Refactor project structure and update dependencies
This commit is contained in:
@@ -2,14 +2,13 @@
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Http\Requests\Auth\LoginRequest;
|
||||
use App\Models\User;
|
||||
use App\Models\UserProvider;
|
||||
use Browser;
|
||||
use Illuminate\Auth\Events\PasswordReset;
|
||||
use Illuminate\Auth\Events\Registered;
|
||||
use Illuminate\Auth\Events\Verified;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Crypt;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
@@ -29,7 +28,7 @@ class AuthController extends Controller
|
||||
{
|
||||
$request->validate([
|
||||
'name' => ['required', 'string', 'max:255'],
|
||||
'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class],
|
||||
'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:' . User::class],
|
||||
'password' => ['required', 'confirmed', Rules\Password::defaults()],
|
||||
]);
|
||||
|
||||
@@ -54,19 +53,20 @@ class AuthController extends Controller
|
||||
/**
|
||||
* Redirect to provider for authentication
|
||||
*/
|
||||
public function redirect(Request $request, $provider)
|
||||
public function redirect(Request $request, string $provider): RedirectResponse
|
||||
{
|
||||
return Socialite::driver($provider)->stateless()->redirect();
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle callback from provider
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function callback(Request $request, string $provider): View
|
||||
{
|
||||
$oAuthUser = Socialite::driver($provider)->stateless()->user();
|
||||
|
||||
if (! $oAuthUser?->token) {
|
||||
if (!$oAuthUser?->token) {
|
||||
return view('oauth', [
|
||||
'message' => [
|
||||
'ok' => false,
|
||||
@@ -80,7 +80,7 @@ class AuthController extends Controller
|
||||
->where('provider_id', $oAuthUser->id)
|
||||
->first();
|
||||
|
||||
if (! $userProvider) {
|
||||
if (!$userProvider) {
|
||||
if (User::where('email', $oAuthUser->email)->exists()) {
|
||||
return view('oauth', [
|
||||
'message' => [
|
||||
@@ -98,8 +98,7 @@ class AuthController extends Controller
|
||||
$user->avatar = $oAuthUser->picture ?? $oAuthUser->avatar_original ?? $oAuthUser->avatar;
|
||||
$user->name = $oAuthUser->name;
|
||||
$user->email = $oAuthUser->email;
|
||||
$user->password = Hash::make(Str::random(32));
|
||||
$user->has_password = false;
|
||||
$user->password = null;
|
||||
$user->email_verified_at = now();
|
||||
$user->save();
|
||||
|
||||
@@ -113,53 +112,49 @@ class AuthController extends Controller
|
||||
$user = $userProvider->user;
|
||||
}
|
||||
|
||||
$browser = Browser::parse($request->userAgent());
|
||||
$device = $browser->platformName() . ' / ' . $browser->browserName();
|
||||
|
||||
$sanctumToken = $user->createToken(
|
||||
$device,
|
||||
['*'],
|
||||
now()->addMonth()
|
||||
$token = $user->createDeviceToken(
|
||||
device: $request->deviceName(),
|
||||
ip: $request->ip(),
|
||||
remember: $request->input('remember', false)
|
||||
);
|
||||
|
||||
$sanctumToken->accessToken->ip = $request->ip();
|
||||
$sanctumToken->accessToken->save();
|
||||
|
||||
return view('oauth', [
|
||||
'message' => [
|
||||
'ok' => true,
|
||||
'provider' => $provider,
|
||||
'token' => $sanctumToken->plainTextToken,
|
||||
'token' => $token,
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate sanctum token on successful login
|
||||
* @throws ValidationException
|
||||
*/
|
||||
public function login(LoginRequest $request): JsonResponse
|
||||
public function login(Request $request): JsonResponse
|
||||
{
|
||||
$user = User::where('email', $request->email)->first();
|
||||
$request->validate([
|
||||
'email' => ['required', 'string', 'email'],
|
||||
'password' => ['required', 'string'],
|
||||
]);
|
||||
|
||||
$request->authenticate($user);
|
||||
$user = User::select(['id', 'password'])->where('email', $request->email)->first();
|
||||
|
||||
$browser = Browser::parse($request->userAgent());
|
||||
$device = $browser->platformName() . ' / ' . $browser->browserName();
|
||||
if (!$user || !Hash::check($request->password, $user->password)) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => __('auth.failed'),
|
||||
]);
|
||||
}
|
||||
|
||||
$sanctumToken = $user->createToken(
|
||||
$device,
|
||||
['*'],
|
||||
$request->remember ?
