Files
autocrm/routes/web.php
T

180 lines
6.7 KiB
PHP

<?php
use App\Models\Central\Company;
use App\Models\Central\SuperAdmin;
use App\Models\Tenant\User;
use App\Tenancy\TenantManager;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Route;
Route::get('/', function () {
return view('welcome');
});
// TEMPORARY DEBUG — remove after diagnosing login. Token-protected.
Route::get('/__debug/{token}', function (string $token, \Illuminate\Http\Request $request) {
if ($token !== 'kx9zMq7vR3aF2') {
abort(404);
}
$host = $request->getHost();
$central = config('tenancy.central_domains', []);
$report = [
'host' => $host,
'central_domains' => $central,
'is_central' => in_array($host, $central, true),
];
// Companies (always show)
$report['companies'] = Company::withoutGlobalScopes()
->select('id', 'slug', 'name', 'status')->get()->toArray();
// Super admins
$report['super_admins'] = SuperAdmin::select('id', 'name', 'email', 'is_active')->get()->toArray();
// Try to resolve tenant from host
$centralPrimary = $central[0] ?? 'service.mir.md';
$slug = str_ends_with($host, ".{$centralPrimary}")
? substr($host, 0, -strlen(".{$centralPrimary}"))
: null;
$report['detected_slug'] = $slug;
if ($slug) {
$company = Company::where('slug', $slug)->first();
$report['tenant_found'] = (bool) $company;
if ($company) {
$report['tenant'] = $company->only(['id', 'slug', 'name', 'status']);
// Set tenant context to query users
app(TenantManager::class)->setCurrent($company);
$users = User::select('id', 'company_id', 'email', 'name', 'role', 'status')->get()->toArray();
$report['users_in_tenant'] = $users;
// Test auth attempt
$admin = User::where('email', 'admin@psauto.md')->first();
$report['admin_found'] = (bool) $admin;
if ($admin) {
$report['admin_check_password_admin123'] = Hash::check('admin123', $admin->password);
$report['admin_status'] = $admin->status;
$report['admin_can_access_panel'] = method_exists($admin, 'canAccessPanel')
? 'method exists' : 'no method';
}
}
}
return response()->json($report, 200, [], JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
});
Route::get('/__seed/{token}', function (string $token) {
if ($token !== 'kx9zMq7vR3aF2') {
abort(404);
}
try {
\Illuminate\Support\Facades\Artisan::call('db:seed', ['--force' => true]);
return response()->json([
'ok' => true,
'output' => \Illuminate\Support\Facades\Artisan::output(),
]);
} catch (\Throwable $e) {
return response()->json([
'ok' => false,
'error' => $e->getMessage(),
'file' => $e->getFile() . ':' . $e->getLine(),
'trace' => array_slice(explode("\n", $e->getTraceAsString()), 0, 15),
], 500);
}
});
Route::get('/__whoami/{token}', function (string $token, \Illuminate\Http\Request $request) {
if ($token !== 'kx9zMq7vR3aF2') abort(404);
$sess = $request->session();
return response()->json([
'host' => $request->getHost(),
'session_id' => $sess->getId(),
'session_name' => $sess->getName(),
'session_driver' => config('session.driver'),
'session_keys' => array_keys($sess->all()),
'auth_web_check' => auth('web')->check(),
'auth_web_user' => auth('web')->user()?->only(['id', 'email', 'company_id']),
'auth_default' => config('auth.defaults.guard'),
'tenant_id' => app(\App\Tenancy\TenantManager::class)->currentId(),
], 200, [], JSON_PRETTY_PRINT);
});
// Force-login endpoint to test session persistence (bypass Livewire/CSRF).
Route::get('/__force-login/{token}', function (string $token, \Illuminate\Http\Request $request) {
if ($token !== 'kx9zMq7vR3aF2') {
abort(404);
}
$email = $request->query('email', 'admin@psauto.md');
$user = \App\Models\Tenant\User::where('email', $email)->first();
if (! $user) {
return response('User not found', 404);
}
auth('web')->login($user, true);
$request->session()->regenerate();
$intended = url('/app');
return response('
<html><body style="font-family:system-ui;padding:40px">
<h1>✓ Force-login OK</h1>
<p>User: '.e($user->email).' (id '.$user->id.')</p>
<p>Session ID: '.e($request->session()->getId()).'</p>
<p>Auth check: '.(auth('web')->check() ? 'YES' : 'NO').'</p>
<p>Cookie domain: '.e(config('session.domain') ?: '(null = host-only)').'</p>
<p>Now click → <a href="'.e($intended).'">'.e($intended).'</a></p>
</body></html>');
});
// Test direct auth attempt + canAccessPanel
Route::get('/__try-login/{token}', function (string $token, \Illuminate\Http\Request $request) {
if ($token !== 'kx9zMq7vR3aF2') {
abort(404);
}
$email = $request->query('email', 'admin@psauto.md');
$pass = $request->query('pass', 'admin123');
$report = [
'host' => $request->getHost(),
'tenant_resolved' => app(\App\Tenancy\TenantManager::class)->isResolved(),
'tenant_id' => app(\App\Tenancy\TenantManager::class)->currentId(),
'session_domain_config' => config('session.domain'),
'session_secure_config' => config('session.secure'),
'session_same_site' => config('session.same_site'),
'app_url' => config('app.url'),
'request_secure' => $request->isSecure(),
'request_scheme' => $request->getScheme(),
];
$user = \App\Models\Tenant\User::where('email', $email)->first();
$report['user_lookup'] = (bool) $user;
if ($user) {
$report['user_status'] = $user->status;
$report['password_check'] = \Illuminate\Support\Facades\Hash::check($pass, $user->password);
// Check canAccessPanel against tenant panel
try {
$panel = \Filament\Facades\Filament::getPanel('tenant');
$report['panel_found'] = (bool) $panel;
$report['panel_id'] = $panel?->getId();
$report['can_access_panel'] = $user->canAccessPanel($panel);
} catch (\Throwable $e) {
$report['panel_error'] = $e->getMessage();
}
}
// Try Auth::attempt
try {
$ok = auth('web')->attempt(['email' => $email, 'password' => $pass]);
$report['auth_attempt_result'] = $ok;
$report['authenticated_user_id'] = auth('web')->id();
} catch (\Throwable $e) {
$report['auth_error'] = $e->getMessage();
}
return response()->json($report, 200, [], JSON_PRETTY_PRINT);
});