auth contracts

Author: k2so-dev

app/Contracts/AuthServiceContract.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Contracts;
+
+use App\Models\User;
+use Illuminate\Http\Request;
+
+interface AuthServiceContract
+{
+    public function login(Request $request, User $user): array;
+    public function logout(Request $request): void;
+    public function handleCallback(Request $request, User $user): array;
+    public function getDevices(Request $request): array;
+    public function disconnectDevice(Request $request): void;
+}

app/Http/Controllers/AuthController.php

@@ -2,7 +2,6 @@
 
 namespace App\Http\Controllers;
 
-use App\Helpers\Utils;
 use App\Models\User;
 use App\Models\UserProvider;
 use Illuminate\Auth\Events\PasswordReset;
@@ -19,9 +18,14 @@
 use Illuminate\Validation\ValidationException;
 use Illuminate\View\View;
 use Laravel\Socialite\Facades\Socialite;
+use App\Contracts\AuthServiceContract;
 
 class AuthController extends Controller
 {
+    public function __construct(
+        private AuthServiceContract $authService
+    ) {}
+
     /**
      * Register new user
      */
@@ -113,14 +117,28 @@ public function callback(Request $request, string $provider): View
             $user = $userProvider->user;
         }
 
-        Auth::login($user, true);
-        $request->session()->regenerate();
+        $message = [
+            'ok' => true,
+            'provider' => $provider,
+        ];
+
+        // If the guard is web, we will use the default login process
+        if (config('auth.defaults.guard') === 'web') {
+            Auth::login($user, true);
+            $request->session()->regenerate();
+        } else {
+            // If the guard is api, we will use the token based authentication
+            $token = $user->createDeviceToken(
+                device: $request->deviceName(),
+                ip: $request->ip(),
+                remember: $request->input('remember', false)
+            );
+
+            $message['token'] = $token;
+        }
 
         return view('oauth', [
-            'message' => [
-                'ok' => true,
-                'provider' => $provider,
-            ],
+            'message' => $message,
         ]);
     }
 
@@ -135,25 +153,25 @@ public function login(Request $request): JsonResponse
             'password' => ['required', 'string'],
         ]);
 
-        if (!Auth::attempt($request->only('email', 'password'), $request->remember)) {
+        $user = User::select(['id', 'password'])->where('email', $request->email)->first();
+
+        if (!$user) {
             throw ValidationException::withMessages([
                 'email' => __('auth.failed'),
             ]);
         }
 
-        $request->session()->regenerate();
+        $result = $this->authService->login($request, $user);
 
-        return response()->json([
-            'ok' => true,
-        ]);
+        return response()->json($result);
     }
 
     /**
      * Revoke token; only remove token that is used to perform logout (i.e. will not revoke all tokens)
      */
     public function logout(Request $request): JsonResponse
     {
-        Auth::logout();
+        $this->authService->logout($request);
 
         return response()->json([
             'ok' => true,
@@ -294,21 +312,7 @@ public function verificationNotification(Request $request): JsonResponse
      */
     public function devices(Request $request): JsonResponse
     {
-        $user = $request->user();
-
-        $currentSessionId = $request->session()->getId();
-
-        $devices = $user->sessions()
-            ->select(['id as key', 'ip_address as ip', 'user_agent as name', 'last_activity'])
-            ->orderBy('last_activity', 'DESC')
-            ->get()
-            ->map(function ($device) use ($currentSessionId) {
-                $device->is_current = $currentSessionId === $device->key;
-                $device->name = Utils::getDeviceNameFromDetector(Utils::getDeviceDetectorByUserAgent($device->name));
-                $device->last_used_at = now()->parse($device->last_activity);
-
-                return $device;
-            });
+        $devices = $this->authService->getDevices($request);
 
         return response()->json([
             'ok' => true,
@@ -322,11 +326,10 @@ public function devices(Request $request): JsonResponse
     public function deviceDisconnect(Request $request): JsonResponse
     {
         $request->validate([
-            'key' => 'required|size:40',
+            'key' => 'required|string',
         ]);
 
