update

Level237 · Level237 · commit 5f688f13e761 · 2025-11-09T22:52:29.000+01:00
diff --git a/app/Http/Controllers/Auth/CheckTokenValidityController.php b/app/Http/Controllers/Auth/CheckTokenValidityController.php
@@ -9,6 +9,51 @@ class CheckTokenValidityController extends Controller
 {
     public function checkIsAuthenticated(Request $request)
 {
-   return response()->json(['isAuthenticated' => true]);
+            $origin = $request->headers->get('origin');
+
+        // 2️⃣ Déterminer quel cookie utiliser selon le sous-domaine
+        if (str_contains($origin, 'seller.akevas.com')) {
+            $cookieNameAccess = 'accessTokenSeller';
+        } elseif (str_contains($origin, 'delivery.akevas.com')) {
+            $cookieNameAccess = 'accessTokenDelivery';
+        } elseif (str_contains($origin, 'localhost')) {
+            // En local, on suppose qu’on teste le vendeur
+            $cookieNameAccess = 'accessTokenSeller';
+        } else {
+            $cookieNameAccess = 'accessToken';
+        }
+
+        // 3️⃣ Vérifier si le cookie du bon type est présent
+        $tokenFound = $request->cookie($cookieNameAccess);
+
+        if (!$tokenFound) {
+            return response()->json([
+                'isAuthenticated' => false,
+                'reason' => "no_cookie_for_{$cookieNameAccess}",
+                'host' => $origin
+            ]);
+        }
+
+        // 4️⃣ Injecter le token dans le header Authorization
+        $request->headers->set('Authorization', 'Bearer ' . $tokenFound);
+
+        // 5️⃣ Authentifier via le guard 'api'
+        $user = Auth::guard('api')->user();
+
+        if ($user) {
+            return response()->json([
+                'isAuthenticated' => true,
+                'role' => $user->role ?? 'unknown',
+                'domain' => $origin,
+            ]);
+        }
+
+        // 6️⃣ Token invalide ou expiré
+        return response()->json([
+            'isAuthenticated' => false,
+            'reason' => 'invalid_or_expired_token',
+            'host' => $origin
+        ]);
+
 }
 }
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -6,8 +6,9 @@
 use Carbon\Carbon;
 use Illuminate\Http\Request;
 use App\Services\Auth\LoginService;
-use App\Http\Controllers\Controller;
+use Illuminate\Support\Facades\Log;
 
+use App\Http\Controllers\Controller;
 use App\Repositories\GetClientRepository;
 use App\Services\Auth\GenerateTokenUserService;
 
@@ -32,32 +33,50 @@ public function login(Request $request){
             if($request->role_id != $loginUser['role_id']){
                 return response()->json(['message'=>"vous n'avez pas les droits d'acces à cette application"], 403);
             }
-            if($request->role_id==1 || $request->role_id==3){
-                $accessTokenName="accessToken";
-                $refreshTokenName="refreshToken";
-            }else if ($request->role_id==2){
-                $accessTokenName="accessTokenSeller";
-                $refreshTokenName="refreshTokenSeller";
-            }else{
-                $accessTokenName="accessTokenDelivery";
-                $refreshTokenName="refreshTokenDelivery";
-            }
             $tokenUser=(new GenerateTokenUserService())->generate($client,$loginUser,$data['password'],$request);
             
             $tokenData = json_decode($tokenUser->getContent(), true);
-
+             $origin = $request->headers->get('origin');
+            
             if ($tokenUser->getStatusCode() === 200) {
                 $accessToken = $tokenData['access_token'];
                 $refreshToken = $tokenData['refresh_token'];
 
-                $domain = (config('app.env') === 'production') ? '.akevas.com' : null;
+                $domain = '.akevas.com';
                 $secure = config('app.env') === 'production';
 
