Documentation

Routing Architecture

App-level and package-level routes, auth guards, and key middleware

Last updated: Feb 09, 2026

Routing Architecture

Routes are loaded from two sources: app-level (routes/) and package-level (each package's ServiceProvider).

App-Level Routes

FileScopeContents
web.phpWebDashboard redirect (admin vs shop based on guard), requires settings.php + auth.php
api.phpAPISingle GET /user (sanctum) — bulk API routes in API package
auth.phpWeb (guest + auth)Register, login, forgot/reset password, email verification, logout
settings.phpWeb (auth)Profile CRUD, password, appearance, two-factor — under /settings/
console.phpArtisanDefault inspire command

Package Route Files

PackageRoute FilePrefixMiddleware
Coreadmin.php/adminweb, auth, is_admin
Adminadmin.php/adminweb, auth, is_admin
Productadmin.php/admin/productsweb, auth, is_admin
Productweb.php/web
Cartweb.php/cartweb
Cartapi.php/api/v1/cartapi, auth:sanctum
Shopweb.php/web
Shopapi.php/api/v1api
Settingsadmin.php/admin/settingsweb, auth, is_admin
Salesadmin.php/admin/salesweb, auth, is_admin
Customercustomer.php/admin/customersweb, auth, is_admin
CMSadmin.php/admin/cmsweb, auth, is_admin
CMSweb.php/{slug}web (catch-all for pages)
Systemsystem.php/admin/systemweb, auth, is_admin
Reportsadmin.php/admin/reportsweb, auth, is_admin
Marketingadmin.php/admin/marketingweb, auth, is_admin
Marketingshop.php/web (coupon application)
APIapi.php/api/v1api (some routes auth, some public)
Setupsetup.php/setupweb
Stripeadmin.php + web.phpvariesgateway-specific

Auth Guards

GuardPurposeSession
web (default)Customer / user authenticationCookie-based
adminAdmin panel accessCookie-based
sanctumAPI token authBearer token

Key Middleware

MiddlewareLocationPurpose
HandleInertiaRequestsapp/Http/Middleware/Shares auth, menu, currency, flash, theme, sidebar state to all Inertia pages
HandleAppearanceapp/Http/Middleware/Dark/light mode handling
IsAdminCartxis\AdminVerifies admin guard
PreventAdminFrontendAccessCartxis\AdminBlocks admin users from customer frontend
PreventUserAdminAccessCartxis\AdminBlocks customers from admin panel
RedirectIfAdminAuthenticatedCartxis\AdminRedirects authenticated admins from login
ShareFrontendDataCartxis\ShopShares storefront-specific data
ThemeInertiaResponseFactoryCartxis\CoreTheme-aware Inertia responses
TrackApiSyncCartxis\APIAuto-updates API connectivity status on auth requests
PreviousProduct, Cart & ShopNextFrontend Architecture