k2so-dev
diff --git a/‎.env.example‎
Lines changed: 3 additions & 1 deletion b/‎.env.example‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎app/Http/Controllers/AuthController.php‎
Lines changed: 24 additions & 42 deletions b/‎app/Http/Controllers/AuthController.php‎
Lines changed: 24 additions & 42 deletions
diff --git a/‎app/Models/PersonalAccessToken.php‎
Lines changed: 0 additions & 22 deletions b/‎app/Models/PersonalAccessToken.php‎
Lines changed: 0 additions & 22 deletions
diff --git a/‎app/Models/Session.php‎
Lines changed: 28 additions & 0 deletions b/‎app/Models/Session.php‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎app/Models/User.php‎
Lines changed: 5 additions & 17 deletions b/‎app/Models/User.php‎
Lines changed: 5 additions & 17 deletions
diff --git a/‎app/Providers/AppServiceProvider.php‎
Lines changed: 0 additions & 6 deletions b/‎app/Providers/AppServiceProvider.php‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎bootstrap/app.php‎
Lines changed: 5 additions & 8 deletions b/‎bootstrap/app.php‎
Lines changed: 5 additions & 8 deletions
diff --git a/‎nuxt/components/auth/Login.vue‎
Lines changed: 0 additions & 4 deletions b/‎nuxt/components/auth/Login.vue‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎nuxt/pages/account/devices.vue‎
Lines changed: 1 addition & 1 deletion b/‎nuxt/pages/account/devices.vue‎
Lines changed: 1 addition & 1 deletion
@@ -17,7 +17,7 @@ APP_LOCALE=en
 APP_FALLBACK_LOCALE=en
 APP_FAKER_LOCALE=en_US
 
-AUTH_GUARD=api
+AUTH_GUARD=web
 
 APP_MAINTENANCE_DRIVER=file
 APP_MAINTENANCE_STORE=database
@@ -43,6 +43,8 @@ SESSION_LIFETIME=120
 SESSION_ENCRYPT=false
 SESSION_PATH=/
 SESSION_DOMAIN=null
+SANCTUM_STATEFUL_DOMAINS=localhost
+SESSION_SECURE_COOKIE=false
 
 BROADCAST_CONNECTION=log
 FILESYSTEM_DISK=local
 
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers;
 
+use App\Helpers\Utils;
 use App\Models\User;
 use App\Models\UserProvider;
 use Illuminate\Auth\Events\PasswordReset;
@@ -10,7 +11,7 @@
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Crypt;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Password;
 use Illuminate\Support\Str;
@@ -112,23 +113,19 @@ public function callback(Request $request, string $provider): View
             $user = $userProvider->user;
         }
 
-        $token = $user->createDeviceToken(
-            device: $request->deviceName(),
-            ip: $request->ip(),
-            remember: true
-        );
+        Auth::login($user, true);
+        $request->session()->regenerate();
 
         return view('oauth', [
             'message' => [
                 'ok' => true,
                 'provider' => $provider,
-                'token' => $token,
             ],
         ]);
     }
 
     /**
-     * Generate sanctum token on successful login
+     * Login user
      * @throws ValidationException
      */
     public function login(Request $request): JsonResponse
@@ -138,23 +135,16 @@ public function login(Request $request): JsonResponse
             'password' => ['required', 'string'],
         ]);
 
-        $user = User::select(['id', 'password'])->where('email', $request->email)->first();
-
-        if (!$user || !Hash::check($request->password, $user->password)) {
+        if (!Auth::attempt($request->only('email', 'password'), $request->remember)) {
             throw ValidationException::withMessages([
                 'email' => __('auth.failed'),
             ]);
         }
 
-        $token = $user->createDeviceToken(
-            device: $request->deviceName(),
-            ip: $request->ip(),
-            remember: $request->input('remember', false)
-        );
+        $request->session()->regenerate();
 
         return response()->json([
             'ok' => true,
-            'token' => $token,
         ]);
     }
 
@@ -163,7 +153,7 @@ public function login(Request $request): JsonResponse
      */
     public function logout(Request $request): JsonResponse
     {
-        $request->user()->currentAccessToken()->delete();
+        Auth::logout();
 
         return response()->json([
             'ok' => true,
@@ -226,7 +216,7 @@ public function resetPassword(Request $request): JsonResponse
     {
         $request->validate([
             'token' => ['required'],
-            'email' => ['required', 'email', 'exists:'.User::class],
+            'email' => ['required', 'email', 'exists:' . User::class],
             'password' => ['required', 'confirmed', Rules\Password::defaults()],
         ]);
 
