343 lines
13 KiB
PHP
343 lines
13 KiB
PHP
<?php
|
|
|
|
use RainLab\User\Models\User as UserModel;
|
|
use RainLab\User\Models\Settings as UserSettings;
|
|
use Vdomah\JWTAuth\Models\Settings;
|
|
use Illuminate\Http\Request;
|
|
|
|
Route::group(['prefix' => 'api'], function() {
|
|
|
|
Route::post('auth-for-make-requests', function (Request $request) {
|
|
if (Settings::get('is_login_disabled'))
|
|
App::abort(404, 'Page not found');
|
|
|
|
$login_fields = Settings::get('login_fields', ['email', 'password']);
|
|
|
|
$credentials = Input::only($login_fields);
|
|
// $username = $credentials['username'];
|
|
|
|
try {
|
|
// verify the credentials and create a token for the user
|
|
if (! $token = JWTAuth::attempt($credentials)) {
|
|
return response()->json(['error' => [
|
|
'ru' => trans('validation.no_user', [], 'ru'),
|
|
'en' => trans('validation.no_user', [], 'en'),
|
|
'tm' => trans('validation.no_user', [], 'tm'),
|
|
]], 401);
|
|
}
|
|
} catch (JWTException $e) {
|
|
// something went wrong
|
|
return response()->json(['error' => 'could_not_create_token'], 500);
|
|
}
|
|
|
|
$userModel = JWTAuth::authenticate($token);
|
|
|
|
// if user is not activated, he will not get token
|
|
if(!$userModel->is_activated) {
|
|
return response()->json(['error' => 'Not activated'], 403);
|
|
}
|
|
|
|
if ($userModel->methodExists('getAuthApiSigninAttributes')) {
|
|
$user = $userModel->getAuthApiSigninAttributes();
|
|
} else {
|
|
$user = [
|
|
'id' => $userModel->id,
|
|
'name' => $userModel->name,
|
|
'surname' => $userModel->surname,
|
|
'username' => $userModel->username,
|
|
'email' => $userModel->email,
|
|
'is_activated' => $userModel->is_activated,
|
|
'user_balance' => $userModel->user_balance,
|
|
'email_verified' => $userModel->email_verified,
|
|
'phone_verified' => $userModel->phone_verified
|
|
];
|
|
}
|
|
// if no errors are encountered we can return a JWT
|
|
return response()->json(compact('token', 'user'));
|
|
});
|
|
|
|
Route::post('login', function (Request $request) {
|
|
if (Settings::get('is_login_disabled'))
|
|
App::abort(404, 'Page not found');
|
|
|
|
$login_fields = Settings::get('login_fields', ['email', 'password']);
|
|
|
|
$credentials = Input::only($login_fields);
|
|
$username = $credentials['username'];
|
|
|
|
try {
|
|
// verify the credentials and create a token for the user
|
|
if (! $token = JWTAuth::attempt(array_merge($credentials, ['username' => $credentials['dial_code'] . $username]))) {
|
|
return response()->json(['error' => [
|
|
'ru' => trans('validation.no_user', [], 'ru'),
|
|
'en' => trans('validation.no_user', [], 'en'),
|
|
'tm' => trans('validation.no_user', [], 'tm'),
|
|
]], 401);
|
|
}
|
|
} catch (JWTException $e) {
|
|
// something went wrong
|
|
return response()->json(['error' => 'could_not_create_token'], 500);
|
|
}
|
|
|
|
$userModel = JWTAuth::authenticate($token);
|
|
|
|
// if user is not activated, he will not get token
|
|
if(!$userModel->is_activated) {
|
|
return response()->json(['error' => 'Not activated'], 403);
|
|
}
|
|
|
|
if ($userModel->methodExists('getAuthApiSigninAttributes')) {
|
|
$user = $userModel->getAuthApiSigninAttributes();
|
|
} else {
|
|
$user = [
|
|
'id' => $userModel->id,
|
|
'name' => $userModel->name,
|
|
'surname' => $userModel->surname,
|
|
'username' => $userModel->username,
|
|
'email' => $userModel->email,
|
|
'is_activated' => $userModel->is_activated,
|
|
'user_balance' => $userModel->user_balance,
|
|
'email_verified' => $userModel->email_verified,
|
|
'phone_verified' => $userModel->phone_verified
|
|
];
|
|
}
|
|
// if no errors are encountered we can return a JWT
|
|
return response()->json(compact('token', 'user'));
|
|
});
|
|
|
|
Route::post('refresh', function (Request $request) {
|
|
if (Settings::get('is_refresh_disabled'))
