feat: shop customer accounts (register/login + order history)

Schema:
- shop_customers (company_id, name, phone unique-per-tenant, email, password,
  client_id auto-linked, last_login_at)
- online_orders.shop_customer_id nullable FK

Auth:
- New 'shop' guard (session driver, shop_customers provider) in config/auth.php
- ShopCustomer Authenticatable with hashed password cast and BelongsToTenant
  global scope — login attempts naturally scoped to current tenant subdomain

Flow:
- ShopAuthController: register / login / logout / account
- Register auto-links to existing Client by phone match
- /shop/account: order history (only the logged customer's orders) + profile
- Checkout prefills name/phone/email from logged customer + sets
  shop_customer_id (and client_id from auto-link) on the placed order
- Layout nav switches between Login/Register and "👤 Name + Ieșire"

Tests (8 new):
- register creates customer + auto-login
- register auto-links existing Client by phone
- duplicate phone rejected
- login validates credentials
- /account requires auth (redirects to /shop/login)
- /account lists only the logged customer's orders
- checkout attaches shop_customer_id
- customers tenant-isolated

Full suite: 117 passed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-02 19:43:39 +00:00
parent dfb92bf5e2
commit 75386c354a
13 changed files with 556 additions and 5 deletions
+10
View File
@@ -93,6 +93,16 @@ Route::controller(\App\Http\Controllers\ShopController::class)->prefix('shop')->
Route::post('/part/{id}/add', 'addToCart')->where('id', '\d+')->name('shop.cart.add');
});
// ─── Shop customer auth ────────────────────────────────────────────
Route::controller(\App\Http\Controllers\ShopAuthController::class)->prefix('shop')->group(function () {
Route::get('/register', 'showRegister')->name('shop.register');
Route::post('/register', 'register');
Route::get('/login', 'showLogin')->name('shop.login');
Route::post('/login', 'login');
Route::post('/logout', 'logout')->name('shop.logout');
Route::get('/account', 'account')->name('shop.account');
});
// ─── Public WO tracking (no auth, tenant-scoped via subdomain) ──────
Route::get('/t/{token}', [\App\Http\Controllers\TrackingController::class, 'show'])
->where('token', '[A-Za-z0-9]{16,32}')