feature: login via sanctum

backend/.env.example

@@ -63,3 +63,4 @@ AWS_BUCKET=
 AWS_USE_PATH_STYLE_ENDPOINT=false
 
 VITE_APP_NAME="${APP_NAME}"
+FRONTEND_URL=http://localhost:4200

backend/app/Contracts/OutputDataTransferObject.php

@@ -4,5 +4,8 @@
 
 interface OutputDataTransferObject
 {
+    /**
+     * @return array<string, mixed>
+     */
     public function toArray(): array;
 }

backend/app/Data/RegisterDTO.php

@@ -5,14 +5,14 @@
 use App\Contracts\InputDataTransferObject;
 use Illuminate\Foundation\Http\FormRequest;
 
-final class RegisterDTO implements InputDataTransferObject
+final readonly class RegisterDTO implements InputDataTransferObject
 {
     public function __construct(
-        public readonly string $name,
-        public readonly string $email,
-        public readonly string $mobileNumber,
-        public readonly string $password,
-        public readonly string $city,
+        public string $name,
+        public string $email,
+        public string $mobileNumber,
+        public string $password,
+        public string $city,
     ) {}
 
     public static function fromRequest(FormRequest $request): InputDataTransferObject

backend/app/Data/UserDTO.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Data;
+
+use App\Contracts\OutputDataTransferObject;
+
+final readonly class UserDTO implements OutputDataTransferObject
+{
+    public function __construct(
+        public int $id,
+        public string $name,
+        public string $email,
+        public string $mobileNumber,
+        public string $city,
+    ) {}
+
+    /**
+     * @return array<string, mixed>
+     */
+    public function toArray(): array
+    {
+        return [
+            'id' => $this->id,
+            'name' => $this->name,
+            'email' => $this->email,
+            'mobileNumber' => $this->mobileNumber,
+            'city' => $this->city,
+        ];
+    }
+}

backend/app/Http/Controllers/AuthenticatedUserController.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Data\UserDTO;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class AuthenticatedUserController extends Controller
+{
+    public function store(Request $request)
+    {
+        $data = $request->validate([
+            'email' => 'required|email',
+            'password' => 'required|string',
+        ]);
+        if (Auth::attempt($data)) {
+            $request->session()->regenerate();
+
+            return response()->json(['message' => 'Successfully logged in']);
+        }
+
+        return response()->json(['message' => 'Invalid credentials'], 401);
+    }
+
+    public function destroy(Request $request)
+    {
+        Auth::logout();
+        $request->session()->invalidate();
+        $request->session()->regenerateToken();
+
+        return response()->json(['message' => 'Successfully logged out']);
+    }
+
+    public function show()
+    {
+        $user = Auth::user();
+        $userDto = new UserDTO(
+            id: $user->id,
+            name: $user->name,
+            email: $user->email,
+            mobileNumber: $user->mobile_number,
+            city: $user->city
+        );
+
+        return response()->json($userDto->toArray());
+    }
+}

backend/config/cors.php

@@ -15,11 +15,11 @@
     |
     */
 
-    'paths' => ['api/*', 'sanctum/csrf-cookie'],
+    'paths' => ['api/*', 'sanctum/csrf-cookie', 'login'],
 
     'allowed_methods' => ['*'],
 
-    'allowed_origins' => ['*'],
+    'allowed_origins' => [env('FRONTEND_URL', 'http://localhost:4200')],
 
     'allowed_origins_patterns' => [],
 
@@ -29,6 +29,6 @@
 
     'max_age' => 0,
 
-    'supports_credentials' => false,
+    'supports_credentials' => true,
 
 ];

backend/routes/api.php

@@ -1,13 +1,14 @@
 <?php
 
+use App\Http\Controllers\AuthenticatedUserController;
 use App\Http\Controllers\RegisteredUserController;
-use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Route;
 
-Route::get('/user', function (Request $request) {
-    return $request->user();
-})->middleware('auth:sanctum');
-
 Route::middleware('guest')->group(function () {
     Route::post('/register', RegisteredUserController::class);
 });
+
+Route::middleware('auth:sanctum')->group(function () {
+    Route::get('/user', [AuthenticatedUserController::class, 'show']);
+    Route::post('/logout', [AuthenticatedUserController::class, 'destroy']);
+});

backend/routes/web.php

@@ -1,7 +1,11 @@
 <?php
 
+use App\Http\Controllers\AuthenticatedUserController;
 use Illuminate\Support\Facades\Route;
 
 Route::get('/', function () {
     return view('welcome');
 });
+
+// We are using sanctum for SPA, which requires web guard
+Route::post('/login', [AuthenticatedUserController::class, 'store']);