kithkin/routes/web.php

<?php

use Illuminate\Support\Facades\Route;
use App\Http\Controllers\ProfileController;
use App\Http\Controllers\BookController;
use App\Http\Controllers\CalendarController;
use App\Http\Controllers\CalendarSettingsController;
use App\Http\Controllers\CardController;
use App\Http\Controllers\DavController;
use App\Http\Controllers\EventController;
use App\Http\Controllers\IcsController;
use App\Http\Controllers\LocationController;
use App\Http\Controllers\SubscriptionController;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;

/**
 *
 * public unauthenticated pages
 */

Route::view('/', 'welcome');

/**
 *
 * starter pages
 * @todo replace thse
 */

Route::view('/dashboard', 'dashboard')
    ->middleware(['auth', 'verified'])
    ->name('dashboard');

Route::view('/settings', 'settings')
    ->middleware(['auth', 'verified'])
    ->name('settings');

/**
 *
 * main authentication block
 */

Route::middleware('auth')->group(function ()
{
    /* user profile */
    Route::get('/profile/view', [ProfileController::class, 'index'])->name('profile.index');
    Route::get('/profile', [ProfileController::class, 'edit'])->name('profile.edit');
    Route::patch('/profile', [ProfileController::class, 'update'])->name('profile.update');
    Route::delete('/profile', [ProfileController::class, 'destroy'])->name('profile.destroy');
    Route::patch('/profile/addresses', [ProfileController::class, 'saveAddresses'])->name('profile.addresses.save');

    /* calendar core */
    Route::middleware('auth')->group(function () {
        // list, create, store, show, edit, update, destroy
        Route::resource('calendar', CalendarController::class)
             ->whereUuid('calendar'); // constrain the {calendar} param
    });

    /* calendar other */
    Route::middleware(['web','auth'])
        ->prefix('calendar')
        ->name('calendar.')
        ->group(function () {

            // settings landing
            Route::get('settings', [CalendarSettingsController::class, 'index'])->name('settings');

            // settings / subscribe to a calendar
            Route::get('settings/subscribe', [CalendarSettingsController::class, 'subscribeForm'])->name('settings.subscribe');
            Route::post('settings/subscribe', [CalendarSettingsController::class, 'subscribeStore'])->name('settings.subscribe.store');

            // remote calendar subscriptions
            Route::resource('subscriptions', SubscriptionController::class)
                 ->except(['show']); // index, create, store, edit, update, destroy

            // events
            Route::prefix('{calendar}')->whereUuid('calendar')->group(function () {
                // create & store
                Route::get ('event/create',        [EventController::class, 'create'])->name('event.create');
                Route::post('event',               [EventController::class, 'store' ])->name('event.store');
                // read
                Route::get ('event/{event}',       [EventController::class, 'show'  ])->name('event.show');
                // edit & update
                Route::get ('event/{event}/edit',  [EventController::class, 'edit'  ])->name('event.edit');
                Route::put ('event/{event}',       [EventController::class, 'update'])->name('event.update');
                // delete
                Route::delete('event/{event}',     [EventController::class, 'destroy'])->name('event.destroy');
            });
        });

    // autocomplete suggestions for event locations
    Route::get('/location/suggest', [LocationController::class, 'suggest'])
        ->name('location.suggest');

    // address books
    Route::resource('book', BookController::class)
        ->names('book')                       // books.index, books.create, …
        ->parameter('book', 'book');          // {book} binding

    /** contacts inside a book
        nested so urls look like /books/{book}/contacts/{contact} */
    /*Route::resource('book.contacts', CardController::class)
        ->names('book.contacts')
        ->parameter('contacts', 'contact')
        ->except(['index'])                    // you may add an index later
        ->shallow();*/
});

/* Breeze auth routes (login, register, password reset, etc.) */
require __DIR__.'/auth.php';

/*
|--------------------------------------------------------------------------
| SabreDAV endpoint (CalDAV + CardDAV)
|--------------------------------------------------------------------------
| Leave this outside the auth middleware; the SabreLaravelAuthPlugin handles
| authentication for DAV clients.
*/

// default dav handling
Route::match(
    ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS', 'HEAD', 'PROPFIND', 'PROPPATCH', 'MKCOL', 'COPY', 'MOVE', 'REPORT', 'LOCK', 'UNLOCK'],
    '/dav/{any?}',
    [DavController::class, 'handle']
)->where('any', '.*')
 ->withoutMiddleware([VerifyCsrfToken::class]);

// our subscriptions
Route::get('/ics/{calendarUri}.ics', [IcsController::class, 'download']);

// remote subscriptions
Route::middleware(['auth'])->group(function () {
    Route::resource('calendar/subscriptions', SubscriptionController::class)
         ->except(['show']);      // index • create • store • edit • update • destroy
});