feature: login via sanctum

2026-02-23 18:45:56 +05:30 · 2026-02-23 18:45:56 +05:30 · 94da4e9f6a
commit 94da4e9f6a
parent 2ca605feb4
8 changed files with 101 additions and 14 deletions
--- a/backend/.env.example
+++ b/backend/.env.example
@ -63,3 +63,4 @@ AWS_BUCKET=
 AWS_USE_PATH_STYLE_ENDPOINT=false

 VITE_APP_NAME="${APP_NAME}"
+FRONTEND_URL=http://localhost:4200
--- a/backend/app/Contracts/OutputDataTransferObject.php
+++ b/backend/app/Contracts/OutputDataTransferObject.php
@ -4,5 +4,8 @@

 interface OutputDataTransferObject
 {
+    /**
+     * @return array<string, mixed>
+     */
    public function toArray(): array;
 }
--- a/backend/app/Data/RegisterDTO.php
+++ b/backend/app/Data/RegisterDTO.php
@ -5,14 +5,14 @@
 use App\Contracts\InputDataTransferObject;
 use Illuminate\Foundation\Http\FormRequest;

-final class RegisterDTO implements InputDataTransferObject
+final readonly class RegisterDTO implements InputDataTransferObject
 {
    public function __construct(
-        public readonly string $name,
-        public readonly string $email,
-        public readonly string $mobileNumber,
-        public readonly string $password,
-        public readonly string $city,
+        public string $name,
+        public string $email,
+        public string $mobileNumber,
+        public string $password,
+        public string $city,
    ) {}

    public static function fromRequest(FormRequest $request): InputDataTransferObject
--- a/backend/app/Data/UserDTO.php
+++ b/backend/app/Data/UserDTO.php
@ -0,0 +1,30 @@
+<?php
+
+namespace App\Data;
+
+use App\Contracts\OutputDataTransferObject;
+
+final readonly class UserDTO implements OutputDataTransferObject
+{
+    public function __construct(
+        public int $id,
+        public string $name,
+        public string $email,
+        public string $mobileNumber,
+        public string $city,
+    ) {}
+
+    /**
+     * @return array<string, mixed>
+     */
+    public function toArray(): array
+    {
+        return [
+            'id' => $this->id,
+            'name' => $this->name,
+            'email' => $this->email,
+            'mobileNumber' => $this->mobileNumber,
+            'city' => $this->city,
+        ];
+    }
+}
--- a/backend/app/Http/Controllers/AuthenticatedUserController.php
+++ b/backend/app/Http/Controllers/AuthenticatedUserController.php
@ -0,0 +1,48 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Data\UserDTO;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class AuthenticatedUserController extends Controller
+{
+    public function store(Request $request)
+    {
+        $data = $request->validate([
+            'email' => 'required|email',
+            'password' => 'required|string',
+        ]);
+        if (Auth::attempt($data)) {
+            $request->session()->regenerate();
+
+            return response()->json(['message' => 'Successfully logged in']);
+        }
+
+        return response()->json(['message' => 'Invalid credentials'], 401);
+    }
+
+    public function destroy(Request $request)
+    {
+        Auth::logout();
+        $request->session()->invalidate();
+        $request->session()->regenerateToken();
+
+        return response()->json(['message' => 'Successfully logged out']);
+    }
+
+    public function show()
+    {
+        $user = Auth::user();
+        $userDto = new UserDTO(
+            id: $user->id,
+            name: $user->name,
+            email: $user->email,
+            mobileNumber: $user->mobile_number,
+            city: $user->city
+        );
+
+        return response()->json($userDto->toArray());
+    }
+}
--- a/backend/config/cors.php
+++ b/backend/config/cors.php
@ -15,11 +15,11 @@
    |
    */

-    'paths' => ['api/*', 'sanctum/csrf-cookie'],
+    'paths' => ['api/*', 'sanctum/csrf-cookie', 'login'],

    'allowed_methods' => ['*'],

-    'allowed_origins' => ['*'],
+    'allowed_origins' => [env('FRONTEND_URL', 'http://localhost:4200')],

    'allowed_origins_patterns' => [],

@ -29,6 +29,6 @@

    'max_age' => 0,

-    'supports_credentials' => false,
+    'supports_credentials' => true,

 ];
--- a/backend/routes/api.php
+++ b/backend/routes/api.php
@ -1,13 +1,14 @@
 <?php

+use App\Http\Controllers\AuthenticatedUserController;
 use App\Http\Controllers\RegisteredUserController;
-use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Route;

-Route::get('/user', function (Request $request) {
-    return $request->user();
-})->middleware('auth:sanctum');
-
 Route::middleware('guest')->group(function () {
    Route::post('/register', RegisteredUserController::class);
 });
+
+Route::middleware('auth:sanctum')->group(function () {
+    Route::get('/user', [AuthenticatedUserController::class, 'show']);
+    Route::post('/logout', [AuthenticatedUserController::class, 'destroy']);
+});
--- a/backend/routes/web.php
+++ b/backend/routes/web.php
@ -1,7 +1,11 @@
 <?php

+use App\Http\Controllers\AuthenticatedUserController;
 use Illuminate\Support\Facades\Route;

 Route::get('/', function () {
    return view('welcome');
 });
+
+// We are using sanctum for SPA, which requires web guard
+Route::post('/login', [AuthenticatedUserController::class, 'store']);