app/Http/Controllers/Api/V1/AuthController.php

<?php

namespace App\Http\Controllers\Api\V1;

use App\Http\Controllers\Controller;
use App\Models\Device;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;

class AuthController extends Controller
{
    /**
     * Issue a long-lived, revocable device token (Sanctum).
     */
    public function login(Request $request)
    {
        $data = $request->validate([
            'email'       => ['required', 'email'],
            'password'    => ['required', 'string'],
            'device_name' => ['required', 'string', 'max:255'],
            'app_version' => ['nullable', 'string', 'max:50'],
        ]);

        $user = User::where('email', $data['email'])->first();

        if (! $user || ! Hash::check($data['password'], $user->password)) {
            throw ValidationException::withMessages([
                'email' => [__('auth.failed')],
            ]);
        }

        // One token per device name: revoke the previous one for this device.
        $user->tokens()->where('name', $data['device_name'])->delete();

        $token = $user->createToken($data['device_name'], ['mobile-sync']);

        Device::updateOrCreate(
            ['user_id' => $user->id, 'name' => $data['device_name']],
            [
                'token_id'     => $token->accessToken->id,
                'app_version'  => $data['app_version'] ?? null,
                'last_seen_at' => now(),
            ]
        );

        return response()->json([
            'token' => $token->plainTextToken,
            'user'  => $this->userPayload($user),
        ]);
    }

    public function me(Request $request)
    {
        return response()->json(['user' => $this->userPayload($request->user())]);
    }

    public function logout(Request $request)
    {
        $token = $request->user()->currentAccessToken();

        // Clean up the device record bound to this token.
        Device::where('token_id', $token->id)->delete();
        $token->delete();

        return response()->json(['message' => 'Logged out']);
    }

    private function userPayload(User $user): array
    {
        return [
            'id'          => $user->id,
            'name'        => $user->name,
            'email'       => $user->email,
            'roles'       => $user->getRoleNames(),
            'permissions' => $user->getAllPermissions()->pluck('name')->values(),
        ];
    }
}
feat(api): mobile API Milestone 1+2 — Sanctum auth + offline sync vertical slice 2026-06-18 09:05:20 +02:00			`<?php`

			`namespace App\Http\Controllers\Api\V1;`

			`use App\Http\Controllers\Controller;`
			`use App\Models\Device;`
			`use App\Models\User;`
			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\Hash;`
			`use Illuminate\Validation\ValidationException;`

			`class AuthController extends Controller`
			`{`
			`/**`
			`* Issue a long-lived, revocable device token (Sanctum).`
			`*/`
			`public function login(Request $request)`
			`{`
			`$data = $request->validate([`
			`'email' => ['required', 'email'],`
			`'password' => ['required', 'string'],`
			`'device_name' => ['required', 'string', 'max:255'],`
			`'app_version' => ['nullable', 'string', 'max:50'],`
			`]);`

			`$user = User::where('email', $data['email'])->first();`

			`if (! $user \|\| ! Hash::check($data['password'], $user->password)) {`
			`throw ValidationException::withMessages([`
			`'email' => [__('auth.failed')],`
			`]);`
			`}`

			`// One token per device name: revoke the previous one for this device.`
			`$user->tokens()->where('name', $data['device_name'])->delete();`

			`$token = $user->createToken($data['device_name'], ['mobile-sync']);`

			`Device::updateOrCreate(`
			`['user_id' => $user->id, 'name' => $data['device_name']],`
			`[`
			`'token_id' => $token->accessToken->id,`
			`'app_version' => $data['app_version'] ?? null,`
			`'last_seen_at' => now(),`
			`]`
			`);`

			`return response()->json([`
			`'token' => $token->plainTextToken,`
			`'user' => $this->userPayload($user),`
			`]);`
			`}`

			`public function me(Request $request)`
			`{`
			`return response()->json(['user' => $this->userPayload($request->user())]);`
			`}`

			`public function logout(Request $request)`
			`{`
			`$token = $request->user()->currentAccessToken();`

			`// Clean up the device record bound to this token.`
			`Device::where('token_id', $token->id)->delete();`
			`$token->delete();`

			`return response()->json(['message' => 'Logged out']);`
			`}`

			`private function userPayload(User $user): array`
			`{`
			`return [`
			`'id' => $user->id,`
			`'name' => $user->name,`
			`'email' => $user->email,`
			`'roles' => $user->getRoleNames(),`
			`'permissions' => $user->getAllPermissions()->pluck('name')->values(),`
			`];`
			`}`
			`}`