Deploy 2: 2FA (App + Email) + REST API + CSV import-export + auto backup

- Filament v5 multiFactorAuthentication enabled on both panels (App + Email)
- HasAppAuthentication + HasEmailAuthentication on User and SuperAdmin
- Migration: app_authentication_secret + recovery_codes + email_authentication_at
- Sanctum REST API: /api/v1/login, /me, clients, vehicles, work-orders
- EnsureTokenMatchesTenant middleware blocks cross-tenant token usage
- CsvImportExport service: clients + vehicles bulk via plain CSV
- Import/Export buttons on Client + Vehicle list pages
- ApiTokens page in tenant panel (generate/revoke + last-used)
- BackupAllTenantsCommand + scheduler (daily 03:00, retain 14 days)
- Background scheduler in entrypoint.sh
This commit is contained in:
2026-05-07 19:25:27 +00:00
parent ce4e21220f
commit eaa05d68c1
22 changed files with 1068 additions and 6 deletions
@@ -0,0 +1,83 @@
<?php
namespace App\Http\Controllers\Api;
use App\Models\Tenant\User;
use App\Tenancy\TenantManager;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;
class ApiAuthController
{
public function login(Request $request): JsonResponse
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
'device' => 'sometimes|string|max:80',
]);
$tenant = app(TenantManager::class)->current();
if (! $tenant) {
throw ValidationException::withMessages([
'email' => 'Tenant subdomain required.',
]);
}
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
throw ValidationException::withMessages([
'email' => 'Invalid credentials.',
]);
}
if ($user->company_id !== $tenant->id) {
throw ValidationException::withMessages([
'email' => 'User does not belong to this tenant.',
]);
}
if ($user->status !== 'active') {
throw ValidationException::withMessages([
'email' => 'Account inactive.',
]);
}
$token = $user->createToken($request->input('device', 'api'))->plainTextToken;
return response()->json([
'token' => $token,
'user' => [
'id' => $user->id,
'name' => $user->name,
'email' => $user->email,
'role' => $user->role,
],
'tenant' => [
'slug' => $tenant->slug,
'name' => $tenant->display_name ?? $tenant->name,
],
]);
}
public function me(Request $request): JsonResponse
{
$u = $request->user();
return response()->json([
'id' => $u->id,
'name' => $u->name,
'email' => $u->email,
'role' => $u->role,
'tenant_slug' => app(TenantManager::class)->current()?->slug,
]);
}
public function logout(Request $request): JsonResponse
{
$request->user()->currentAccessToken()->delete();
return response()->json(['ok' => true]);
}
}