@@ -287,7 +277,7 @@ public function verificationNotification(Request $request): JsonResponse
             'email' => ['required', 'email'],
         ]);
 
-        $user = $request->user()?: User::where('email', $request->email)->whereNull('email_verified_at')->first();
+        $user = $request->user() ?: User::where('email', $request->email)->whereNull('email_verified_at')->first();
 
         abort_if(!$user, 400);
 
@@ -306,22 +296,19 @@ public function devices(Request $request): JsonResponse
     {
         $user = $request->user();
 
-        $devices = $user->tokens()
-            ->select('id', 'name', 'ip', 'last_used_at')
-            ->orderBy('last_used_at', 'DESC')
-            ->get();
-
-        $currentToken = $user->currentAccessToken();
-
-        foreach ($devices as $device) {
-            $device->hash = Crypt::encryptString($device->id);
+        $currentSessionId = $request->session()->getId();
 
-            if ($currentToken->id === $device->id) {
-                $device->is_current = true;
-            }
+        $devices = $user->sessions()
+            ->select(['id as key', 'ip_address as ip', 'user_agent as name', 'last_activity'])
+            ->orderBy('last_activity', 'DESC')
+            ->get()
+            ->map(function ($device) use ($currentSessionId) {
+                $device->is_current = $currentSessionId === $device->key;
+                $device->name = Utils::getDeviceNameFromDetector(Utils::getDeviceDetectorByUserAgent($device->name));
+                $device->last_used_at = now()->parse($device->last_activity);
 
-            unset($device->id);
-        }
+                return $device;
+            });
 
         return response()->json([
             'ok' => true,
@@ -330,21 +317,16 @@ public function devices(Request $request): JsonResponse
     }
 
     /**
-     * Revoke token by id
+     * Disconnect device by id
      */
     public function deviceDisconnect(Request $request): JsonResponse
     {
         $request->validate([
-            'hash' => 'required',
+            'key' => 'required|size:40',
         ]);
 
         $user = $request->user();
-
-        $id = (int) Crypt::decryptString($request->hash);
-
-        if (!empty($id)) {
-            $user->tokens()->where('id', $id)->delete();
-        }
+        $user->sessions()->where('id', $request->key)->delete();
 
         return response()->json([
             'ok' => true,
 
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Model;
+
+class Session extends Model
+{
+    protected $primaryKey = 'id';
+    protected $keyType = 'string';
+
+    public $timestamps = false;
+    public $incrementing = false;
+
+    protected $casts = [
+        'payload' => 'string',
+        'last_activity' => 'integer',
+    ];
+
+    protected $hidden = [
+        'payload',
+    ];
+
+    public function user()
+    {
+        return $this->belongsTo(User::class);
+    }
+}
@@ -7,12 +7,11 @@
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
-use Laravel\Sanctum\HasApiTokens;
 use Spatie\Permission\Traits\HasRoles;
 
 class User extends Authenticatable implements MustVerifyEmail
 {
-    use HasApiTokens, HasFactory, HasRoles, Notifiable;
+    use HasFactory, HasRoles, Notifiable;
 
     /**
      * The attributes that are mass assignable.
@@ -56,24 +55,13 @@ public function userProviders(): HasMany
         return $this->hasMany(UserProvider::class);
     }
 
-    public function mustVerifyEmail(): bool
+    public function sessions(): HasMany
     {
-        return $this instanceof MustVerifyEmail && !$this->hasVerifiedEmail();
+        return $this->hasMany(Session::class);
     }
 
-    public function createDeviceToken(string $device, string $ip, bool $remember = false): string
+    public function mustVerifyEmail(): bool
     {
-        $sanctumToken = $this->createToken(
-            $device,
-            ['*'],
-            $remember ?
-                now()->addMonth() :
-                now()->addDay()
-        );
-
-        $sanctumToken->accessToken->ip = $ip;
-        $sanctumToken->accessToken->save();
-
-        return $sanctumToken->plainTextToken;
+        return $this instanceof MustVerifyEmail && !$this->hasVerifiedEmail();
     }
 }
@@ -3,7 +3,6 @@
 namespace App\Providers;
 
 use App\Helpers\Image;
-use App\Models\PersonalAccessToken;
 use Illuminate\Auth\Events\Lockout;
 use Illuminate\Auth\Notifications\ResetPassword;
 use Illuminate\Auth\Notifications\VerifyEmail;
@@ -14,7 +13,6 @@
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Support\Str;
 use Illuminate\Validation\ValidationException;
-use Laravel\Sanctum\Sanctum;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -109,9 +107,5 @@ public function boot(): void
         Request::macro('deviceName', function (): string {
             return Utils::getDeviceNameFromDetector($this->device());
         });
-
-        Sanctum::usePersonalAccessTokenModel(
-            PersonalAccessToken::class
-        );
     }
 }
@@ -8,23 +8,20 @@
 use Illuminate\Http\Request;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Illuminate\Validation\ValidationException;
+use Symfony\Component\HttpFoundation\IpUtils;
 