-        $user = $request->user();
-        $user->sessions()->where('id', $request->key)->delete();
+        $this->authService->disconnectDevice($request);
 
         return response()->json([
             'ok' => true,

app/Providers/AuthServiceProvider.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Providers;
+
+use App\Contracts\AuthServiceContract;
+use App\Services\Auth\AuthServiceFactory;
+use Illuminate\Support\ServiceProvider;
+
+class AuthServiceProvider extends ServiceProvider
+{
+    public function register(): void
+    {
+        $this->app->bind(AuthServiceContract::class, function () {
+            return AuthServiceFactory::create();
+        });
+    }
+}

app/Services/Auth/ApiAuthService.php

@@ -0,0 +1,82 @@
+<?php
+
+namespace App\Services\Auth;
+
+use App\Contracts\AuthServiceContract;
+use App\Models\User;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\ValidationException;
+
+class ApiAuthService implements AuthServiceContract
+{
+    public function login(Request $request, User $user): array
+    {
+        if (!Hash::check($request->password, $user->password)) {
+            throw ValidationException::withMessages([
+                'email' => __('auth.failed'),
+            ]);
+        }
+
+        $token = $user->createDeviceToken(
+            device: $request->deviceName(),
+            ip: $request->ip(),
+            remember: $request->input('remember', false)
+        );
+
+        return [
+            'ok' => true,
+            'token' => $token,
+        ];
+    }
+
+    public function logout(Request $request): void
+    {
+        $request->user()->currentAccessToken()->delete();
+    }
+
+    public function handleCallback(Request $request, User $user): array
+    {
+        $token = $user->createDeviceToken(
+            device: $request->deviceName(),
+            ip: $request->ip(),
+            remember: $request->input('remember', false)
+        );
+
+        return [
+            'ok' => true,
+            'provider' => $request->route('provider'),
+            'token' => $token,
+        ];
+    }
+
+    public function getDevices(Request $request): array
+    {
+        $user = $request->user();
+        $currentToken = $user->currentAccessToken();
+
+        $devices = $user->tokens()
+            ->select('id', 'name', 'ip', 'last_used_at')
+            ->orderBy('last_used_at', 'DESC')
+            ->get()
+            ->map(function ($device) use ($currentToken) {
+                $device->key = Crypt::encryptString($device->id);
+                $device->is_current = $currentToken->id === $device->id;
+                unset($device->id);
+
+                return $device;
+            });
+
+        return $devices->toArray();
+    }
+
+    public function disconnectDevice(Request $request): void
+    {
+        $id = (int) Crypt::decryptString($request->key);
+
+        if (!empty($id)) {
+            $request->user()->tokens()->where('id', $id)->delete();
+        }
+    }
+}

app/Services/Auth/AuthServiceFactory.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Services\Auth;
+
+use App\Contracts\AuthServiceContract;
+
+class AuthServiceFactory
+{
+    public static function create(?string $guard = null): AuthServiceContract
+    {
+        $guard = $guard ?? config('auth.defaults.guard');
+
+        return match ($guard) {
+            'web' => new WebAuthService(),
+            'api' => new ApiAuthService(),
+            default => throw new \InvalidArgumentException("Unsupported guard: {$guard}"),
+        };
+    }
+}

app/Services/Auth/WebAuthService.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace App\Services\Auth;
+
+use App\Contracts\AuthServiceContract;
+use App\Helpers\Utils;
+use App\Models\User;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class WebAuthService implements AuthServiceContract
+{
+    public function login(Request $request, User $user): array
+    {
+        if (!Auth::attempt($request->only('email', 'password'), $request->remember)) {
+            throw ValidationException::withMessages([
+                'email' => __('auth.failed'),
+            ]);
+        }
+
+        $request->session()->regenerate();
+
+        return ['ok' => true];
+    }
+
+    public function logout(Request $request): void
+    {
+        Auth::logout();
+    }
+
+    public function handleCallback(Request $request, User $user): array
+    {
+        Auth::login($user, true);
+        $request->session()->regenerate();
+
+        return [
+            'ok' => true,
+            'provider' => $request->route('provider'),
+        ];
+    }
+
+    public function getDevices(Request $request): array
+    {
+        $user = $request->user();
+        $currentSessionId = $request->session()->getId();
+
+        $devices = $user->sessions()
+            ->select(['id as key', 'ip_address as ip', 'user_agent as name', 'last_activity'])
+            ->orderBy('last_activity', 'DESC')
+            ->get()
+            ->map(function ($device) use ($currentSessionId) {
+                $device->is_current = $currentSessionId === $device->key;
+                $device->name = Utils::getDeviceNameFromDetector(Utils::getDeviceDetectorByUserAgent($device->name));
+                $device->last_used_at = now()->parse($device->last_activity);
+
+                return $device;
+            });
+
+        return $devices->toArray();
+    }
+
+    public function disconnectDevice(Request $request): void
+    {
+        $request->user()->sessions()->where('id', $request->key)->delete();
+    }
+}

bootstrap/providers.php

@@ -2,5 +2,6 @@
 
 return [
     App\Providers\AppServiceProvider::class,
+    App\Providers\AuthServiceProvider::class,
     Spatie\Permission\PermissionServiceProvider::class,
 ];