149 lines
4.4 KiB
PHP
149 lines
4.4 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class AuthController extends Controller
|
|
{
|
|
/**
|
|
* Register a new user (Admin only)
|
|
*
|
|
* @param Request $request
|
|
* @return JsonResponse
|
|
*/
|
|
public function register(Request $request): JsonResponse
|
|
{
|
|
// Only allow admins to register new users
|
|
if (!auth()->check() || !auth()->user()->is_admin) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'message' => 'Unauthorized action'
|
|
], 403);
|
|
}
|
|
|
|
$request->validate([
|
|
'name' => 'required|string|max:255',
|
|
'email' => 'required|string|email|max:255|unique:users',
|
|
'password' => 'required|string|min:8',
|
|
'is_admin' => 'boolean'
|
|
]);
|
|
|
|
$user = User::create([
|
|
'name' => $request->name,
|
|
'email' => $request->email,
|
|
'password' => Hash::make($request->password),
|
|
'is_admin' => $request->is_admin ?? false,
|
|
]);
|
|
|
|
return response()->json([
|
|
'success' => true,
|
|
'message' => 'User created successfully',
|
|
'data' => $user
|
|
], 201);
|
|
}
|
|
|
|
/**
|
|
* Login and generate token
|
|
*
|
|
* @param Request $request
|
|
* @return JsonResponse
|
|
*/
|
|
public function login(Request $request): JsonResponse
|
|
{
|
|
// Always return JSON responses from API endpoints
|
|
$request->headers->set('Accept', 'application/json');
|
|
|
|
$request->validate([
|
|
'email' => 'required|email',
|
|
'password' => 'required',
|
|
'device_name' => 'nullable|string',
|
|
]);
|
|
|
|
$user = User::where('email', $request->email)->first();
|
|
|
|
if (!$user || !Hash::check($request->password, $user->password)) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'message' => 'Invalid credentials',
|
|
], 401);
|
|
}
|
|
|
|
// Delete any existing tokens for this device name if provided
|
|
if ($request->device_name) {
|
|
$user->tokens()->where('name', $request->device_name)->delete();
|
|
}
|
|
|
|
// Create token with appropriate abilities based on user role
|
|
$abilities = $user->is_admin ? ['admin'] : ['user'];
|
|
$token = $user->createToken($request->device_name ?? 'api_token', $abilities);
|
|
|
|
// Get token expiration time if configured
|
|
$tokenExpiration = null;
|
|
$expirationMinutes = config('sanctum.expiration');
|
|
if ($expirationMinutes) {
|
|
$tokenExpiration = now()->addMinutes($expirationMinutes)->toDateTimeString();
|
|
}
|
|
|
|
return response()->json([
|
|
'success' => true,
|
|
'message' => 'User signed in successfully',
|
|
'token' => $token->plainTextToken,
|
|
'token_type' => 'Bearer',
|
|
'expires_at' => $tokenExpiration,
|
|
'user' => [
|
|
'id' => $user->id,
|
|
'name' => $user->name,
|
|
'email' => $user->email,
|
|
'is_admin' => $user->is_admin,
|
|
'abilities' => $abilities
|
|
]
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Logout (revoke token)
|
|
*
|
|
* @param Request $request
|
|
* @return JsonResponse
|
|
*/
|
|
public function logout(Request $request): JsonResponse
|
|
{
|
|
// Revoke the token that was used to authenticate the current request
|
|
$request->user()->currentAccessToken()->delete();
|
|
|
|
return response()->json([
|
|
'success' => true,
|
|
'message' => 'Logged out successfully'
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Get the authenticated user
|
|
*
|
|
* @param Request $request
|
|
* @return JsonResponse
|
|
*/
|
|
public function me(Request $request): JsonResponse
|
|
{
|
|
$user = $request->user();
|
|
|
|
return response()->json([
|
|
'success' => true,
|
|
'data' => [
|
|
'user' => [
|
|
'id' => $user->id,
|
|
'name' => $user->name,
|
|
'email' => $user->email,
|
|
'is_admin' => $user->is_admin,
|
|
],
|
|
'abilities' => $request->user()->currentAccessToken()->abilities
|
|
]
|
|
]);
|
|
}
|
|
} |