 return Application::configure(basePath: dirname(__DIR__))
     ->withRouting(
-        api: __DIR__.'/../routes/api.php',
+        api: __DIR__ . '/../routes/api.php',
         apiPrefix: '',
-        commands: __DIR__.'/../routes/console.php',
+        commands: __DIR__ . '/../routes/console.php',
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware) {
         $middleware
             ->throttleApi(redis: true)
-            ->trustProxies(at: [
-                '127.0.0.0/8',
-                '10.0.0.0/8',
-                '172.16.0.0/12',
-                '192.168.0.0/16',
-            ])
+            ->trustProxies(at: IpUtils::PRIVATE_SUBNETS)
+            ->statefulApi()
             ->api(prepend: [
                 JsonResponse::class,
             ]);
 
@@ -7,7 +7,6 @@ const router = useRouter();
 const auth = useAuthStore();
 const form = useTemplateRef<Form<any>>('form');
 const toast = useToast();
-const nuxtApp = useNuxtApp();
 
 const state = reactive({
   email: "",
@@ -24,8 +23,6 @@ const { refresh: onSubmit, status: loginStatus } = useHttp<any>("login", {
     if (response?.status === 422) {
       form.value.setErrors(response._data?.errors);
     } else if (response._data?.ok) {
-      nuxtApp.$token.value = response._data.token;
-
       await auth.fetchUser();
       await router.push("/");
     }
@@ -39,7 +36,6 @@ async function handleMessage(event: { data: any }): Promise<void> {
 
   if (Object.keys(providers.value).includes(provider) && event.data.token) {
     providers.value[provider].loading = false;
-    nuxtApp.$token.value = event.data.token;
 
     await auth.fetchUser();
     await router.push("/");
 
@@ -31,7 +31,7 @@ const items = (row: any) => [
         await $http("devices/disconnect", {
           method: "POST",
           body: {
-            hash: row.hash,
+            key: row.key,
           },
           async onFetchResponse({ response }) {
             if (response._data?.ok) {
Original file line number	Diff line number	Diff line change
`@@ -7,12 +7,11 @@`
`7`	`7`	`use Illuminate\Database\Eloquent\Relations\HasMany;`
`8`	`8`	`use Illuminate\Foundation\Auth\User as Authenticatable;`
`9`	`9`	`use Illuminate\Notifications\Notifiable;`
`10`		`-use Laravel\Sanctum\HasApiTokens;`
`11`	`10`	`use Spatie\Permission\Traits\HasRoles;`
`12`	`11`
`13`	`12`	`class User extends Authenticatable implements MustVerifyEmail`
`14`	`13`	`{`
`15`		`- use HasApiTokens, HasFactory, HasRoles, Notifiable;`
	`14`	`+ use HasFactory, HasRoles, Notifiable;`
`16`	`15`
`17`	`16`	`/**`
`18`	`17`	`* The attributes that are mass assignable.`
`@@ -56,24 +55,13 @@ public function userProviders(): HasMany`
`56`	`55`	`return $this->hasMany(UserProvider::class);`
`57`	`56`	`}`
`58`	`57`
`59`		`- public function mustVerifyEmail(): bool`
	`58`	`+ public function sessions(): HasMany`
`60`	`59`	`{`
`61`		`- return $this instanceof MustVerifyEmail && !$this->hasVerifiedEmail();`
	`60`	`+ return $this->hasMany(Session::class);`
`62`	`61`	`}`
`63`	`62`
`64`		`- public function createDeviceToken(string $device, string $ip, bool $remember = false): string`
	`63`	`+ public function mustVerifyEmail(): bool`
`65`	`64`	`{`
`66`		`- $sanctumToken = $this->createToken(`
`67`		`- $device,`
`68`		`- ['*'],`
`69`		`- $remember ?`
`70`		`- now()->addMonth() :`
`71`		`- now()->addDay()`
`72`		`- );`
`73`		`-`
`74`		`- $sanctumToken->accessToken->ip = $ip;`
`75`		`- $sanctumToken->accessToken->save();`
`76`		`-`
`77`		`- return $sanctumToken->plainTextToken;`
	`65`	`+ return $this instanceof MustVerifyEmail && !$this->hasVerifiedEmail();`
`78`	`66`	`}`
`79`	`67`	`}`