-                return response()->noContent(204)->cookie($accessTokenName, $accessToken, 
-                Carbon::now()->addMinutes(config('passport.token_ttl'))->timestamp, 
+                if (config('app.env') === 'production') {
+                   
+
+                    if (str_contains($origin, 'seller.akevas.com')) {
+                        
+        $cookieNameAccess = 'accessTokenSeller';
+         
+        $cookieNameRefresh = 'refreshTokenSeller';
+    } elseif (str_contains($origin, 'delivery.akevas.com')) {
+        $cookieNameAccess = 'accessTokenDelivery';
+        $cookieNameRefresh = 'refreshTokenDelivery';
+    } else if (str_contains($origin, 'localhost')) {
+        $cookieNameAccess = 'accessTokenSeller';
+        $cookieNameRefresh = 'refreshTokenSeller';
+    } else {
+        $cookieNameAccess = 'accessToken';
+        $cookieNameRefresh = 'refreshToken';
+    }
+                }
+                Log::info('Seller origin: ' . $cookieNameAccess,[
+                    'cookieNameAccess' => $cookieNameAccess,
+                    'cookieNameRefresh' => $cookieNameRefresh,
+                    'accessToken' => $accessToken,
+                    'refreshToken' => $refreshToken,
+                    'domain' => $domain,
+                    'secure' => $secure,
+                ]);
+                return response()->json(['message' => 'Login success'], 200)->cookie($cookieNameAccess, $accessToken, 
+                config('passport.token_ttl'),
                 '/', $domain, $secure, true, false, 'none')
-            ->cookie($refreshTokenName, $refreshToken, 
-                Carbon::now()->addDays(30)->timestamp,
+            ->cookie($cookieNameRefresh, $refreshToken, 
+                60*24*30,
                 '/', $domain, $secure, true, false, 'none');
             }
             
diff --git a/app/Http/Controllers/Auth/LogoutController.php b/app/Http/Controllers/Auth/LogoutController.php
@@ -10,34 +10,65 @@
 
 class LogoutController extends Controller
 {
-    public function logout(){
-       $user = Auth::guard('api')->user();
-        $user->token()->revoke();
+    public function logout(Request $request)
+    {
+        // 🔹 Récupérer le user connecté
+        $user = Auth::guard('api')->user();
+
+        if ($user && $user->token()) {
+            $user->token()->revoke();
+        }
+
+        // 🔹 Déterminer l'origine / host
+        $origin = $request->headers->get('origin') ?? $request->getHost();
+
+        // 🔹 Définir les noms de cookies selon le sous-domaine
+        if (str_contains($origin, 'seller.akevas.com')) {
+            $cookieNameAccess = 'accessTokenSeller';
+            $cookieNameRefresh = 'refreshTokenSeller';
+        } elseif (str_contains($origin, 'delivery.akevas.com')) {
+            $cookieNameAccess = 'accessTokenDelivery';
+            $cookieNameRefresh = 'refreshTokenDelivery';
+        } elseif (str_contains($origin, 'localhost')) {
+            // cas local
+            $cookieNameAccess = 'accessTokenSeller';
+            $cookieNameRefresh = 'refreshTokenSeller';
+        } else {
+            // domaine par défaut (client ou autre)
+            $cookieNameAccess = 'accessToken';
+            $cookieNameRefresh = 'refreshToken';
+        }
+
+        // 🔹 Déterminer le domaine du cookie (production ou local)
         $domain = (config('app.env') === 'production') ? '.akevas.com' : null;
-    $secure = config('app.env') === 'production';
-    
-    if($user->role_id==1 || $user->role_id==3){
-        $accessTokenName="accessToken";
-        $refreshTokenName="refreshToken";
-    }else if ($user->role_id==2){
-        $accessTokenName="accessTokenSeller";
-        $refreshTokenName="refreshTokenSeller";
-    }else{
-        $accessTokenName="accessTokenDelivery";
-        $refreshTokenName="refreshTokenDelivery";
-    }
-    // 3. Définir la date d'expiration dans le passé (expire immédiatement)
-    $pastExpiration = Carbon::now()->subMinutes(5)->timestamp;
-
-    // 4. Construire la réponse (statut 204 No Content est courant pour le logout)
-    return response()->noContent(204)
-        // 5. Faire expirer l'accessToken
-        ->cookie($accessTokenName, null, 
-            $pastExpiration, 
-            '/', $domain, $secure, true, false, 'none') // Utiliser les mêmes paramètres que la pose
-        // 6. Faire expirer le refreshToken
-        ->cookie($refreshTokenName, null, 
-            $pastExpiration, 
-            '/', $domain, $secure, true, false, 'none');
+        $secure = config('app.env') === 'production';
+
+        // 🔹 Expiration passée pour supprimer le cookie
+        $expiredAt = Carbon::now()->subMinutes(5)->timestamp;
+
+        // 🔹 Retourner la réponse avec suppression des deux cookies
+        return response()->json(['message' => 'Déconnexion réussie.'], 200)
+            ->cookie(
+                $cookieNameAccess,
+                null,
+                $expiredAt,
+                '/',
+                $domain,
+                $secure,        // secure: true en production
+                true,           // httpOnly
+                false,          // raw
+                'none'          // sameSite
+            )
+            ->cookie(
+                $cookieNameRefresh,
+                null,
+                $expiredAt,
+                '/',
+                $domain,
+                $secure,
+                true,
+                false,
+                'none'
+            );
     }
 }
diff --git a/app/Http/Controllers/Auth/SocialAuthController.php b/app/Http/Controllers/Auth/SocialAuthController.php
@@ -51,17 +51,6 @@ public function handleGoogleCallback(): RedirectResponse
             return redirect("{$frontendUrl}/login?code=401");
         }
 
