You've already forked Atomcms-edit
root
75b78c17fa
- Fix timing attack vulnerability in AuthController - Split web.php (316 lines) into 7 focused route files - Add 8 API Resources for consistent response formatting - Add 8 FormRequest classes for centralized validation - Use Resources instead of manual array mapping in controllers
136 lines
4.0 KiB
PHP
Executable File
136 lines
4.0 KiB
PHP
Executable File
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Controllers\Api;
|
|
|
|
use App\Actions\Fortify\CreateNewUser;
|
|
use App\Http\Controllers\Controller;
|
|
use App\Http\Requests\Api\ArticleCommentRequest;
|
|
use App\Http\Requests\Api\LoginRequest;
|
|
use App\Http\Requests\Api\RegisterRequest;
|
|
use App\Http\Requests\Api\UpdatePasswordRequest;
|
|
use App\Http\Requests\Api\UpdateUserRequest;
|
|
use App\Http\Resources\Api\ArticleResource;
|
|
use App\Http\Resources\Api\PhotoResource;
|
|
use App\Http\Resources\Api\UserApiResource;
|
|
use App\Models\Articles\WebsiteArticle;
|
|
use App\Models\Miscellaneous\CameraWeb;
|
|
use App\Models\User;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class AuthController extends Controller
|
|
{
|
|
public function login(LoginRequest $request): JsonResponse
|
|
{
|
|
$username = $request->input('username');
|
|
$user = User::where('username', $username)
|
|
->orWhere('mail', $username)
|
|
->first();
|
|
|
|
$credentialsValid = $user && Hash::check($request->input('password'), $user->password);
|
|
|
|
if (! $credentialsValid) {
|
|
Hash::check($request->input('password'), Hash::make('timing-attack-prevention'));
|
|
|
|
throw ValidationException::withMessages([
|
|
'username' => ['The provided credentials are incorrect.'],
|
|
]);
|
|
}
|
|
|
|
if ($user->is_banned) {
|
|
throw ValidationException::withMessages([
|
|
'username' => ['Your account has been banned.'],
|
|
]);
|
|
}
|
|
|
|
$user->update(['last_login' => time()]);
|
|
|
|
$token = $user->createToken('auth-token')->plainTextToken;
|
|
|
|
return response()->json([
|
|
'user' => new UserApiResource($user),
|
|
'token' => $token,
|
|
]);
|
|
}
|
|
|
|
public function register(RegisterRequest $request): JsonResponse
|
|
{
|
|
$createNewUser = new CreateNewUser;
|
|
|
|
$user = $createNewUser->create($request->validated());
|
|
|
|
$token = $user->createToken('auth-token')->plainTextToken;
|
|
|
|
return response()->json([
|
|
'user' => new UserApiResource($user),
|
|
'token' => $token,
|
|
], 201);
|
|
}
|
|
|
|
public function user(\Illuminate\Http\Request $request): JsonResponse
|
|
{
|
|
return response()->json(new UserApiResource($request->user()));
|
|
}
|
|
|
|
public function logout(\Illuminate\Http\Request $request): JsonResponse
|
|
{
|
|
$request->user()->currentAccessToken()->delete();
|
|
|
|
return response()->json(['message' => 'Logged out successfully']);
|
|
}
|
|
|
|
public function home(): JsonResponse
|
|
{
|
|
$articles = WebsiteArticle::with(['user:id,username,look'])
|
|
->latest('id')
|
|
->take(4)
|
|
->get();
|
|
|
|
$photos = CameraWeb::query()
|
|
->latest('id')
|
|
->take(4)
|
|
->where('visible', true)
|
|
->with('user:id,username,look')
|
|
->get();
|
|
|
|
return response()->json([
|
|
'articles' => ArticleResource::collection($articles),
|
|
'photos' => PhotoResource::collection($photos),
|
|
]);
|
|
}
|
|
|
|
public function updateUser(UpdateUserRequest $request): JsonResponse
|
|
{
|
|
$user = $request->user();
|
|
$user->update($request->validated());
|
|
|
|
return response()->json(new UserApiResource($user));
|
|
}
|
|
|
|
public function updatePassword(UpdatePasswordRequest $request): JsonResponse
|
|
{
|
|
$request->user()->update([
|
|
'password' => Hash::make($request->input('password')),
|
|
]);
|
|
|
|
return response()->json(['message' => 'Password updated successfully']);
|
|
}
|
|
|
|
public function articleComment(ArticleCommentRequest $request, string $slug): JsonResponse
|
|
{
|
|
$article = WebsiteArticle::where('slug', $slug)->firstOrFail();
|
|
|
|
$comment = $article->comments()->create([
|
|
'user_id' => $request->user()->id,
|
|
'comment' => strip_tags((string) $request->input('comment')),
|
|
]);
|
|
|
|
return response()->json([
|
|
'data' => $comment->load('user:id,username,look'),
|
|
], 201);
|
|
}
|
|
}
|