solocla/casadoc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reorganize and cleanup php server code

Browse Source
This commit is contained in:
Joseph D'Souza
2026-02-06 13:12:38 +01:00
parent bf2f18f847
commit a6785f26db
3103 changed files with 494 additions and 351462 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/app/Http/Controllers/Api/ApiController.php
+112
View File
@@ -0,0 +1,112 @@
<?php
namespace Vanguard\Http\Controllers\Api;
use Illuminate\Http\Response;
use Vanguard\Http\Controllers\Controller;
abstract class ApiController extends Controller
{
protected $statusCode = Response::HTTP_OK;
/**
* Getter for statusCode
*
* @return int
*/
public function getStatusCode()
{
return $this->statusCode;
}
/**
* Setter for statusCode
*
* @param int $statusCode Value to set
*
* @return self
*/
public function setStatusCode($statusCode)
{
$this->statusCode = $statusCode;
return $this;
}
protected function respondWithSuccess($statusCode = Response::HTTP_OK)
{
return $this->setStatusCode($statusCode)
->respondWithArray(['success' => true]);
}
protected function respondWithArray(array $array, array $headers = [])
{
$response = \Response::json($array, $this->statusCode, $headers);
$response->header('Content-Type', 'application/json');
return $response;
}
protected function respondWithError($message)
{
if ($this->statusCode === Response::HTTP_OK) {
trigger_error(
"You better have a really good reason for erroring on a 200...",
E_USER_WARNING
);
}
return $this->respondWithArray([
'message' => $message
]);
}
/**
* Generates a Response with a 403 HTTP header and a given message.
*
* @param string $message
* @return \Illuminate\Http\JsonResponse
*/
public function errorForbidden($message = 'Forbidden')
{
return $this->setStatusCode(Response::HTTP_FORBIDDEN)
->respondWithError($message);
}
/**
* Generates a Response with a 500 HTTP header and a given message.
*
* @param string $message
* @return \Illuminate\Http\JsonResponse
*/
public function errorInternalError($message = 'Internal Error')
{
return $this->setStatusCode(Response::HTTP_INTERNAL_SERVER_ERROR)
->respondWithError($message);
}
/**
* Generates a Response with a 404 HTTP header and a given message.
*
* @param string $message
* @return \Illuminate\Http\JsonResponse
*/
public function errorNotFound($message = 'Resource Not Found')
{
return $this->setStatusCode(Response::HTTP_NOT_FOUND)
->respondWithError($message);
}
/**
* Generates a Response with a 401 HTTP header and a given message.
*
* @param string $message
* @return \Illuminate\Http\JsonResponse
*/
public function errorUnauthorized($message = 'Unauthorized')
{
return $this->setStatusCode(Response::HTTP_UNAUTHORIZED)
->respondWithError($message);
}
}
server/app/Http/Controllers/Api/Auth/AuthController.php
+88
View File
@@ -0,0 +1,88 @@
<?php
namespace Vanguard\Http\Controllers\Api\Auth;
use Illuminate\Contracts\Container\BindingResolutionException;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;
use Vanguard\Events\User\LoggedIn;
use Vanguard\Events\User\LoggedOut;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Auth\ApiLoginRequest;
use Vanguard\User;
/**
* Class LoginController
* @package Vanguard\Http\Controllers\Api\Auth
*/
class AuthController extends ApiController
{
public function __construct()
{
$this->middleware('guest')->only('login');
$this->middleware('auth')->only('logout');
}
/**
* Attempt to log the user in and generate unique
* JWT token on successful authentication.
*
* @param ApiLoginRequest $request
* @return JsonResponse|Response
* @throws BindingResolutionException
* @throws ValidationException
*/
public function token(ApiLoginRequest $request)
{
$user = $this->findUser($request);
if ($user->isBanned()) {
return $this->errorUnauthorized(__('Your account is banned by administrators.'));
}
Auth::setUser($user);
event(new LoggedIn);
return $this->respondWithArray([
'token' => $user->createToken($request->device_name)->plainTextToken
]);
}
/**
* Find the user instance from the API request.