|
|
App::abort(404, 'Page not found');
|
|
|
|
$validation = \Validator::make($request->all(), [
|
|
'token' => 'required'
|
|
]);
|
|
if ($validation->fails()) {
|
|
return response()->json(['error' => $validation->errors()], 400);
|
|
}
|
|
|
|
$token = $request->get('token');
|
|
|
|
try {
|
|
// attempt to refresh the JWT
|
|
if (!$token = JWTAuth::refresh($token)) {
|
|
return response()->json(['error' => 'could_not_refresh_token'], 401);
|
|
}
|
|
} catch (Exception $e) {
|
|
// something went wrong
|
|
return response()->json(['error' => 'could_not_refresh_token'], 500);
|
|
}
|
|
|
|
// if no errors are encountered we can return a new JWT
|
|
return response()->json(compact('token'));
|
|
});
|
|
|
|
Route::post('invalidate', function (Request $request) {
|
|
if (Settings::get('is_invalidate_disabled'))
|
|
App::abort(404, 'Page not found');
|
|
|
|
$token = Request::get('token');
|
|
|
|
try {
|
|
// invalidate the token
|
|
JWTAuth::invalidate($token);
|
|
} catch (Exception $e) {
|
|
// something went wrong
|
|
return response()->json(['error' => 'could_not_invalidate_token'], 500);
|
|
}
|
|
|
|
// if no errors we can return a message to indicate that the token was invalidated
|
|
return response()->json('token_invalidated');
|
|
});
|
|
|
|
Route::post('signup', function (Request $request) {
|
|
if (Settings::get('is_signup_disabled'))
|
|
App::abort(404, 'Page not found');
|
|
|
|
$login_fields = Settings::get('signup_fields', ['email', 'password', 'password_confirmation']);
|
|
$credentials = Input::only($login_fields);
|
|
|
|
$rules = [
|
|
'email' => 'required|between:6,191|email|unique:users',
|
|
'username' => 'required|numeric|unique:users',
|
|
'dial_code' => 'required',
|
|
];
|
|
|
|
$messages = [
|
|
'email.unique' => [
|
|
'ru' => trans('validation.api.email_already_exists', [], 'ru'),
|
|
'en' => trans('validation.api.email_already_exists', [], 'en'),
|
|
'tm' => trans('validation.api.email_already_exists', [], 'tm'),
|
|
],
|
|
'username.unique' => [
|
|
'ru' => trans('validation.api.phone_already_exists', [], 'ru'),
|
|
'en' => trans('validation.api.phone_already_exists', [], 'en'),
|
|
'tm' => trans('validation.api.phone_already_exists', [], 'tm'),
|
|
],
|
|
];
|
|
|
|
// username should be concatenated with username in order to check - validate
|
|
// if a user (with dial_code + username) already exists
|
|
$credentialsToValidate = array_merge($credentials,[
|
|
'username' => $credentials['dial_code'] . $credentials['username']
|
|
]);
|
|
|
|
$validation = \Validator::make($credentialsToValidate, $rules, $messages);
|
|
if ($validation->fails()) {
|
|
|
|
$errorResponse = $validation->errors();
|
|
|
|
$errorResponse = reset($errorResponse);
|
|
|
|
return Response::json(['error' => reset($errorResponse)[0]], 400);
|
|
}
|
|
|
|
/**
|
|
* activation is set to be automatic
|
|
*/
|
|
$automaticActivation = UserSettings::get('activate_mode') == UserSettings::ACTIVATE_AUTO;
|
|
|
|
try {
|
|
// password_confirmation is required
|
|
// but not used when signing up like on web-site
|
|
if (!array_key_exists('password_confirmation', $credentials) && array_key_exists('password', $credentials)) {
|
|
$credentials['password_confirmation'] = $credentials['password'];
|
|
}
|
|
$userModel = Auth::register($credentials, $automaticActivation);
|
|
|
|
if ($userModel->methodExists('getAuthApiSignupAttributes')) {
|
|
$user = $userModel->getAuthApiSignupAttributes();
|
|
} else {
|
|
$user = [
|
|
'id' => $userModel->id,
|
|
'name' => $userModel->name,
|
|
'surname' => $userModel->surname,
|
|
'username' => $userModel->username,
|
|
'dial_code' => $userModel->dial_code,
|
|
'email' => $userModel->email,
|
|
'is_activated' => $userModel->is_activated,
|
|
'user_balance' => $userModel->user_balance,