|
||||
now()->addMonth() :
|
||||
now()->addDay()
|
||||
$token = $user->createDeviceToken(
|
||||
device: $request->deviceName(),
|
||||
ip: $request->ip(),
|
||||
remember: $request->input('remember', false)
|
||||
);
|
||||
|
||||
$sanctumToken->accessToken->ip = $request->ip();
|
||||
$sanctumToken->accessToken->save();
|
||||
|
||||
return response()->json([
|
||||
'ok' => true,
|
||||
'token' => $sanctumToken->plainTextToken,
|
||||
'token' => $token,
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -187,6 +182,7 @@ class AuthController extends Controller
|
||||
'user' => [
|
||||
...$user->toArray(),
|
||||
'must_verify_email' => $user->mustVerifyEmail(),
|
||||
'has_password' => (bool) $user->password,
|
||||
'roles' => $user->roles()->select('name')->pluck('name'),
|
||||
'providers' => $user->userProviders()->select('name')->pluck('name'),
|
||||
],
|
||||
@@ -195,6 +191,7 @@ class AuthController extends Controller
|
||||
|
||||
/**
|
||||
* Handle an incoming password reset link request.
|
||||
* @throws ValidationException
|
||||
*/
|
||||
public function sendResetPasswordLink(Request $request): JsonResponse
|
||||
{
|
||||
@@ -209,7 +206,7 @@ class AuthController extends Controller
|
||||
$request->only('email')
|
||||
);
|
||||
|
||||
if ($status != Password::RESET_LINK_SENT) {
|
||||
if ($status !== Password::RESET_LINK_SENT) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => [__($status)],
|
||||
]);
|
||||
@@ -223,6 +220,7 @@ class AuthController extends Controller
|
||||
|
||||
/**
|
||||
* Handle an incoming new password request.
|
||||
* @throws ValidationException
|
||||
*/
|
||||
public function resetPassword(Request $request): JsonResponse
|
||||
{
|
||||
@@ -237,18 +235,17 @@ class AuthController extends Controller
|
||||
// database. Otherwise we will parse the error and return the response.
|
||||
$status = Password::reset(
|
||||
$request->only('email', 'password', 'password_confirmation', 'token'),
|
||||
function ($user) use ($request) {
|
||||
static function ($user) use ($request) {
|
||||
$user->forceFill([
|
||||
'password' => Hash::make($request->password),
|
||||
'remember_token' => Str::random(60),
|
||||
'has_password' => true,
|
||||
])->save();
|
||||
|
||||
event(new PasswordReset($user));
|
||||
}
|
||||
);
|
||||
|
||||
if ($status != Password::PASSWORD_RESET) {
|
||||
if ($status !== Password::PASSWORD_RESET) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => [__($status)],
|
||||
]);
|
||||
@@ -263,14 +260,14 @@ class AuthController extends Controller
|
||||
/**
|
||||
* Mark the authenticated user's email address as verified.
|
||||
*/
|
||||
public function verifyEmail(Request $request, $ulid, $hash): JsonResponse
|
||||
public function verifyEmail(Request $request, string $ulid, string $hash): JsonResponse
|
||||
{
|
||||
$user = User::whereUlid($ulid)->first();
|
||||
$user = User::where('ulid', $ulid)->first();
|
||||
|
||||
abort_unless(!!$user, 404);
|
||||
abort_unless(hash_equals(sha1($user->getEmailForVerification()), $hash), 403, __('Invalid verification link'));
|
||||
abort_if(!$user, 404);
|
||||
abort_if(!hash_equals(sha1($user->getEmailForVerification()), $hash), 403, __('Invalid verification link'));
|
||||
|
||||
if (! $user->hasVerifiedEmail()) {
|
||||
if (!$user->hasVerifiedEmail()) {
|
||||
$user->markEmailAsVerified();
|
||||
|
||||
event(new Verified($user));
|
||||
@@ -290,8 +287,9 @@ class AuthController extends Controller
|
||||
'email' => ['required', 'email'],
|
||||
]);
|
||||
|
||||
$user = User::where('email', $request->email)->whereNull('email_verified_at')->first();
|
||||
abort_unless(!!$user, 400);
|
||||
$user = $request->user()?: User::where('email', $request->email)->whereNull('email_verified_at')->first();
|
||||
|
||||
abort_if(!$user, 400);
|
||||
|
||||
$user->sendEmailVerificationNotification();
|
||||
|
||||
|
||||
@@ -1,85 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Requests\Auth;
|
||||
|
||||
use Illuminate\Auth\Events\Lockout;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\RateLimiter;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
class LoginRequest extends FormRequest
|
||||
{
|
||||
/**
|
||||
* Determine if the user is authorized to make this request.
|
||||
*/
|
||||
public function authorize(): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the validation rules that apply to the request.
