Viewing file:  AuthController.php (4.16 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Validation\ValidationException;
use App\Models\User;
use App\Models\AuditLog;
class AuthController extends Controller
{
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
'type' => 'required|in:customer,admin',
]);
$user = User::where('email', $request->email)->where('type', $request->type)->first();
if (!$user || !Auth::attempt(['email'=>$request->email,'password'=> $request->password])) {
// Log failed login attempt if user exists
if ($user) {
AuditLog::log('Login Failed', 'auth', $user->id, ['email' => $request->email, 'reason' => 'Invalid credentials'], 'error');
} else {
// Log failed login attempt for unknown user (using 0 or null for user_id might be tricky if constrained, so maybe just skip or log with system user if possible, but for now let's skip or handle carefully)
// Since user_id is nullable in migration, we can log it without user_id
// We need to manually create the log since the helper assumes auth()->id() which is null here
// Actually the helper uses auth()->id() which is null.
// Let's just log it.
// Wait, the helper sets user_id = auth()->id(). If not logged in, it's null.
// But we want to associate it with the attempted email if possible? No, user_id must be an ID.
// So we just log it with null user_id.
AuditLog::log('Login Failed', 'auth', 0, ['email' => $request->email, 'reason' => 'User not found'], 'error');
}
throw ValidationException::withMessages([
'email' => ['The provided credentials are incorrect.'],
]);
}
$request->session()->regenerate();
AuditLog::log('Login', 'auth', $user->id, ['email' => $user->email]);
return response()->json([
'user' => $user
]);
}
public function register(Request $request)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|min:8|confirmed',
]);
$user = \App\Models\User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
'type' => 'customer',
]);
// Log registration (we can't use auth()->id() yet as they are not logged in, but we have the new user id)
// We can manually set the user_id on the log instance if we modify the helper or just use the helper and update it.
// Or just pass the new user id as entity id and let user_id be null (system action).
// Better: Login the user immediately? The code doesn't login.
// Let's log it as a system action (user_id null) but entity_id = new user id.
AuditLog::log('Register', 'user', $user->id, ['email' => $user->email, 'name' => $user->name]);
return response()->json([
'user' => $user,
], 201);
}
public function logout(Request $request)
{
$user = Auth::user();
if ($user) {
AuditLog::log('Logout', 'auth', $user->id, ['email' => $user->email]);
}
Auth::guard('web')->logout();
return response()->json(['message' => 'Logged out successfully']);
}
public function forgotPassword(Request $request)
{
$request->validate([
'email' => 'required|email',
]);
$status = Password::sendResetLink(
$request->only('email')
);
return $status === Password::RESET_LINK_SENT
? response()->json(['message' => 'Reset link sent to your email'])
: response()->json(['message' => 'Unable to send reset link'], 400);
}
}
|