*
* @param ApiLoginRequest $request
* @return mixed
* @throws BindingResolutionException
* @throws ValidationException
*/
private function findUser(ApiLoginRequest $request)
{
$user = User::where($request->getCredentials())->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
throw ValidationException::withMessages([
'username' => [trans('auth.failed')],
]);
}
return $user;
}
/**
* Logout user and invalidate token.
* @return JsonResponse
*/
public function logout()
{
event(new LoggedOut);
auth()->user()->currentAccessToken()->delete();
return $this->respondWithSuccess();
}
}
server/app/Http/Controllers/Api/Auth/Password/RemindController.php
+33
View File
@@ -0,0 +1,33 @@
<?php
namespace Vanguard\Http\Controllers\Api\Auth\Password;
use Password;
use Vanguard\Events\User\RequestedPasswordResetEmail;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Auth\PasswordRemindRequest;
use Vanguard\Mail\ResetPassword;
use Vanguard\Repositories\User\UserRepository;
class RemindController extends ApiController
{
/**
* Send a reset link to the given user.
*
* @param PasswordRemindRequest $request
* @param UserRepository $users
* @return \Illuminate\Http\JsonResponse
*/
public function index(PasswordRemindRequest $request, UserRepository $users)
{
$user = $users->findByEmail($request->email);
$token = Password::getRepository()->create($user);
\Mail::to($user)->send(new ResetPassword($token));
event(new RequestedPasswordResetEmail($user));
return $this->respondWithSuccess();
}
}
server/app/Http/Controllers/Api/Auth/Password/ResetController.php
+48
View File
@@ -0,0 +1,48 @@
<?php
namespace Vanguard\Http\Controllers\Api\Auth\Password;
use Illuminate\Auth\Events\PasswordReset;
use Password;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Auth\PasswordResetRequest;
class ResetController extends ApiController
{
/**
* Reset the given user's password.
*
* @param PasswordResetRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function index(PasswordResetRequest $request)
{
$response = Password::reset($request->credentials(), function ($user, $password) {
$this->resetPassword($user, $password);
});
switch ($response) {
case Password::PASSWORD_RESET:
return $this->respondWithSuccess();
default:
return $this->setStatusCode(400)
->respondWithError(trans($response));
}
}
/**
* Reset the given user's password.
*
* @param \Illuminate\Contracts\Auth\CanResetPassword $user
* @param string $password
* @return void
*/
protected function resetPassword($user, $password)
{
$user->password = $password;
$user->save();
event(new PasswordReset($user));
}
}
server/app/Http/Controllers/Api/Auth/RegistrationController.php
+61
View File
@@ -0,0 +1,61 @@
<?php
namespace Vanguard\Http\Controllers\Api\Auth;
use Illuminate\Auth\Events\Registered;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Auth\RegisterRequest;
use Vanguard\Repositories\Role\RoleRepository;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Support\Enum\UserStatus;
class RegistrationController extends ApiController
{
public function __construct(private UserRepository $users, private RoleRepository $roles)
{
}
/**
* @param RegisterRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function index(RegisterRequest $request)
{
$role = $this->roles->findByName('User');
$user = $this->users->create(
array_merge($request->validFormData(), ['role_id' => $role->id])
);
event(new Registered($user));
return $this->setStatusCode(201)
->respondWithArray([
'requires_email_confirmation' => !! setting('reg_email_confirmation')
]);
}
/**
* Verify email via email confirmation token.