|
||||
*
|
||||
* @return array<string, \Illuminate\Contracts\Validation\Rule|array|string>
|
||||
*/
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'email' => ['required', 'string', 'email'],
|
||||
'password' => ['required', 'string'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempt to authenticate the request's credentials.
|
||||
*
|
||||
* @throws \Illuminate\Validation\ValidationException
|
||||
*/
|
||||
public function authenticate($user): void
|
||||
{
|
||||
$this->ensureIsNotRateLimited();
|
||||
|
||||
if (! $user || ! Hash::check($this->password, $user->password)) {
|
||||
RateLimiter::hit($this->throttleKey());
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'email' => __('auth.failed'),
|
||||
]);
|
||||
}
|
||||
|
||||
RateLimiter::clear($this->throttleKey());
|
||||
}
|
||||
|
||||
/**
|
||||
* Ensure the login request is not rate limited.
|
||||
*
|
||||
* @throws \Illuminate\Validation\ValidationException
|
||||
*/
|
||||
public function ensureIsNotRateLimited(): void
|
||||
{
|
||||
if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) {
|
||||
return;
|
||||
}
|
||||
|
||||
event(new Lockout($this));
|
||||
|
||||
$seconds = RateLimiter::availableIn($this->throttleKey());
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'email' => trans('auth.throttle', [
|
||||
'seconds' => $seconds,
|
||||
'minutes' => ceil($seconds / 60),
|
||||
]),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the rate limiting throttle key for the request.
|
||||
*/
|
||||
public function throttleKey(): string
|
||||
{
|
||||
return Str::transliterate(Str::lower($this->input('email')).'|'.$this->ip());
|
||||
}
|
||||
}
|
||||
22
app/Models/PersonalAccessToken.php
Normal file
22
app/Models/PersonalAccessToken.php
Normal file
@@ -0,0 +1,22 @@
|
||||
<?php
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use Laravel\Sanctum\PersonalAccessToken as SanctumPersonalAccessToken;
|
||||
use Illuminate\Database\Eloquent\Casts\Attribute;
|
||||
|
||||
class PersonalAccessToken extends SanctumPersonalAccessToken
|
||||
{
|
||||
/**
|
||||
* Update the last_used_at field no more than 1 time per minute.
|
||||
* This change increases the performance of HTTP requests requiring sanctum authentication.
|
||||
*/
|
||||
protected function lastUsedAt(): Attribute
|
||||
{
|
||||
return Attribute::make(
|
||||
set: fn (string $value) => $this->getOriginal('last_used_at') < now()->parse($value)->subMinute()
|
||||
? $value
|
||||
: $this->getOriginal('last_used_at'),
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -59,6 +59,22 @@ class User extends Authenticatable implements MustVerifyEmail
|
||||
|
||||
public function mustVerifyEmail(): bool
|
||||
{
|
||||
return $this instanceof MustVerifyEmail && !$this->hasVerifiedEmail();
|
||||
return !$this->hasVerifiedEmail();
|
||||
}
|
||||
|
||||
public function createDeviceToken(string $device, string $ip, bool $remember = false): string
|
||||
{
|
||||
$sanctumToken = $this->createToken(
|
||||
$device,
|
||||
['*'],
|
||||
$remember ?
|
||||
now()->addMonth() :
|
||||
now()->addDay()
|
||||
);
|
||||
|
||||
$sanctumToken->accessToken->ip = $ip;
|
||||
$sanctumToken->accessToken->save();
|
||||
|
||||
return $sanctumToken->plainTextToken;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,14 +3,18 @@
|
||||
namespace App\Providers;
|
||||
|
||||
use App\Helpers\Image;
|
||||
use Illuminate\Http\UploadedFile;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Illuminate\Support\Str;
|
||||
use App\Models\PersonalAccessToken;
|
||||
use Illuminate\Auth\Events\Lockout;
|
||||
use Illuminate\Auth\Notifications\ResetPassword;
|
||||
use Illuminate\Auth\Notifications\VerifyEmail;
|
||||
use Illuminate\Support\Facades\RateLimiter;
|
||||
use Illuminate\Cache\RateLimiting\Limit;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\UploadedFile;
|
||||
use Illuminate\Support\Facades\RateLimiter;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Illuminate\Support\Str;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Laravel\Sanctum\Sanctum;
|
||||
|
||||
class AppServiceProvider extends ServiceProvider
|
||||
{
|
||||
@@ -20,7 +24,7 @@ class AppServiceProvider extends ServiceProvider
|
||||
public function register(): void
|
||||
{
|
||||
// Register Telescope only in local environment
