validate([ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users', 'password' => 'required|string|min:8', ]); $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), ]); return response()->json([ 'success' => true, 'message' => 'User created successfully', 'data' => $user ], 201); } public function getAllUsers(Request $request): JsonResponse { $user = $request->user(); // Optional: Ensure only users with 'admin' ability can access this if (!$user || !$request->user()->tokenCan('admin')) { return response()->json([ 'success' => false, 'message' => 'Unauthorized' ], 403); } $users = User::all(); return response()->json([ 'success' => true, 'data' => $users ]); } /** * Login and generate token * * @param Request $request * @return JsonResponse */ public function login(Request $request): JsonResponse { $request->headers->set('Accept', 'application/json'); $request->validate([ 'email' => 'required|email', 'password' => 'required', 'device_name' => 'nullable|string', ]); $user = User::where('email', $request->email)->first(); if (!$user || !Hash::check($request->password, $user->password)) { return response()->json([ 'success' => false, 'message' => 'Invalid credentials', ], 401); } // Delete existing tokens for the same device name if ($request->device_name) { $user->tokens()->where('name', $request->device_name)->delete(); } // All users will get the same 'admin' ability (since dashboard is admin-only) $token = $user->createToken($request->device_name ?? 'api_token', ['admin']); $tokenExpiration = null; $expirationMinutes = config('sanctum.expiration'); if ($expirationMinutes) { $tokenExpiration = now()->addMinutes($expirationMinutes)->toDateTimeString(); } return response()->json([ 'success' => true, 'message' => 'User signed in successfully', 'token' => $token->plainTextToken, 'token_type' => 'Bearer', 'expires_at' => $tokenExpiration, 'user' => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'abilities' => ['admin'] ] ]); } /** * Update authenticated user's account * * @param Request $request * @return JsonResponse */ public function update(Request $request) { $user = $request->user(); // Validate incoming request $request->validate([ 'name' => 'required|string|max:255', 'email' => 'required|email|unique:users,email,' . $user->id, 'current_password' => 'required|string', 'password' => 'nullable|string|confirmed|min:6', ]); // Check if current password is correct if (!\Hash::check($request->current_password, $user->password)) { return response()->json([ 'success' => false, 'message' => 'Current password is incorrect', ], 422); } // Update user data $user->name = $request->name; $user->email = $request->email; if ($request->filled('password')) { $user->password = bcrypt($request->password); } $user->save(); return response()->json([ 'success' => true, 'message' => 'Account updated successfully', 'user' => $user, ]); } /** * Logout (revoke token) * * @param Request $request * @return JsonResponse */ public function logout(Request $request): JsonResponse { $request->user()->currentAccessToken()->delete(); return response()->json([ 'success' => true, 'message' => 'Logged out successfully' ]); } /** * Get the authenticated user * * @param Request $request * @return JsonResponse */ public function me(Request $request): JsonResponse { $user = $request->user(); if (!$user) { return response()->json([ 'success' => false, 'message' => 'User not authenticated', ], 401); } return response()->json([ 'success' => true, 'data' => [ 'user' => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, ], 'abilities' => $request->user()->currentAccessToken()?->abilities ?? [], ] ]); } }