* @param $token
* @return \Illuminate\Http\JsonResponse
*/
public function verifyEmail($token)
{
if (! setting('reg_email_confirmation')) {
return $this->errorNotFound();
}
if ($user = $this->users->findByConfirmationToken($token)) {
$this->users->update($user->id, [
'status' => UserStatus::ACTIVE,
'confirmation_token' => null
]);
return $this->respondWithSuccess();
}
return $this->setStatusCode(400)
->respondWithError("Invalid confirmation token.");
}
}
server/app/Http/Controllers/Api/Auth/SocialLoginController.php
+54
View File
@@ -0,0 +1,54 @@
<?php
namespace Vanguard\Http\Controllers\Api\Auth;
use Auth;
use Exception;
use Socialite;
use Vanguard\Events\User\LoggedIn;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Auth\Social\ApiAuthenticateRequest;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Services\Auth\Social\SocialManager;
class SocialLoginController extends ApiController
{
public function __construct(private UserRepository $users, private SocialManager $socialManager)
{
}
public function index(ApiAuthenticateRequest $request)
{
\Log::info('Social Login Hit: ' . $request->network);
try {
$socialUser = Socialite::driver($request->network)->userFromToken($request->social_token);
} catch (Exception $e) {
return $this->errorInternalError("Could not connect to specified social network.");
}
$user = $this->users->findBySocialId(
$request->network,
$socialUser->getId()
);
if (! $user) {
if (! setting('reg_enabled')) {
return $this->errorForbidden("Only users who already created an account can log in.");
}
$user = $this->socialManager->associate($socialUser, $request->network);
}
if ($user->isBanned()) {
return $this->errorForbidden(__("Your account is banned by administrators."));
}
Auth::setUser($user);
event(new LoggedIn);
return $this->respondWithArray([
'token' => $user->createToken($request->device_name)->plainTextToken
]);
}
}
server/app/Http/Controllers/Api/Auth/VerificationController.php
+104
View File
@@ -0,0 +1,104 @@
<?php
namespace Vanguard\Http\Controllers\Api\Auth;
use Illuminate\Auth\Access\AuthorizationException;
use Illuminate\Auth\Events\Verified;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Routing\Exceptions\InvalidSignatureException;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Auth\ApiVerifyEmailRequest;
class VerificationController extends ApiController
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('throttle:6,1')->only('resend');
}
/**
* Mark the authenticated user's email address as verified.
*
* @param ApiVerifyEmailRequest $request
* @return \Illuminate\Http\JsonResponse
*
* @throws AuthorizationException
*/
public function verify(ApiVerifyEmailRequest $request)
{
if (! setting('reg_email_confirmation')) {
return $this->errorNotFound();
}
$this->verifySignature($request);
if ($request->user()->hasVerifiedEmail()) {
return $this->emailAlreadyVerifiedResponse();
}
if ($request->user()->markEmailAsVerified()) {
event(new Verified($request->user()));
}
return $this->respondWithSuccess();
}
/**
* Verify request signature.
*
* @param ApiVerifyEmailRequest $baseRequest
* @throws AuthorizationException
*/
private function verifySignature(ApiVerifyEmailRequest $baseRequest)
{
$request = Request::create(
route('verification.verify', $baseRequest->only('id', 'hash')),
Request::METHOD_GET,
$baseRequest->only('expires', 'signature')
);
if (! $request->hasValidSignature()) {
throw new InvalidSignatureException;
}
if (! hash_equals((string) $baseRequest->id, (string) auth()->user()->getKey())) {
throw new AuthorizationException;
}
if (! hash_equals((string) $baseRequest->hash, sha1(auth()->user()->getEmailForVerification()))) {
throw new AuthorizationException;
}
}
/**
* @return \Illuminate\Http\JsonResponse
*/
protected function emailAlreadyVerifiedResponse()
{
return $this->setStatusCode(Response::HTTP_BAD_REQUEST)
->respondWithError(__('E-Mail already verified.'));
}
/**
* Resend the email verification notification.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\JsonResponse
*/
public function resend(Request $request)
{
if ($request->user()->hasVerifiedEmail()) {
return $this->emailAlreadyVerifiedResponse();
}
$request->user()->sendEmailVerificationNotification();
return $this->respondWithSuccess(Response::HTTP_ACCEPTED);
}
}
server/app/Http/Controllers/Api/Authorization/PermissionsController.php
+98
View File
@@ -0,0 +1,98 @@
<?php
namespace Vanguard\Http\Controllers\Api\Authorization;
use Spatie\QueryBuilder\AllowedFilter;
use Spatie\QueryBuilder\QueryBuilder;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Permission\CreatePermissionRequest;
use Vanguard\Http\Requests\Permission\RemovePermissionRequest;
use Vanguard\Http\Requests\Permission\UpdatePermissionRequest;
use Vanguard\Http\Resources\PermissionResource;
use Vanguard\Permission;
use Vanguard\Repositories\Permission\PermissionRepository;
/**
* @package Vanguard\Http\Controllers\Api\Users
*/
class PermissionsController extends ApiController
{
public function __construct(private PermissionRepository $permissions)
{
$this->middleware('permission:permissions.manage');
}
/**
* Get all system permissions.
