birzha-legalizasia/app/Http/Controllers/AuthController.php

<?php

namespace App\Http\Controllers;

use App\Http\Requests\API\LoginRequest;
use App\Http\Requests\API\RegisterRequest;
use App\Http\Requests\API\UpdateClientRequest;
use App\Http\Resources\ClientResource;
use App\Mail\EmailVerification;
use App\Mail\ResetPassword;
use App\Models\Account;
use App\Models\Client;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Lang;

/**
 * @OA\Info(
 *     title="Legalization API",
 *     version="1.0.0"
 * )
 *  @OA\SecurityScheme(
 *     securityScheme="bearerAuth",
 *     in="header",
 *     name="bearerAuth",
 *     type="http",
 *     scheme="bearer",
 *     bearerFormat="JWT",
 *   ),
 */


//controller where all auth process for clie-nt happens
class AuthController extends Controller
{

    /**
        * @OA\POST(
        *   path="/api/login",
        *   summary=" - Login user",
        *   tags = {"Authorization"},
        *
        *   @OA\RequestBody(
        *         @OA\MediaType(
        *             mediaType="application/json",
        *             @OA\Schema(
        *                 @OA\Property(
        *                     property="email",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="password",
        *                     type="string",
        *                 ),
        *                 example={"email": "ilmedovamahri@gmail.com", "password": 12345678}
        *             )
        *         )
        *    ),
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *    @OA\Response(
        *         response="200",
        *         description="OK",
        *         @OA\JsonContent(type="object")
        *    ),
        *    @OA\Response(
        *         response="401",
        *         description="Unauthorized",
        *         @OA\JsonContent(type="object")
        *    )
        * )
    */
    public function login(LoginRequest $request){

        $client = Client::where('email', $request->input('email'))->first();

        if($client){

            if($client->is_suspended){
                return response()->json([
                    'message' => 'Account with this email is suspended'
                ], 403);
            }

            if (!Hash::check(request()->password, $client->password)){
                return response()->json([
                    'message' => 'Unauthorized'
                ], 401);
            }
            elseif ($client->is_suspended){
                return response()->json([
                    'message' => 'Account suspended'
                ], 401);
            }

            $credentials = $request->only('email', 'password');

            Auth::attempt($credentials);

            $client->tokens()->delete();

            $client->token = $client->createToken('auth_token')->plainTextToken;

            return ClientResource::make($client);
        }
        return response()->json(['message' => Lang::get('auth.email_not_found')], 404);
    }

    /**
        * @OA\POST(
        *   path="/api/register",
        *   summary=" - Register user",
        *   tags = {"Authorization"},
        *   @OA\RequestBody(
        *         @OA\MediaType(
        *             mediaType="application/json",
        *             @OA\Schema(
        *                 @OA\Property(
        *                     property="firstname",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="lastname",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="email",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="password",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="account_type",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="country",
        *                     type="integer",
        *                 ),
        *                 example={"firstname":"Mahri", "lastname":"Ilmedova" ,"email": "ilmedovamahri@gmail.com", "password": 12345678,  "country": 1,"account_type":"business"}
        *             )
        *         )
        *     ),
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *     @OA\Response(
        *         response="201",
        *         description="OK",
        *         @OA\JsonContent(
        *               type="object",
        *               @OA\Property(property="token", type="string"),
        *               @OA\Property(property="client", type="object",
        *                   @OA\Property(property="id", type="integer"),
        *                   @OA\Property(property="firstname", type="string"),
        *                   @OA\Property(property="lastname", type="string"),
        *                   @OA\Property(property="email", type="string"),
        *                   @OA\Property(property="is_verified", type="boolean"),
        *                  )
        *           )
        *     ),
        *     @OA\Response(
        *         response="422",
        *         description="Validation Error",
        *         @OA\JsonContent(type="object",
        *               @OA\Property(property="message", type="string"),
        *               @OA\Property(property="errors", type="object"),
        *     )
        *     )
        * )
    */
    public function register(RegisterRequest $request)
    {
        $client = new Client($request->only(['email','firstname','lastname']));
        $client->password = Hash::make($request->input('password'));