-        if($user->role_id==1 || $user->role_id==3){
-            $accessTokenName="accessToken";
-            $refreshTokenName="refreshToken";
-        }else if ($user->role_id==2){
-            $accessTokenName="accessTokenSeller";
-            $refreshTokenName="refreshTokenSeller";
-        }else{
-            $accessTokenName="accessTokenDelivery";
-            $refreshTokenName="refreshTokenDelivery";
-        }
-
         $scope = $this->getUserScope($user->role_id);
         $tokenResult = $user->createToken('GoogleAuthToken', [$scope]);
         $accessToken = $tokenResult->accessToken;
@@ -73,10 +62,10 @@ public function handleGoogleCallback(): RedirectResponse
         $secure = config('app.env') === 'production';
 
         
-        return redirect("{$frontendUrl}/authenticate")->cookie($accessTokenName, $accessToken, 
+        return redirect("{$frontendUrl}/authenticate")->cookie('accessToken', $accessToken, 
         Carbon::now()->addMinutes(config('passport.token_ttl'))->timestamp, 
         '/', $domain, $secure, true, false, 'none') // ttl, path, domain, secure, httpOnly, raw, sameSite
-    ->cookie($refreshTokenName, $refreshToken, 
+    ->cookie('refreshToken', $refreshToken, 
         Carbon::now()->addDays(30)->timestamp, // Longue durée de vie
         '/', $domain, $secure, true, false, 'none');
     }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -72,6 +72,6 @@ class Kernel extends HttpKernel
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
         'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,
         'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,
-        'isSeller'=>UserIsSeller::class
+        'isSeller'=>UserIsSeller::class,
     ];
 }
diff --git a/app/Http/Middleware/AttachAccessTokenFromCookieUser.php b/app/Http/Middleware/AttachAccessTokenFromCookieUser.php
@@ -10,11 +10,23 @@ class AttachAccessTokenFromCookieUser
     
     public function handle(Request $request, Closure $next)
     {
+        $host = $request->headers->get('origin');
+
+         if (str_contains($host, 'seller.akevas.com')) {
+            $cookieName = 'accessTokenSeller';
+        } elseif (str_contains($host, 'delivery.akevas.com')) {
+            $cookieName = 'accessTokenDelivery';
+        } elseif (str_contains($host, 'localhost:5173')) {
+            $cookieName = 'accessTokenSeller';
+        } 
+        else {
+            $cookieName = 'accessToken'; // client / admin
+        }
         // 1. Vérifier si l'en-tête Authorization est déjà présent (pour ne pas écraser)
-        if (!$request->headers->has('Authorization') && $request->cookie('accessToken')) {
+        if (!$request->headers->has('Authorization') && $request->cookie($cookieName)) {
             