* @return \Illuminate\Http\Resources\Json\AnonymousResourceCollection
*/
public function index()
{
$permissions = QueryBuilder::for(Permission::class)
->allowedFilters([
AllowedFilter::partial('name'),
AllowedFilter::partial('display_name'),
AllowedFilter::exact('role', 'role_id'),
])
->allowedSorts(['name', 'created_at'])
->defaultSort('created_at')
->paginate();
return PermissionResource::collection($permissions);
}
/**
* Create new permission from request.
* @param CreatePermissionRequest $request
* @return PermissionResource
*/
public function store(CreatePermissionRequest $request)
{
$permission = $this->permissions->create(
$request->only(['name', 'display_name', 'description'])
);
return new PermissionResource($permission);
}
/**
* Get info about specified permission.
* @param Permission $permission
* @return PermissionResource
*/
public function show(Permission $permission)
{
return new PermissionResource($permission);
}
/**
* Update specified permission.
* @param Permission $permission
* @param UpdatePermissionRequest $request
* @return PermissionResource
*/
public function update(Permission $permission, UpdatePermissionRequest $request)
{
$input = collect($request->all());
$permission = $this->permissions->update(
$permission->id,
$input->only(['name', 'display_name', 'description'])->toArray()
);
return new PermissionResource($permission);
}
/**
* Remove specified permission from storage.
* @param Permission $permission
* @param RemovePermissionRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function destroy(Permission $permission, RemovePermissionRequest $request)
{
$this->permissions->delete($permission->id);
return $this->respondWithSuccess();
}
}
server/app/Http/Controllers/Api/Authorization/RolePermissionsController.php
+44
View File
@@ -0,0 +1,44 @@
<?php
namespace Vanguard\Http\Controllers\Api\Authorization;
use Vanguard\Events\Role\PermissionsUpdated;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Role\UpdateRolePermissionsRequest;
use Vanguard\Http\Resources\PermissionResource;
use Vanguard\Repositories\Role\RoleRepository;
use Vanguard\Role;
/**
* @package Vanguard\Http\Controllers\Api
*/
class RolePermissionsController extends ApiController
{
public function __construct(private RoleRepository $roles)
{
$this->middleware('permission:permissions.manage');
}
public function show(Role $role)
{
return PermissionResource::collection($role->cachedPermissions());
}
/**
* Update specified role.
* @param Role $role
* @param UpdateRolePermissionsRequest $request
* @return \Illuminate\Http\Resources\Json\AnonymousResourceCollection
*/
public function update(Role $role, UpdateRolePermissionsRequest $request)
{
$this->roles->updatePermissions(
$role->id,
$request->permissions
);
event(new PermissionsUpdated);
return PermissionResource::collection($role->cachedPermissions());
}
}
server/app/Http/Controllers/Api/Authorization/RolesController.php
+107
View File
@@ -0,0 +1,107 @@
<?php
namespace Vanguard\Http\Controllers\Api\Authorization;
use Cache;
use Spatie\QueryBuilder\QueryBuilder;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\Role\CreateRoleRequest;
use Vanguard\Http\Requests\Role\RemoveRoleRequest;
use Vanguard\Http\Requests\Role\UpdateRoleRequest;
use Vanguard\Http\Resources\RoleResource;
use Vanguard\Repositories\Role\RoleRepository;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Role;
/**
* @package Vanguard\Http\Controllers\Api\Users
*/
class RolesController extends ApiController
{
public function __construct(private RoleRepository $roles)
{
$this->middleware('permission:roles.manage');
}
/**
* Get all system roles with users count for each role.
* @return \Illuminate\Http\Resources\Json\AnonymousResourceCollection
*/
public function index()
{
$roles = QueryBuilder::for(Role::class)
->allowedIncludes(RoleResource::allowedIncludes())
->allowedFilters(['name'])
->allowedSorts(['name', 'created_at'])
->defaultSort('created_at')
->paginate();
return RoleResource::collection($roles);
}
/**
* Create new role from the request.
* @param CreateRoleRequest $request
* @return RoleResource
*/
public function store(CreateRoleRequest $request)
{
$role = $this->roles->create(
$request->only(['name', 'display_name', 'description'])
);
return new RoleResource($role);
}
/**
* Return info about specified role.
