add token based sanctum authentication

developermithu · developermithu · commit 0aa658b2f1c7 · 2025-03-24T19:02:00.000+06:00
diff --git a/app/Http/Controllers/Api/Auth/LoginController.php b/app/Http/Controllers/Api/Auth/LoginController.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Http\Controllers\Api\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\Auth\LoginRequest;
+use App\Models\User;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\ValidationException;
+
+class LoginController extends Controller
+{
+    /**
+     * Handle the incoming login request.
+     */
+    public function store(LoginRequest $request): array
+    {
+        $user = User::where('email', $request->email)->first();
+
+        if (!$user || !Hash::check($request->password, $user->password)) {
+            throw ValidationException::withMessages([
+                'email' => ['The provided credentials are incorrect.'],
+            ]);
+        }
+
+        $token = $user->createToken('auth_token')->plainTextToken;
+
+        return [
+            'user' => $user,
+            'token' => $token,
+        ];
+    }
+}
diff --git a/app/Http/Controllers/Api/Auth/LogoutController.php b/app/Http/Controllers/Api/Auth/LogoutController.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Http\Controllers\Api\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\Request;
+
+class LogoutController extends Controller
+{
+    /**
+     * Handle the incoming logout request.
+     */
+    public function destroy(Request $request): array
+    {
+        $request->user()->currentAccessToken()->delete();
+
+        return [
+            'message' => 'Successfully logged out'
+        ];
+    }
+}
diff --git a/app/Http/Controllers/Api/Auth/RegisterController.php b/app/Http/Controllers/Api/Auth/RegisterController.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Controllers\Api\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Api\Auth\RegisterRequest;
+use App\Models\User;
+use Illuminate\Auth\Events\Registered;
+use Illuminate\Support\Facades\Hash;
+
+class RegisterController extends Controller
+{
+    /**
+     * Handle the incoming registration request.
+     */
+    public function store(RegisterRequest $request): array
+    {
+        $user = User::create([
+            'name' => $request->name,
+            'email' => $request->email,
+            'password' => Hash::make($request->password),
+        ]);
+
+        event(new Registered($user));
+
+        $token = $user->createToken('auth_token')->plainTextToken;
+
+        return [
+            'token' => $token
+        ];
+    }
+}
diff --git a/app/Http/Requests/Api/Auth/LoginRequest.php b/app/Http/Requests/Api/Auth/LoginRequest.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Http\Requests\Api\Auth;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class LoginRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<int, string>>
+     */
+    public function rules(): array
+    {
+        return [
+            'email' => ['required', 'string', 'email'],
+            'password' => ['required', 'string'],
+        ];
+    }
+}
diff --git a/app/Http/Requests/Api/Auth/RegisterRequest.php b/app/Http/Requests/Api/Auth/RegisterRequest.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Requests\Api\Auth;
+
+use App\Models\User;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rules;
+
+class RegisterRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, array<int, string>>
+     */
+    public function rules(): array
+    {
+        return [
+            'name' => ['required', 'string', 'max:255'],
+            'email' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:' . User::class],
+            'password' => ['required', Rules\Password::defaults()],
+        ];
+    }
+}
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -10,7 +10,7 @@
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
 
-class User extends Authenticatable implements MustVerifyEmail
+class User extends Authenticatable
 {
     /** @use HasFactory<\Database\Factories\UserFactory> */
     use HasApiTokens, HasFactory, Notifiable;
diff --git a/bootstrap/app.php b/bootstrap/app.php
@@ -6,7 +6,6 @@
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
 use Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets;
-use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
 
 return Application::configure(basePath: dirname(__DIR__))
     ->withRouting(
@@ -23,10 +22,6 @@
             HandleInertiaRequests::class,
             AddLinkHeadersForPreloadedAssets::class,
         ]);
-
-        $middleware->api(prepend: [
-            EnsureFrontendRequestsAreStateful::class,
-        ]);
     })
     ->withExceptions(function (Exceptions $exceptions) {
         //
diff --git a/routes/api.php b/routes/api.php
@@ -28,3 +28,7 @@
         Route::apiResource('categories', CategoryController::class)->except(['index','show']);
     });
 });
+
+
+// Auth routes for API
+require __DIR__.'/api_auth.php';
diff --git a/routes/api_auth.php b/routes/api_auth.php
@@ -0,0 +1,18 @@
+<?php
+
+use App\Http\Controllers\Api\Auth\LoginController;
+use App\Http\Controllers\Api\Auth\LogoutController;
+use App\Http\Controllers\Api\Auth\RegisterController;
+use Illuminate\Support\Facades\Route;
+
+
+Route::prefix('auth')->group(function () {
+    Route::middleware('guest')->group(function () {
+        Route::post('register', [RegisterController::class, 'store']);
+        Route::post('login', [LoginController::class, 'store']);
+    });
+
+    Route::middleware('auth:sanctum')->group(function () {
+        Route::post('logout', [LogoutController::class, 'destroy']);
+    });
+});

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`use Illuminate\Notifications\Notifiable;`
`11`	`11`	`use Laravel\Sanctum\HasApiTokens;`
`12`	`12`
`13`		`-class User extends Authenticatable implements MustVerifyEmail`
	`13`	`+class User extends Authenticatable`
`14`	`14`	`{`
`15`	`15`	`/** @use HasFactory<\Database\Factories\UserFactory> */`
`16`	`16`	`use HasApiTokens, HasFactory, Notifiable;`