        $email_verification = (bool) config('settings.email_verification');
        $client->is_verified = ! $email_verification;

        if($email_verification)
        {
            $client->verification_token = rand(10000, 99999);

            try{
                Mail::to($request->email)
                    ->queue(new EmailVerification($request->firstname,  $client->verification_token));
            }catch (\Exception $ex){
                //eger email ugradyp bolmasa verification edip bolmaz
                $client->is_verified = true;
            }

        }

        $account = Account::create([
            'country_id' => $request->country,
            'legalization_number' => $request->legalization_number,
            'type' => $request->account_type
        ]);

        $client->account()->associate($account)->save();

        if($client->is_verified){
            Auth::login($client);
            $client->token = $client->createToken('auth_token')->plainTextToken;
        }

        return ClientResource::make($client);
    }

    /**
        * @OA\POST(
        *   path="/api/verify-email",
        *   summary=" - Verify email of client",
        *   tags = {"Authorization"},
        *   @OA\RequestBody(
        *         @OA\MediaType(
        *             mediaType="application/json",
        *             @OA\Schema(
        *                 @OA\Property(
        *                     property="email",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="token",
        *                     type="string",
        *                 ),
        *                 example={"email": "ilmedovamahri@gmail.com", "token": "4515"}
        *             )
        *         )
        *     ),
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *     @OA\Response(
        *         response="200",
        *         description="OK"
        *     ),
        *     @OA\Response(
        *         response="400",
        *         description="Missing fields (email or token)"
        *     ),
        *     @OA\Response(
        *         response="404",
        *         description="Client not found"
        *     ),
        *     @OA\Response(
        *         response="401",
        *         description="Unauthorised. Tokens do not match"
        *     )
        * )
    */
    public function verifyEmail(Request $request){
        $request->validate([
            'email' => 'required|email',
            'token' => 'required'
        ]);

        $client = Client::where('email', $request->email)->first();

        if($client){
            if($client->verification_token === $request->token){
                $client->is_verified = 1;
                $client->save();

                Auth::login($client);

                $client->token = $client->createToken('auth_token')->plainTextToken;

                return ClientResource::make($client);
            }
            else{
                return response()->json(['message' => 'tokens don\'t match'], 401);
            }
        }
        else{
            return response()->json([
                'message' => 'no such client'
            ], 404);
        }
    }

    /**
        * @OA\GET(
        *   path="/api/client",
        *   summary=" - Get user",
        *   tags = {"Authorization"},
        *   security={
        *      {"bearerAuth": {}}
        *   },
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *   @OA\Response(
        *      response="200",
        *      description="OK"
        *   ),
        *   @OA\Response(
        *      response="401",
        *      description="Unauthorized"
        *   )
        * )
    */
    public function client(Request $request) {
        if($client = $request->user()){
            return ClientResource::make($client);
        }
        return response()->json([
            'message' => 'token_expired'
        ], 401);
    }

    /**
        * @OA\POST(
        *   path="/api/logout",
        *   summary=" - Logout user",
        *   tags = {"Authorization"},
        *   security={
        *      {"bearerAuth": {}}
        *   },
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *   @OA\Response(
        *         response="200",
        *         description="OK"
        *   ),
        *   @OA\Response(
        *         response="401",
        *         description="Unauthorized"
        *   )
        * )
    */
    public function logout(Request $request) {
        $request->user()->currentAccessToken()->delete();
        return response()->json([
            'message' => 'ok'
        ], 200);
	}

    /**
        * @OA\POST(
        *   path="/api/forgot-password",
        *   summary=" - Send a user password reset link",
        *   tags = {"Authorization"},
        *   @OA\RequestBody(
        *         @OA\MediaType(
        *             mediaType="application/json",
        *             @OA\Schema(
        *                 @OA\Property(
        *                     property="email",
        *                     type="string",
        *                 ),
        *                 example={"email": "ilmedovamahri@gmail.com"}
        *             )
        *         )
        *     ),
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *   @OA\Response(
        *         response="200",
        *         description="OK"
        *   )
        * )
    */
    public function sendPasswordResetLinkEmail(Request $request) {
        try{
            $request->validate(['email' => 'required|email']);