* @param $id
* @return RoleResource
*/
public function show($id)
{
$role = QueryBuilder::for(Role::where('id', $id))
->allowedIncludes(RoleResource::allowedIncludes())
->first();
return new RoleResource($role);
}
/**
* Update specified role.
* @param Role $role
* @param UpdateRoleRequest $request
* @return RoleResource
*/
public function update(Role $role, UpdateRoleRequest $request)
{
$input = collect($request->all());
$role = $this->roles->update(
$role->id,
$input->only(['name', 'display_name', 'description'])->toArray()
);
return new RoleResource($role);
}
/**
* Remove specified role (if role is removable).
* @param Role $role
* @param UserRepository $users
* @param RemoveRoleRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function destroy(Role $role, UserRepository $users, RemoveRoleRequest $request)
{
$userRole = $this->roles->findByName('User');
$users->switchRolesForUsers($role->id, $userRole->id);
$this->roles->delete($role->id);
Cache::flush();
return $this->respondWithSuccess();
}
}
server/app/Http/Controllers/Api/CountriesController.php
+31
View File
@@ -0,0 +1,31 @@
<?php
namespace Vanguard\Http\Controllers\Api;
use Vanguard\Http\Resources\CountryResource;
use Vanguard\Repositories\Country\CountryRepository;
/**
* @package Vanguard\Http\Controllers\Api
*/
class CountriesController extends ApiController
{
/**
* @var CountryRepository
*/
private $countries;
public function __construct(CountryRepository $countries)
{
$this->countries = $countries;
}
/**
* Get list of all available countries.
* @return \Illuminate\Http\Resources\Json\AnonymousResourceCollection
*/
public function index()
{
return CountryResource::collection($this->countries->all());
}
}
server/app/Http/Controllers/Api/Profile/AuthDetailsController.php
+32
View File
@@ -0,0 +1,32 @@
<?php
namespace Vanguard\Http\Controllers\Api\Profile;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\User\UpdateProfileLoginDetailsRequest;
use Vanguard\Http\Resources\UserResource;
use Vanguard\Repositories\User\UserRepository;
/**
* @package Vanguard\Http\Controllers\Api\Profile
*/
class AuthDetailsController extends ApiController
{
/**
* Updates user profile details.
*
* @param UpdateProfileLoginDetailsRequest $request
* @param UserRepository $users
* @return UserResource
*/
public function update(UpdateProfileLoginDetailsRequest $request, UserRepository $users)
{
$user = $request->user();
$data = $request->only(['email', 'username', 'password']);
$user = $users->update($user->id, $data);
return new UserResource($user);
}
}
server/app/Http/Controllers/Api/Profile/AvatarController.php
+86
View File
@@ -0,0 +1,86 @@
<?php
namespace Vanguard\Http\Controllers\Api\Profile;
use Illuminate\Http\Request;
use Vanguard\Events\User\ChangedAvatar;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\User\UploadAvatarRawRequest;
use Vanguard\Http\Resources\UserResource;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Services\Upload\UserAvatarManager;
/**
* @package Vanguard\Http\Controllers\Api\Profile
*/
class AvatarController extends ApiController
{
public function __construct(private UserRepository $users, private UserAvatarManager $avatarManager)
{
}
/**
* @param UploadAvatarRawRequest $request
* @return UserResource
*/
public function update(UploadAvatarRawRequest $request)
{
$name = $this->avatarManager->uploadAndCropAvatar(
$request->file('file')
);
$user = $this->users->update(
auth()->id(),
['avatar' => $name]
);
event(new ChangedAvatar);
return new UserResource($user);
}
/**
* @param Request $request
* @return UserResource
* @throws \Illuminate\Validation\ValidationException
*/
public function updateExternal(Request $request)
{
$this->validate($request, [
'url' => 'required|url'
]);
$this->avatarManager->deleteAvatarIfUploaded(
auth()->user()
);
$user = $this->users->update(
auth()->id(),
['avatar' => $request->url]
);
event(new ChangedAvatar);
return new UserResource($user);
}
/**
* Remove avatar for currently authenticated user and set it to null.
