koel/app/Http/Controllers/API/AuthController.php

87 lines
2.3 KiB
PHP
Raw Normal View History

2016-05-30 05:50:59 +00:00
<?php
namespace App\Http\Controllers\API;
use App\Http\Requests\API\UserLoginRequest;
2020-09-06 18:21:39 +00:00
use App\Models\User;
use App\Repositories\UserRepository;
use App\Services\TokenManager;
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Hashing\HashManager;
2017-06-04 01:30:45 +00:00
use Illuminate\Http\JsonResponse;
2020-09-06 18:21:39 +00:00
use Illuminate\Http\Response;
2016-05-30 05:50:59 +00:00
/**
* @group 1. Authentication
*/
2016-05-30 05:50:59 +00:00
class AuthController extends Controller
{
2020-09-06 18:21:39 +00:00
private $userRepository;
private $hash;
private $tokenManager;
2018-08-31 13:47:15 +00:00
2020-09-06 18:21:39 +00:00
/** @var User|null */
private $currentUser;
public function __construct(
UserRepository $userRepository,
HashManager $hash,
TokenManager $tokenManager,
?Authenticatable $currentUser
)
2018-08-31 13:47:15 +00:00
{
2020-09-06 18:21:39 +00:00
$this->userRepository = $userRepository;
$this->hash = $hash;
$this->currentUser = $currentUser;
$this->tokenManager = $tokenManager;
2018-08-31 13:47:15 +00:00
}
2016-05-30 05:50:59 +00:00
/**
* Log a user in
2016-05-30 05:50:59 +00:00
*
* Koel uses [JSON Web Tokens](https://jwt.io/) (JWT) for authentication.
* After the user has been authenticated, a random "token" will be returned.
* This token should then be saved in a local storage and used as an `Authorization: Bearer` header
* for consecutive calls.
*
* Notice: The token is valid for a week, after that the user will need to log in again.
*
* @bodyParam email string required The user's email. Example: john@doe.com
* @bodyParam password string required The password. Example: SoSecureMuchW0w
*
* @response {
* "token": "<a-random-string>"
* }
* @reponse 401 {
* "message": "Invalid credentials"
* }
*
2017-06-04 01:30:45 +00:00
* @return JsonResponse
2016-05-30 05:50:59 +00:00
*/
public function login(UserLoginRequest $request)
{
2020-09-06 18:21:39 +00:00
/** @var User $user */
$user = $this->userRepository->getFirstWhere('email', $request->email);
if (!$user || !$this->hash->check($request->password, $user->password)) {
abort(Response::HTTP_UNAUTHORIZED, 'Invalid credentials');
}
2016-05-30 05:50:59 +00:00
2020-09-06 18:21:39 +00:00
return response()->json([
'token' => $this->tokenManager->createToken($user)->plainTextToken
]);
2016-05-30 05:50:59 +00:00
}
/**
* Log the current user out
2016-05-30 05:50:59 +00:00
*
2017-06-04 01:30:45 +00:00
* @return JsonResponse
2016-05-30 05:50:59 +00:00
*/
public function logout()
{
2020-09-06 18:21:39 +00:00
$this->tokenManager->destroyTokens($this->currentUser);
2016-05-30 05:50:59 +00:00
return response()->json();
}
}