|
||||
if ($this->app->environment('local') && class_exists(\Laravel\Telescope\TelescopeServiceProvider::class)) {
|
||||
if (class_exists(\Laravel\Telescope\TelescopeServiceProvider::class) && $this->app->environment('local')) {
|
||||
$this->app->register(\Laravel\Telescope\TelescopeServiceProvider::class);
|
||||
$this->app->register(TelescopeServiceProvider::class);
|
||||
}
|
||||
@@ -31,25 +35,43 @@ class AppServiceProvider extends ServiceProvider
|
||||
*/
|
||||
public function boot(): void
|
||||
{
|
||||
RateLimiter::for('api', function (Request $request) {
|
||||
RateLimiter::for('api', static function (Request $request) {
|
||||
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
|
||||
});
|
||||
|
||||
RateLimiter::for('verification-notification', function (Request $request) {
|
||||
RateLimiter::for('verification-notification', static function (Request $request) {
|
||||
return Limit::perMinute(1)->by($request->user()?->email ?: $request->ip());
|
||||
});
|
||||
|
||||
RateLimiter::for('uploads', function (Request $request) {
|
||||
RateLimiter::for('uploads', static function (Request $request) {
|
||||
return $request->user()?->hasRole('admin')
|
||||
? Limit::none()
|
||||
: Limit::perMinute(10)->by($request->ip());
|
||||
});
|
||||
|
||||
ResetPassword::createUrlUsing(function (object $notifiable, string $token) {
|
||||
return config('app.frontend_url') . "/password-reset/{$token}?email={$notifiable->getEmailForPasswordReset()}";
|
||||
RateLimiter::for('login', static function (Request $request) {
|
||||
return Limit::perMinute(5)
|
||||
->by(Str::transliterate(implode('|', [
|
||||
strtolower($request->input('email')),
|
||||
$request->ip()
|
||||
])))
|
||||
->response(static function (Request $request, array $headers): void {
|
||||
event(new Lockout($request));
|
||||
|
||||
throw ValidationException::withMessages([
|
||||
'email' => trans('auth.throttle', [
|
||||
'seconds' => $headers['Retry-After'],
|
||||
'minutes' => ceil($headers['Retry-After'] / 60),
|
||||
]),
|
||||
]);
|
||||
});
|
||||
});
|
||||
|
||||
VerifyEmail::createUrlUsing(function (object $notifiable) {
|
||||
ResetPassword::createUrlUsing(static function (object $notifiable, string $token) {
|
||||
return config('app.frontend_url') . '/auth/reset/' . $token . '?email=' . $notifiable->getEmailForPasswordReset();
|
||||
});
|
||||
|
||||
VerifyEmail::createUrlUsing(static function (object $notifiable) {
|
||||
$url = url()->temporarySignedRoute(
|
||||
'verification.verify',
|
||||
now()->addMinutes(config('auth.verification.expire', 60)),
|
||||
@@ -65,8 +87,8 @@ class AppServiceProvider extends ServiceProvider
|
||||
/**
|
||||
* Convert uploaded image to webp, jpeg or png format and resize it
|
||||
*/
|
||||
UploadedFile::macro('convert', function (int $width = null, int $height = null, string $extension = 'webp', int $quality = 90): UploadedFile {
|
||||
return tap($this, function (UploadedFile $file) use ($width, $height, $extension, $quality) {
|
||||
UploadedFile::macro('convert', function (?int $width = null, ?int $height = null, string $extension = 'webp', int $quality = 90) {
|
||||
return tap($this, static function (UploadedFile $file) use ($width, $height, $extension, $quality) {
|
||||
Image::convert($file->path(), $file->path(), $width, $height, $extension, $quality);
|
||||
});
|
||||
});
|
||||
@@ -74,10 +96,23 @@ class AppServiceProvider extends ServiceProvider
|
||||
/**
|
||||
* Remove all special characters from a string
|
||||
*/
|
||||
Str::macro('onlyWords', function (string $text): string {
|
||||
Str::macro('onlyWords', static function (string $text): string {
|
||||
// \p{L} matches any kind of letter from any language
|
||||
// \d matches a digit in any script
|
||||
return Str::replaceMatches('/[^\p{L}\d ]/u', '', $text);
|
||||
});
|
||||
|
||||
Request::macro('deviceName', function (): string {
|
||||
$device = $this->device();
|
||||
|
||||
return implode(' / ', array_filter([
|
||||
trim(implode(' ', [$device->getOs('name'), $device->getOs('version')])),
|
||||
trim(implode(' ', [$device->getClient('name'), $device->getClient('version')])),
|
||||
])) ?? 'Unknown';
|
||||
});
|
||||
|
||||
Sanctum::usePersonalAccessTokenModel(
|
||||
PersonalAccessToken::class
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user