* @return UserResource
*/
public function destroy()
{
$user = auth()->user();
$this->avatarManager->deleteAvatarIfUploaded($user);
$user = $this->users->update(
$user->id,
['avatar' => null]
);
event(new ChangedAvatar);
return new UserResource($user);
}
}
server/app/Http/Controllers/Api/Profile/DetailsController.php
+52
View File
@@ -0,0 +1,52 @@
<?php
namespace Vanguard\Http\Controllers\Api\Profile;
use Vanguard\Events\User\UpdatedProfileDetails;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\User\UpdateProfileDetailsRequest;
use Vanguard\Http\Resources\UserResource;
use Vanguard\Repositories\User\UserRepository;
/**
* @package Vanguard\Http\Controllers\Api\Profile
*/
class DetailsController extends ApiController
{
/**
* Handle user details request.
* @return UserResource
*/
public function index()
{
return new UserResource(auth()->user());
}
/**
* Updates user profile details.
* @param UpdateProfileDetailsRequest $request
* @param UserRepository $users
* @return UserResource
*/
public function update(UpdateProfileDetailsRequest $request, UserRepository $users)
{
$user = $request->user();
$data = collect($request->all());
$data = $data->only([
'first_name', 'last_name', 'birthday',
'phone', 'address', 'country_id'
])->toArray();
if (! isset($data['country_id'])) {
$data['country_id'] = $user->country_id;
}
$user = $users->update($user->id, $data);
event(new UpdatedProfileDetails);
return new UserResource($user);
}
}
server/app/Http/Controllers/Api/Profile/SessionsController.php
+31
View File
@@ -0,0 +1,31 @@
<?php
namespace Vanguard\Http\Controllers\Api\Profile;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Resources\SessionResource;
use Vanguard\Repositories\Session\SessionRepository;
/**
* @package Vanguard\Http\Controllers\Api\Profile
*/
class SessionsController extends ApiController
{
public function __construct()
{
$this->middleware('auth');
$this->middleware('session.database');
}
/**
* Handle user details request.
* @param SessionRepository $sessions
* @return \Illuminate\Http\Resources\Json\AnonymousResourceCollection
*/
public function index(SessionRepository $sessions)
{
$sessions = $sessions->getUserSessions(auth()->id());
return SessionResource::collection($sessions);
}
}
server/app/Http/Controllers/Api/Profile/TwoFactorController.php
+96
View File
@@ -0,0 +1,96 @@
<?php
namespace Vanguard\Http\Controllers\Api\Profile;
use Authy;
use Vanguard\Events\User\TwoFactorDisabled;
use Vanguard\Events\User\TwoFactorEnabled;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\TwoFactor\EnableTwoFactorRequest;
use Vanguard\Http\Requests\TwoFactor\VerifyTwoFactorTokenRequest;
use Vanguard\Http\Resources\UserResource;
/**
* @package Vanguard\Http\Controllers\Api\Profile
*/
class TwoFactorController extends ApiController
{
/**
* Enable 2FA for specified user.
* @param EnableTwoFactorRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function update(EnableTwoFactorRequest $request)
{
$user = auth()->user();
if (Authy::isEnabled($user)) {
return $this->setStatusCode(422)
->respondWithError("2FA is already enabled for this user.");
}
$user->setAuthPhoneInformation(
$request->country_code,
$request->phone_number
);
Authy::register($user);
$user->save();
Authy::sendTwoFactorVerificationToken($user);
return $this->respondWithArray([
'message' => 'Verification token sent.'
]);
}
/**
* Verify provided 2FA token.
*
* @param VerifyTwoFactorTokenRequest $request
* @return \Illuminate\Http\JsonResponse|UserResource
*/
public function verify(VerifyTwoFactorTokenRequest $request)
{
$user = auth()->user();
if (! Authy::tokenIsValid($user, $request->token)) {
return $this->setStatusCode(422)
->respondWithError("Invalid 2FA token.");
}
$user->setTwoFactorAuthProviderOptions(array_merge(
$user->getTwoFactorAuthProviderOptions(),
['enabled' => true]
));
$user->save();
event(new TwoFactorEnabled);
return new UserResource($user);
}
/**
* Disable 2FA for currently authenticated user.
