auth switched to JWT

Author: robuedi

app/Http/Controllers/Api/v1/PropertyController.php

@@ -16,6 +16,8 @@ class PropertyController extends Controller
 {
     /**
      * List properties
+     * 
+     * @unauthenticated
      */
     public function index(GenericListingRequest $request)
     {
@@ -106,6 +108,8 @@ public function store(StorePropertyRequest $request)
 
     /**
      * Show a property
+     * 
+     * @unauthenticated
      */
     public function show(Request $request, int $property)
     {

app/Http/Controllers/Auth/AuthController.php

@@ -0,0 +1,91 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Auth\LoginRequest;
+use Illuminate\Http\Request;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
+
+/**
+ * @tags Auth (JWT)
+ */
+class AuthController extends Controller
+{
+    /**
+     * Create a new AuthController instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('auth:api', ['except' => ['login']]);
+    }
+
+    /**
+     * Login 
+     * 
+     * Get a JWT via given credentials.
+     */
+    public function login(LoginRequest $request): JsonResponse
+    {
+        $credentials = request(['email', 'password']);
+
+        if (! $token = auth()->attempt($credentials)) {
+            return response()->json(['error' => 'Unauthorized'], 401);
+        }
+
+        return $this->respondWithToken($token);
+    }
+
+    /**
+     * Authenticated user data
+     * 
+     * Get the authenticated User.
+     */
+    public function me() : JsonResponse
+    {
+        return response()->json(auth()->user());
+    }
+
+
+    /**
+     * Logout 
+     * 
+     * Log the user out (Invalidate the token).
+     */
+    public function logout(Request $request): Response
+    {
+        auth()->logout(true);
+
+        return response()->noContent();
+    }
+
+    /**
+     * Token refresh
+     * 
+     * Refresh a token.
+     */
+    public function refresh() : JsonResponse
+    {
+        return $this->respondWithToken(auth()->refresh(true, true));
+    }
+
+    /**
+     * Get the token array structure.
+     *
+     * @param  string $token
+     *
+     * @return \Illuminate\Http\JsonResponse
+     */
+    protected function respondWithToken($token)
+    {
+        return response()->json([
+            'access_token' => $token,
+            'token_type' => 'bearer',
+            'expires_in' => auth()->factory()->getTTL() * 60
+        ]);
+    }
+}

app/Http/Controllers/Auth/AuthenticatedSessionController.php

@@ -8,11 +8,13 @@
 use Illuminate\Http\Request;
 
 /**
- * @tags Auth
+ * @tags Auth (JWT)
  */
 class EmailVerificationNotificationController extends Controller
 {
     /**
+     * Email verification link
+     * 
      * Send a new email verification notification.
      */
     public function store(Request $request): JsonResponse|RedirectResponse

app/Http/Controllers/Auth/AuthenticatedUserController.php

@@ -13,11 +13,13 @@
 use Illuminate\Validation\ValidationException;
 
 /**
- * @tags Auth
+ * @tags Auth (JWT)
  */
 class NewPasswordController extends Controller
 {
     /**
+     * Password change
+     * 
      * Handle an incoming new password request.
      *
      * @throws \Illuminate\Validation\ValidationException

app/Http/Controllers/Auth/EmailVerificationNotificationController.php

@@ -9,11 +9,13 @@
 use Illuminate\Validation\ValidationException;
 
 /**
- * @tags Auth
+ * @tags Auth (JWT)
  */
 class PasswordResetLinkController extends Controller
 {
     /**
+     * Password reset link
+     * 
      * Handle an incoming password reset link request.
      *
      * @throws \Illuminate\Validation\ValidationException

app/Http/Controllers/Auth/NewPasswordController.php

@@ -12,16 +12,18 @@
 use Illuminate\Validation\Rules;
 
 /**
- * @tags Auth
+ * @tags Auth (JWT)
  */
 class RegisteredUserController extends Controller
 {
     /**
+     * Register
+     * 
      * Handle an incoming registration request.
      *
      * @throws \Illuminate\Validation\ValidationException
      */
-    public function store(Request $request): Response
+    public function register(Request $request): Response
     {
         $request->validate([
             'name' => ['required', 'string', 'max:255'],
@@ -37,8 +39,6 @@ public function store(Request $request): Response
 
         event(new Registered($user));
 
-        Auth::login($user);
-
         return response()->noContent();
     }
 }

app/Http/Controllers/Auth/PasswordResetLinkController.php

@@ -2,7 +2,9 @@
 
 namespace App\Http\Controllers;
 
-abstract class Controller
+use Illuminate\Routing\Controller as BaseController;
+
+abstract class Controller extends BaseController
 {
     //
 }

app/Http/Controllers/Auth/RegisteredUserController.php

@@ -2,14 +2,14 @@
 
 namespace App\Models;
 
-// use Illuminate\Contracts\Auth\MustVerifyEmail;
 use App\Models\Relationships\UserRelationships;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
+use Tymon\JWTAuth\Contracts\JWTSubject;
 
-class User extends Authenticatable
+class User extends Authenticatable implements JWTSubject
 {
     /** @use HasFactory<\Database\Factories\UserFactory> */
     use HasApiTokens, HasFactory, Notifiable, UserRelationships;
@@ -47,4 +47,24 @@ protected function casts(): array
             'password' => 'hashed',
         ];
     }
+
+    /**
+     * Get the identifier that will be stored in the subject claim of the JWT.
+     *
+     * @return mixed
+     */
+    public function getJWTIdentifier()
+    {
+        return $this->getKey();
+    }
+
+    /**
+     * Return a key value array, containing any custom claims to be added to the JWT.
+     *
+     * @return array
+     */
+    public function getJWTCustomClaims()
+    {
+        return [];
+    }
 }

app/Http/Controllers/Controller.php

@@ -4,6 +4,9 @@
 
 use Illuminate\Auth\Notifications\ResetPassword;
 use Illuminate\Support\ServiceProvider;
+use Dedoc\Scramble\Scramble;
+use Dedoc\Scramble\Support\Generator\OpenApi;
+use Dedoc\Scramble\Support\Generator\SecurityScheme;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -23,5 +26,11 @@ public function boot(): void
         ResetPassword::createUrlUsing(function (object $notifiable, string $token) {
             return config('app.frontend_url')."/password-reset/$token?email={$notifiable->getEmailForPasswordReset()}";
         });
+
+        Scramble::afterOpenApiGenerated(function (OpenApi $openApi) {
+            $openApi->secure(
+                SecurityScheme::http('bearer', 'JWT')
+            );
+        });
     }
 }

app/Models/User.php

@@ -14,7 +14,8 @@
         "laravel/framework": "^11.31",
         "laravel/sanctum": "^4.0",
         "laravel/tinker": "^2.9",
-        "spatie/laravel-query-builder": "^6.2"
+        "spatie/laravel-query-builder": "^6.2",
+        "tymon/jwt-auth": "^2.1"
     },
     "require-dev": {
         "fakerphp/faker": "^1.23",