Deploy 2: 2FA (App + Email) + REST API + CSV import-export + auto backup
- Filament v5 multiFactorAuthentication enabled on both panels (App + Email) - HasAppAuthentication + HasEmailAuthentication on User and SuperAdmin - Migration: app_authentication_secret + recovery_codes + email_authentication_at - Sanctum REST API: /api/v1/login, /me, clients, vehicles, work-orders - EnsureTokenMatchesTenant middleware blocks cross-tenant token usage - CsvImportExport service: clients + vehicles bulk via plain CSV - Import/Export buttons on Client + Vehicle list pages - ApiTokens page in tenant panel (generate/revoke + last-used) - BackupAllTenantsCommand + scheduler (daily 03:00, retain 14 days) - Background scheduler in entrypoint.sh
This commit is contained in:
@@ -0,0 +1,83 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Models\Tenant\User;
|
||||
use App\Tenancy\TenantManager;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
class ApiAuthController
|
||||
{
|
||||
public function login(Request $request): JsonResponse
|
||||
{
|
||||
$request->validate([
|
||||
'email' => 'required|email',
|
||||
'password' => 'required',
|
||||
'device' => 'sometimes|string|max:80',
|
||||
]);
|
||||
|
||||
$tenant = app(TenantManager::class)->current();
|
||||
if (! $tenant) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => 'Tenant subdomain required.',
|
||||
]);
|
||||
}
|
||||
|
||||
$user = User::where('email', $request->email)->first();
|
||||
|
||||
if (! $user || ! Hash::check($request->password, $user->password)) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => 'Invalid credentials.',
|
||||
]);
|
||||
}
|
||||
|
||||
if ($user->company_id !== $tenant->id) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => 'User does not belong to this tenant.',
|
||||
]);
|
||||
}
|
||||
|
||||
if ($user->status !== 'active') {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => 'Account inactive.',
|
||||
]);
|
||||
}
|
||||
|
||||
$token = $user->createToken($request->input('device', 'api'))->plainTextToken;
|
||||
|
||||
return response()->json([
|
||||
'token' => $token,
|
||||
'user' => [
|
||||
'id' => $user->id,
|
||||
'name' => $user->name,
|
||||
'email' => $user->email,
|
||||
'role' => $user->role,
|
||||
],
|
||||
'tenant' => [
|
||||
'slug' => $tenant->slug,
|
||||
'name' => $tenant->display_name ?? $tenant->name,
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
public function me(Request $request): JsonResponse
|
||||
{
|
||||
$u = $request->user();
|
||||
return response()->json([
|
||||
'id' => $u->id,
|
||||
'name' => $u->name,
|
||||
'email' => $u->email,
|
||||
'role' => $u->role,
|
||||
'tenant_slug' => app(TenantManager::class)->current()?->slug,
|
||||
]);
|
||||
}
|
||||
|
||||
public function logout(Request $request): JsonResponse
|
||||
{
|
||||
$request->user()->currentAccessToken()->delete();
|
||||
return response()->json(['ok' => true]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user