* @return \Illuminate\Http\JsonResponse|UserResource
*/
public function destroy()
{
$user = auth()->user();
if (! Authy::isEnabled($user)) {
return $this->setStatusCode(422)
->respondWithError("2FA is not enabled for this user.");
}
Authy::delete($user);
$user->save();
event(new TwoFactorDisabled);
return new UserResource($user);
}
}
server/app/Http/Controllers/Api/SessionsController.php
+46
View File
@@ -0,0 +1,46 @@
<?php
namespace Vanguard\Http\Controllers\Api;
use Vanguard\Http\Resources\SessionResource;
use Vanguard\Repositories\Session\SessionRepository;
/**
* Class SessionsController
* @package Vanguard\Http\Controllers\Api\Users
*/
class SessionsController extends ApiController
{
public function __construct(private SessionRepository $sessions)
{
$this->middleware('session.database');
}
/**
* Get info about specified session.
* @param $session
* @return SessionResource
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function show($session)
{
$this->authorize('manage-session', $session);
return new SessionResource($session);
}
/**
* Destroy specified session.
* @param $session
* @return \Illuminate\Http\JsonResponse
* @throws \Illuminate\Auth\Access\AuthorizationException
*/
public function destroy($session)
{
$this->authorize('manage-session', $session);
$this->sessions->invalidateSession($session->id);
return $this->respondWithSuccess();
}
}
server/app/Http/Controllers/Api/SettingsController.php
+24
View File
@@ -0,0 +1,24 @@
<?php
namespace Vanguard\Http\Controllers\Api;
use Setting;
/**
* @package Vanguard\Http\Controllers\Api\Settings
*/
class SettingsController extends ApiController
{
public function __construct()
{
$this->middleware('permission:settings.general');
}
/**
* System settings.
* @return \Illuminate\Http\JsonResponse
*/
public function index()
{
return response()->json(Setting::all());
}
}
server/app/Http/Controllers/Api/StatsController.php
+45
View File
@@ -0,0 +1,45 @@
<?php
namespace Vanguard\Http\Controllers\Api;
use Carbon\Carbon;
use Vanguard\Http\Resources\UserResource;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Support\Enum\UserStatus;
/**
* @package Vanguard\Http\Controllers\Api
*/
class StatsController extends ApiController
{
public function __construct(private UserRepository $users)
{
$this->middleware('role:Admin');
}
/**
* @return \Illuminate\Http\JsonResponse|mixed
*/
public function index()
{
$usersPerMonth = $this->users->countOfNewUsersPerMonth(
Carbon::now()->subYear()->startOfMonth(),
Carbon::now()->endOfMonth()
);
$usersPerStatus = [
'total' => $this->users->count(),
'new' => $this->users->newUsersCount(),
'banned' => $this->users->countByStatus(UserStatus::BANNED),
'unconfirmed' => $this->users->countByStatus(UserStatus::UNCONFIRMED)
];
$users = UserResource::collection($this->users->latest(7));
return $this->respondWithArray([
'users_per_month' => $usersPerMonth,
'users_per_status' => $usersPerStatus,
'latest_registrations' => $users->resolve()
]);
}
}
server/app/Http/Controllers/Api/Users/AvatarController.php
+77
View File
@@ -0,0 +1,77 @@
<?php
namespace Vanguard\Http\Controllers\Api\Users;
use Illuminate\Http\Request;
use Vanguard\Events\User\UpdatedByAdmin;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\User\UploadAvatarRawRequest;
use Vanguard\Http\Resources\UserResource;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Services\Upload\UserAvatarManager;
use Vanguard\User;
/**
* @package Vanguard\Http\Controllers\Api\Users
*/
class AvatarController extends ApiController
{
public function __construct(private UserRepository $users, private UserAvatarManager $avatarManager)
{
$this->middleware('permission:users.manage');
}
/**
* @param User $user
* @param UploadAvatarRawRequest $request
* @return UserResource
*/
public function update(User $user, UploadAvatarRawRequest $request)
{
$name = $this->avatarManager->uploadAndCropAvatar($request->file('file'));
$user = $this->users->update($user->id, ['avatar' => $name]);
event(new UpdatedByAdmin($user));
return new UserResource($user);
}
/**
* Update user's avatar to external resource.
