javier
17a824f925
Milestone 1 (auth foundation):
- Installed laravel/sanctum; HasApiTokens on User; published config + migration.
- routes/api.php with /api/v1; Sanctum 'ability' middleware alias registered.
- AuthController: POST login (long-lived revocable device token w/ ability
mobile-sync + devices table), GET me, POST logout. New Device model/table.
Milestone 2 (vertical slice, offline-first):
- progress_updates: +uuid (client-generated) +client_updated_at.
- ProjectApiController: GET projects (accessibleBy), GET projects/{id}/bundle
(project/phases/layers/features, membership-authorized).
- SyncController: POST sync — batch ops, idempotent by uuid, per-op result
(applied/duplicate/error), server-set user_id, authz by permission+membership.
Currently handles progress_update.create.
Tests: tests/Feature/Api/MobileApiTest (9 passing) — auth, accessible projects,
bundle authz, sync apply+idempotency, permission enforcement.
Also fixed a latent schema bug: projects.reference (and external_reference_1)
existed in the live DB but had no migration — added a guarded migration so fresh
installs match production.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
81 lines
2.4 KiB
PHP
81 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api\V1;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Models\Device;
|
|
use App\Models\User;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class AuthController extends Controller
|
|
{
|
|
/**
|
|
* Issue a long-lived, revocable device token (Sanctum).
|
|
*/
|
|
public function login(Request $request)
|
|
{
|
|
$data = $request->validate([
|
|
'email' => ['required', 'email'],
|
|
'password' => ['required', 'string'],
|
|
'device_name' => ['required', 'string', 'max:255'],
|
|
'app_version' => ['nullable', 'string', 'max:50'],
|
|
]);
|
|
|
|
$user = User::where('email', $data['email'])->first();
|
|
|
|
if (! $user || ! Hash::check($data['password'], $user->password)) {
|
|
throw ValidationException::withMessages([
|
|
'email' => [__('auth.failed')],
|
|
]);
|
|
}
|
|
|
|
// One token per device name: revoke the previous one for this device.
|
|
$user->tokens()->where('name', $data['device_name'])->delete();
|
|
|
|
$token = $user->createToken($data['device_name'], ['mobile-sync']);
|
|
|
|
Device::updateOrCreate(
|
|
['user_id' => $user->id, 'name' => $data['device_name']],
|
|
[
|
|
'token_id' => $token->accessToken->id,
|
|
'app_version' => $data['app_version'] ?? null,
|
|
'last_seen_at' => now(),
|
|
]
|
|
);
|
|
|
|
return response()->json([
|
|
'token' => $token->plainTextToken,
|
|
'user' => $this->userPayload($user),
|
|
]);
|
|
}
|
|
|
|
public function me(Request $request)
|
|
{
|
|
return response()->json(['user' => $this->userPayload($request->user())]);
|
|
}
|
|
|
|
public function logout(Request $request)
|
|
{
|
|
$token = $request->user()->currentAccessToken();
|
|
|
|
// Clean up the device record bound to this token.
|
|
Device::where('token_id', $token->id)->delete();
|
|
$token->delete();
|
|
|
|
return response()->json(['message' => 'Logged out']);
|
|
}
|
|
|
|
private function userPayload(User $user): array
|
|
{
|
|
return [
|
|
'id' => $user->id,
|
|
'name' => $user->name,
|
|
'email' => $user->email,
|
|
'roles' => $user->getRoleNames(),
|
|
'permissions' => $user->getAllPermissions()->pluck('name')->values(),
|
|
];
|
|
}
|
|
}
|