            $user = Client::where('email', $request->email)->first();
            if (!$user) {
                return response()->json([
                    'message' => 'user with provided email not found'
                ], 404);
            }

            $token = rand(1000, 9999);
            $user['verification_token'] = $token;
            $user->save();

            Mail::to($request->email)->queue(new ResetPassword($user->firstname, $token));

            return response()->json([
                'message' => 'sent reset code'
            ], 200);
        }
        catch(\Exception $e){
            return response()->json([
                'message' => $e->getMessage()
            ], 200);
        }
	}

    /**
        * @OA\POST(
        *   path="/api/reset-password",
        *   summary=" - Reset client password and enter new",
        *   tags = {"Authorization"},
        *   @OA\RequestBody(
        *         @OA\MediaType(
        *             mediaType="application/json",
        *             @OA\Schema(
        *                 @OA\Property(
        *                     property="email",
        *                     type="string",
        *                 ),
        *             @OA\Property(
        *                     property="token",
        *                     type="string",
        *                 ),
        *             @OA\Property(
        *                     property="password",
        *                     type="string",
        *                 ),
        *             @OA\Property(
        *                     property="confirm_password",
        *                     type="string",
        *                 ),
        *                 example={"email": "ilmedovamahri@gmail.com", "token":"2546", "password":"Hello001!", "confirm_password":"Hello001!"}
        *             )
        *         )
        *     ),
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *   @OA\Response(
        *         response="200",
        *         description="OK"
        *   )
        * )
    */
    public function updatePassword(Request $request) {
        try{
            $this->validate($request, [
                'token' => 'required',
                'email' => 'required|email',
                'password' => 'required',
                'confirm_password' => 'required|same:password'
            ]);

            $user = Client::where('email', $request->email)->first();
            if($user && $request->token == $user->token){
                $user['password'] = Hash::make($request->password);
                $user->save();
                return response()->json([
                    'message' => 'OK'
                ], 200);
            }

            return response()->json([
                'message' => 'not_found'
            ], 404);
        }
        catch(\Exception $e){
            return response()->json([
                'message' => $e->getMessage()
            ], 500);
        }
    }

    /**
        * @OA\POST(
        *   path="/api/update-client",
        *   summary=" - Update client account",
        *   tags = {"Authorization"},
        *   description = "Every field is required, except password. Password field is optional",
        *   security={
        *      {"bearerAuth": {}}
        *   },
        *   @OA\RequestBody(
        *         @OA\MediaType(
        *             mediaType="application/json",
        *             @OA\Schema(
        *                 @OA\Property(
        *                     property="firstname",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="lastname",
        *                     type="string",
        *                 ),
        *                 @OA\Property(
        *                     property="password",
        *                     type="string",
        *                 ),
        *                 example={"firstname":"Mahri","lastname":"Ilmedova","password":"Hello001!"}
        *             )
        *         )
        *     ),
        *   @OA\Parameter(
        *         description="Localization",
        *         in="header",
        *         name="X-Localization",
        *         required=false,
        *         @OA\Schema(type="string"),
        *         @OA\Examples(example="ru", value="ru", summary="Russian localization"),
        *         @OA\Examples(example="en", value="en", summary="English localization"),
        *         @OA\Examples(example="tm", value="tm", summary="Turkmen localization"),
        *    ),
        *   @OA\Response(
        *         response="200",
        *         description="OK"
        *   )
        * )
    */
    public function updateClient(UpdateClientRequest $request){

        $client = $request->user();

        $data = $request->only('firstname', 'lastname', 'password');

        if (!isset($data['password']) || !$data['password']) {
            unset($data['password']);
        }
        else {
            $data['password'] = bcrypt($data['password']);
        }

        if($client->fill($data)->save()){
            return ClientResource::make($client);
        }

        return response()->json([
            'message' => 'Your account has not been updated.',
        ],500);
    }
}