             // 2. Lire le token depuis le cookie 'accessToken'
-            $accessToken = $request->cookie('accessToken');
+            $accessToken = $request->cookie($cookieName);
             
             // 3. Injecter le token dans l'en-tête Authorization au format Bearer
             $request->headers->set('Authorization', 'Bearer ' . $accessToken);
diff --git a/routes/api.php b/routes/api.php
@@ -172,7 +172,7 @@
 Route::get('/attributes/value/by/group/{id}',[ListCategoryController::class,"getAttributeValueByAttributeId"]);
 Route::get('/categories/attributes',[ListCategoryController::class,"getCategoriesWithAttributes"]);
 
-Route::middleware(['auth:api', 'scopes:seller', "isSeller"])->prefix('v1')->group(function () {
+Route::middleware(["auth:api", 'scopes:seller', "isSeller", "verify.role"])->prefix('v1')->group(function () {
     Route::post("init/payment/subscription/product", [SubscribeProductController::class, "initPay"]);
     Route::post('init/payment/subscription/product/pending/{membership_id}/{product_id}/{transaction_ref}', [SubscribeProductController::class, 'initPaymentPending']);
     Route::post("check/payment/subscription/product/callback", [SubscribeProductController::class, "paymentCallBack"]);
@@ -204,7 +204,7 @@
     Route::post("/delivery/update/docs",[UpdateDeliveryController::class,'updateDocuments']);
 });
 
-Route::middleware(['auth_seller','auth:api', 'scopes:seller'])->prefix('v1')->group(function () {
+Route::middleware(["auth:api", 'scopes:seller'])->prefix('v1')->group(function () {
     Route::get('/current/seller', [CurrentSellerController::class, 'currentSeller']);
     Route::post('update/seller',[CurrentSellerController::class,'updateSeller']);
      Route::get('/seller/notifications',[ListNotificationController::class,'list']);
@@ -213,7 +213,7 @@
     Route::post("/update/docs",[UpdateSellerController::class,'updateDocuments']);
 });
 
-Route::middleware(['auth:api', 'scopes:admin'])->prefix('v1')->group(function () {
+Route::middleware(["auth:api", 'scopes:admin'])->prefix('v1')->group(function () {
     Route::post('/decline/or/validate/{reviewId}/{status}',[DeclineOrValidateReviewController::class,'declineOrValidate']);
     Route::post('/decline/or/validate/shop/review/{reviewId}/{status}',[DeclineOrValidateShopReviewController::class,'declineOrValidate']);
     Route::get('/recent/products', [RecentProductController::class, 'index']);
@@ -248,7 +248,7 @@
     Route::post('update/category/{id}', [CategoryController::class, 'update']);
 });
 
-Route::middleware(['auth:api', 'scopes:customer'])->prefix('v1')->group(function () {
+Route::middleware(["auth:api", 'scopes:customer'])->prefix('v1')->group(function () {
     Route::get('/recent/orders', [RecentOrderController::class, 'recentOrders']);
     Route::get('user/show/order/{id}', [ShowOrderController::class, 'showOrder']);
     Route::get('/list/orders', [ListOrderController::class, 'listOrder']);
@@ -277,7 +277,7 @@
     Route::post('/payin',[PayinController::class,'payin']);
 });
 
-Route::middleware(['auth:api', 'scopes:delivery'])->prefix('v1')->group(function () {
+Route::middleware(["auth:api", 'scopes:delivery'])->prefix('v1')->group(function () {
     
     Route::get('/preference/orders', [GetPreferenceOrderController::class, 'getPreferenceOrders']);
     Route::get('/current/delivery', [DeliveryProfileController::class, 'currentDelivery']);

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,6 @@ class Kernel extends HttpKernel`
`72`	`72`	`'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,`
`73`	`73`	`'scopes' => \Laravel\Passport\Http\Middleware\CheckScopes::class,`
`74`	`74`	`'scope' => \Laravel\Passport\Http\Middleware\CheckForAnyScope::class,`
`75`		`- 'isSeller'=>UserIsSeller::class`
	`75`	`+ 'isSeller'=>UserIsSeller::class,`
`76`	`76`	`];`
`77`	`77`	`}`