Deploy 2: 2FA (App + Email) + REST API + CSV import-export + auto backup

- Filament v5 multiFactorAuthentication enabled on both panels (App + Email)
- HasAppAuthentication + HasEmailAuthentication on User and SuperAdmin
- Migration: app_authentication_secret + recovery_codes + email_authentication_at
- Sanctum REST API: /api/v1/login, /me, clients, vehicles, work-orders
- EnsureTokenMatchesTenant middleware blocks cross-tenant token usage
- CsvImportExport service: clients + vehicles bulk via plain CSV
- Import/Export buttons on Client + Vehicle list pages
- ApiTokens page in tenant panel (generate/revoke + last-used)
- BackupAllTenantsCommand + scheduler (daily 03:00, retain 14 days)
- Background scheduler in entrypoint.sh
This commit is contained in:
2026-05-07 19:25:27 +00:00
parent ce4e21220f
commit eaa05d68c1
22 changed files with 1068 additions and 6 deletions
@@ -0,0 +1,67 @@
<?php
namespace App\Http\Controllers\Api;
use App\Models\Tenant\Client;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
class ClientApiController
{
public function index(Request $request): JsonResponse
{
$q = Client::query();
if ($s = $request->query('search')) {
$q->where(function ($qq) use ($s) {
$qq->where('name', 'like', "%{$s}%")
->orWhere('phone', 'like', "%{$s}%")
->orWhere('email', 'like', "%{$s}%");
});
}
return response()->json($q->orderBy('name')->paginate(min((int) $request->query('per_page', 25), 100)));
}
public function show(Client $client): JsonResponse
{
return response()->json($client->load('vehicles'));
}
public function store(Request $request): JsonResponse
{
$data = $request->validate([
'name' => 'required|string|max:120',
'phone' => 'required|string|max:40',
'phone_alt' => 'nullable|string|max:40',
'email' => 'nullable|email|max:120',
'company_name' => 'nullable|string|max:160',
'type' => 'in:individual,company',
'status' => 'in:new,active,vip,debtor,blocked,lost',
'discount_pct' => 'nullable|numeric|min:0|max:100',
'notes' => 'nullable|string',
]);
$client = Client::create($data + ['type' => 'individual', 'status' => 'active']);
return response()->json($client, 201);
}
public function update(Request $request, Client $client): JsonResponse
{
$data = $request->validate([
'name' => 'sometimes|string|max:120',
'phone' => 'sometimes|string|max:40',
'phone_alt' => 'nullable|string|max:40',
'email' => 'nullable|email|max:120',
'company_name' => 'nullable|string|max:160',
'status' => 'in:new,active,vip,debtor,blocked,lost',
'discount_pct' => 'nullable|numeric|min:0|max:100',
'notes' => 'nullable|string',
]);
$client->update($data);
return response()->json($client);
}
public function destroy(Client $client): JsonResponse
{
$client->delete();
return response()->json(['ok' => true]);
}
}