|
|
'email_verified' => $userModel->email_verified,
|
|
'phone_verified' => $userModel->phone_verified
|
|
];
|
|
}
|
|
} catch (Exception $e) {
|
|
|
|
\Log::info($e->getMessage());
|
|
|
|
return Response::json(['error' => [
|
|
'ru' => trans('validation.api.sign_up_excp', [], 'ru'),
|
|
'en' => trans('validation.api.sign_up_excp', [], 'en'),
|
|
'tm' => trans('validation.api.sign_up_excp', [], 'tm'),
|
|
]], 401);
|
|
}
|
|
|
|
$token = JWTAuth::fromUser($userModel);
|
|
|
|
return Response::json(compact('token', 'user'));
|
|
});
|
|
|
|
Route::get('me', function() {
|
|
|
|
$me = \JWTAuth::parseToken()->authenticate()
|
|
->only(['name','surname','email','username','is_activated','phone','company','street_addr','city','mobile','user_balance','email_verified','phone_verified']);
|
|
|
|
return Response::json(compact('me'));
|
|
|
|
})->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken');
|
|
|
|
Route::post('me', function(Request $request) {
|
|
|
|
$me = \JWTAuth::parseToken()->authenticate();
|
|
if(!$me) {
|
|
return Response::json(['error' => 'Not found'], 404);
|
|
}
|
|
|
|
$data = Input::except(['username']);
|
|
|
|
$rules = [
|
|
'email' => 'required|between:6,191|email',
|
|
'name' => 'required',
|
|
'surname' => 'required',
|
|
// 'username' => 'required|digits_between:8,20|numeric',
|
|
'company' => 'max:191',
|
|
];
|
|
|
|
$validation = \Validator::make($data, $rules,(new UserModel)->messages);
|
|
if ($validation->fails()) {
|
|
return Response::json(['error' => $validation->errors()], 400);
|
|
}
|
|
|
|
/**
|
|
* If password in input data, add rules for password
|
|
*/
|
|
if (array_key_exists('password', $data) && strlen($data['password'])) {
|
|
$rules = [
|
|
'password' => 'required:create|between:8,255|confirmed',
|
|
'password_confirmation' => 'required_with:password|between:8,255'
|
|
];
|
|
|
|
$validation = \Validator::make($data, $rules,(new UserModel)->messages);
|
|
if ($validation->fails()) {
|
|
return Response::json(['error' => $validation->errors()], 400);
|
|
}
|
|
}
|
|
|
|
if($me->email != $data['email']) {
|
|
$me->email_verified = false;
|
|
$me->save();
|
|
}
|
|
|
|
$me->fill($data);
|
|
$me->save();
|
|
|
|
/*
|
|
* Password has changed, reauthenticate the user - send new token
|
|
*/
|
|
if (array_key_exists('password', $data) && strlen($data['password'])) {
|
|
|
|
$credentials['username'] = $me->username;
|
|
$credentials['password'] = $data['password'];
|
|
|
|
try {
|
|
// verify the credentials and create a token for the user
|
|
if (! $token = JWTAuth::attempt($credentials)) {
|
|
return response()->json(['error' => 'invalid_credentials'], 401);
|
|
}
|
|
} catch (JWTException $e) {
|
|
// something went wrong
|
|
return response()->json(['error' => 'could_not_create_token'], 500);
|
|
}
|
|
|
|
$userModel = JWTAuth::authenticate($token);
|
|
|
|
// if user is not activated, he will not get token
|
|
if(!$userModel->is_activated) {
|
|
return response()->json(['error' => 'Not activated'], 403);
|
|
}
|
|
|
|
if ($userModel->methodExists('getAuthApiSigninAttributes')) {
|
|
$user = $userModel->getAuthApiSigninAttributes();
|
|
} else {
|
|
$user = [
|
|
'id' => $userModel->id,
|
|
'name' => $userModel->name,
|
|
'surname' => $userModel->surname,
|
|
'username' => $userModel->username,
|
|
'email' => $userModel->email,
|
|
'is_activated' => $userModel->is_activated,
|
|
'user_balance' => $userModel->user_balance,
|
|
'email_verified' => $userModel->email_verified,
|
|
'phone_verified' => $userModel->phone_verified
|
|
];
|
|
}
|
|
// if no errors are encountered we can return a JWT
|
|
return response()->json(compact('token', 'user'));
|
|
|
|
}
|
|
|
|
return Response::json(compact('me'));
|
|
|
|
})->middleware('\Tymon\JWTAuth\Middleware\GetUserFromToken');
|
|
});
|