exploring further.
Boletilandia’s routing layer is split across two files: routes/web.php for all browser-facing pages and routes/api.php for the Sanctum-protected JSON API. Routes are grouped by access level — public, admin-only (guarded by the admin middleware alias), and user-only (guarded by the user middleware alias). Laravel Jetstream and Fortify automatically register their own authentication routes on top of these.
These routes are accessible without authentication.
Method
Path
Handler
Description
GET
/
Closure → index view
Renders the landing page. The view itself checks auth status to display appropriate content.
GET
/home
AdminController::index() + Closure
Role-based router: redirects authenticated admins to admin.index, authenticated users to home.index (with upcoming events ordered by date ascending), and unauthenticated visitors back to the previous page.
The /home route is declared twice in routes/web.php. The first declaration uses AdminController::index() (note the lowercase route::get call). The second declaration is a Closure containing the full usertype role-branching logic and carries the ->name('home') named route. Laravel resolves to the last matching definition, so the named Closure is the one that actually handles requests. The AdminController version is superseded.
The /dashboard route is wrapped in the Jetstream authenticated-and-verified middleware group. It returns the same index view as the root route, providing a consistent landing point for post-login redirects.
All admin routes require the admin middleware alias (App\Http\Middleware\Admin). Any authenticated user whose usertype is not 'admin' receives an HTTP 401 response.
Method
Path
Controller
Middleware
Description
POST
/admin-eventos
EventoController::store()
admin
Creates a new event and stores it in the evento table.
GET
/admin-ver_eventos
Closure → admin.ver_eventos view
admin
Lists all upcoming events (ordered by FechaEvento ascending) for the admin to review. Named admin-ver_eventos.
DELETE
/admin-eliminar_eventos/{evento}
EventoController::eliminarEvento()
admin
Deletes the specified event (triggers cascade deletion of all its sections and seats).
GET
/admin-editar_eventos/{evento}
EventoController::mostrarPantallaEdicion()
admin
Displays the edit form pre-populated with the event’s current data. Named admin.editar_evento.
PUT
/admin-editar_eventos/{evento}
EventoController::actualizarInfoEvento()
admin
Persists updated event information to the database.
GET
/admin-grafica_eventos
GraficaController::verGrafica()
admin
Renders the sales/analytics chart view for all events.
Show Admin route definitions
// Create a new eventRoute::post('/admin-eventos', [EventoController::class, 'store']) ->middleware('admin');// List upcoming eventsRoute::get('/admin-ver_eventos', function () { if (Auth::id()) { $userType = Auth()->user()->usertype; if ($userType == 'admin') { $fechaActual = Carbon::now()->format('Y-m-d'); $events = Evento::where('FechaEvento', '>=', $fechaActual) ->orderBy('FechaEvento', 'asc') ->get(); return view('admin.ver_eventos', compact('events')); } } else { return redirect()->back(); }})->middleware('admin')->name('admin-ver_eventos');// Delete an event (cascade: sections + seats)Route::delete('/admin-eliminar_eventos/{evento}', [EventoController::class, 'eliminarEvento']) ->middleware('admin');// Show edit form for an eventRoute::get('admin-editar_eventos/{evento}', [EventoController::class, 'mostrarPantallaEdicion']) ->middleware('admin') ->name('admin.editar_evento');// Persist updated event dataRoute::put('admin-editar_eventos/{evento}', [EventoController::class, 'actualizarInfoEvento']) ->middleware('admin');// Show analytics chartRoute::get('/admin-grafica_eventos', [GraficaController::class, 'verGrafica']) ->middleware('admin');
Defined in routes/api.php. All API routes are automatically prefixed with /api.
Method
Path
Handler
Middleware
Description
GET
/api/user
Closure
auth:sanctum
Returns the currently authenticated user as a JSON object. Requires a valid Sanctum personal access token (Bearer) or an active Sanctum cookie session.
// routes/api.phpRoute::get('/user', function (Request $request) { return $request->user();})->middleware('auth:sanctum');
To call /api/user with a personal access token, include the token in the Authorization header:
Jetstream and Fortify register their own routes automatically when the packages boot. These routes are not declared in routes/web.php but are fully available at runtime.
Authentication
GET /login — Login form
POST /login — Submit credentials
POST /logout — End session
GET /register — Registration form
POST /register — Create account
Password Reset
GET /forgot-password — Request reset link
POST /forgot-password — Send reset email
GET /reset-password/{token} — Reset form
POST /reset-password — Persist new password
Two-Factor Auth
GET /two-factor-challenge — 2FA prompt
POST /two-factor-challenge — Submit TOTP code
Routes to enable, confirm, and disable 2FA from the profile page
Profile & API Tokens
GET /user/profile — Profile settings page
Update profile info, password, and photo
GET /user/api-tokens — Manage personal access tokens
Create and revoke Sanctum API tokens with scoped permissions
The health check endpoint GET /up is registered automatically by Laravel 11 via the health key above. It returns a 200 OK response and is used for uptime monitoring.