eaa05d68c1
- Filament v5 multiFactorAuthentication enabled on both panels (App + Email) - HasAppAuthentication + HasEmailAuthentication on User and SuperAdmin - Migration: app_authentication_secret + recovery_codes + email_authentication_at - Sanctum REST API: /api/v1/login, /me, clients, vehicles, work-orders - EnsureTokenMatchesTenant middleware blocks cross-tenant token usage - CsvImportExport service: clients + vehicles bulk via plain CSV - Import/Export buttons on Client + Vehicle list pages - ApiTokens page in tenant panel (generate/revoke + last-used) - BackupAllTenantsCommand + scheduler (daily 03:00, retain 14 days) - Background scheduler in entrypoint.sh
84 lines
2.4 KiB
PHP
84 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use App\Models\Tenant\User;
|
|
use App\Tenancy\TenantManager;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class ApiAuthController
|
|
{
|
|
public function login(Request $request): JsonResponse
|
|
{
|
|
$request->validate([
|
|
'email' => 'required|email',
|
|
'password' => 'required',
|
|
'device' => 'sometimes|string|max:80',
|
|
]);
|
|
|
|
$tenant = app(TenantManager::class)->current();
|
|
if (! $tenant) {
|
|
throw ValidationException::withMessages([
|
|
'email' => 'Tenant subdomain required.',
|
|
]);
|
|
}
|
|
|
|
$user = User::where('email', $request->email)->first();
|
|
|
|
if (! $user || ! Hash::check($request->password, $user->password)) {
|
|
throw ValidationException::withMessages([
|
|
'email' => 'Invalid credentials.',
|
|
]);
|
|
}
|
|
|
|
if ($user->company_id !== $tenant->id) {
|
|
throw ValidationException::withMessages([
|
|
'email' => 'User does not belong to this tenant.',
|
|
]);
|
|
}
|
|
|
|
if ($user->status !== 'active') {
|
|
throw ValidationException::withMessages([
|
|
'email' => 'Account inactive.',
|
|
]);
|
|
}
|
|
|
|
$token = $user->createToken($request->input('device', 'api'))->plainTextToken;
|
|
|
|
return response()->json([
|
|
'token' => $token,
|
|
'user' => [
|
|
'id' => $user->id,
|
|
'name' => $user->name,
|
|
'email' => $user->email,
|
|
'role' => $user->role,
|
|
],
|
|
'tenant' => [
|
|
'slug' => $tenant->slug,
|
|
'name' => $tenant->display_name ?? $tenant->name,
|
|
],
|
|
]);
|
|
}
|
|
|
|
public function me(Request $request): JsonResponse
|
|
{
|
|
$u = $request->user();
|
|
return response()->json([
|
|
'id' => $u->id,
|
|
'name' => $u->name,
|
|
'email' => $u->email,
|
|
'role' => $u->role,
|
|
'tenant_slug' => app(TenantManager::class)->current()?->slug,
|
|
]);
|
|
}
|
|
|
|
public function logout(Request $request): JsonResponse
|
|
{
|
|
$request->user()->currentAccessToken()->delete();
|
|
return response()->json(['ok' => true]);
|
|
}
|
|
}
|