Files
citrus-cms/app/Http/Controllers/Api/AuthController.php
T
2026-04-28 21:14:25 +03:00

87 lines
2.2 KiB
PHP

<?php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
/**
* @group Authentication
*
* API endpoints for user authentication and token management.
*/
class AuthController extends Controller
{
/**
* Login (Get Token)
*
* Authenticates a user via email and password, returning a Bearer Token.
* @unauthenticated
*
* @bodyParam email string required User's email address. Example: admin@example.com
* @bodyParam password string required User's password. Example: password
*/
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
return response()->json([
'status' => 'error',
'message' => 'Invalid credentials'
], 401);
}
// Create Token (Device name is optional)
$token = $user->createToken($request->device_name ?? 'api-client')->plainTextToken;
return response()->json([
'status' => 'success',
'message' => 'Login successful',
'data' => [
'user' => $user,
'access_token' => $token,
'token_type' => 'Bearer',
]
]);
}
/**
* Get User Profile
*
* Returns the authenticated user's information.
*/
public function me(Request $request)
{
return response()->json([
'status' => 'success',
'data' => [
'user' => $request->user()
]
]);
}
/**
* Logout
*
* Revokes the user's current access token.
*/
public function logout(Request $request)
{
$request->user()->currentAccessToken()->delete();
return response()->json([
'status' => 'success',
'message' => 'Token revoked'
]);
}
}