*
* @param User $user
* @param Request $request
* @return UserResource
* @throws \Illuminate\Validation\ValidationException
*/
public function updateExternal(User $user, Request $request)
{
$this->validate($request, ['url' => 'required|url']);
$this->avatarManager->deleteAvatarIfUploaded($user);
$user = $this->users->update($user->id, ['avatar' => $request->url]);
event(new UpdatedByAdmin($user));
return new UserResource($user);
}
/**
* Remove user's avatar and set it to null.
*
* @param User $user
* @return UserResource
*/
public function destroy(User $user)
{
$this->avatarManager->deleteAvatarIfUploaded($user);
$user = $this->users->update($user->id, ['avatar' => null]);
event(new UpdatedByAdmin($user));
return new UserResource($user);
}
}
server/app/Http/Controllers/Api/Users/SessionsController.php
+33
View File
@@ -0,0 +1,33 @@
<?php
namespace Vanguard\Http\Controllers\Api\Users;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Resources\SessionResource;
use Vanguard\Repositories\Session\SessionRepository;
use Vanguard\User;
/**
* @package Vanguard\Http\Controllers\Api\Users
*/
class SessionsController extends ApiController
{
public function __construct()
{
$this->middleware('permission:users.manage');
$this->middleware('session.database');
}
/**
* Get sessions for specified user.
* @param User $user
* @param SessionRepository $sessions
* @return \Illuminate\Http\Resources\Json\AnonymousResourceCollection
*/
public function index(User $user, SessionRepository $sessions)
{
return SessionResource::collection(
$sessions->getUserSessions($user->id)
);
}
}
server/app/Http/Controllers/Api/Users/TwoFactorController.php
+96
View File
@@ -0,0 +1,96 @@
<?php
namespace Vanguard\Http\Controllers\Api\Users;
use Authy;
use Vanguard\Events\User\TwoFactorDisabledByAdmin;
use Vanguard\Events\User\TwoFactorEnabledByAdmin;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Requests\TwoFactor\EnableTwoFactorRequest;
use Vanguard\Http\Requests\TwoFactor\VerifyTwoFactorTokenRequest;
use Vanguard\Http\Resources\UserResource;
use Vanguard\User;
/**
* @package Vanguard\Http\Controllers\Api\Users
*/
class TwoFactorController extends ApiController
{
public function __construct()
{
$this->middleware('permission:users.manage');
}
/**
* Enable 2FA for specified user.
* @param User $user
* @param EnableTwoFactorRequest $request
* @return \Illuminate\Http\JsonResponse
*/
public function update(User $user, EnableTwoFactorRequest $request)
{
if (Authy::isEnabled($user)) {
return $this->setStatusCode(422)
->respondWithError("2FA is already enabled for this user.");
}
$user->setAuthPhoneInformation($request->country_code, $request->phone_number);
Authy::register($user);
$user->save();
Authy::sendTwoFactorVerificationToken($user);
return $this->respondWithArray([
'message' => 'Verification token sent.'
]);
}
/**
* Verify provided 2FA token.
*
* @param VerifyTwoFactorTokenRequest $request
* @param User $user
* @return \Illuminate\Http\JsonResponse|UserResource
*/
public function verify(VerifyTwoFactorTokenRequest $request, User $user)
{
if (! Authy::tokenIsValid($user, $request->token)) {
return $this->setStatusCode(422)
->respondWithError("Invalid 2FA token.");
}
$user->setTwoFactorAuthProviderOptions(array_merge(
$user->getTwoFactorAuthProviderOptions(),
['enabled' => true]
));
$user->save();
event(new TwoFactorEnabledByAdmin($user));
return new UserResource($user);
}
/**
* Disable 2FA for specified user.
* @param User $user
* @return \Illuminate\Http\JsonResponse|UserResource
*/
public function destroy(User $user)
{
if (! Authy::isEnabled($user)) {
return $this->setStatusCode(422)
->respondWithError("2FA is not enabled for this user.");
}
Authy::delete($user);
$user->save();
event(new TwoFactorDisabledByAdmin($user));
return new UserResource($user);
}
}
server/app/Http/Controllers/Api/Users/UsersController.php
+140
View File
@@ -0,0 +1,140 @@
<?php
namespace Vanguard\Http\Controllers\Api\Users;
use Illuminate\Http\Request;
use Spatie\QueryBuilder\AllowedFilter;
use Spatie\QueryBuilder\QueryBuilder;
use Vanguard\Events\User\Banned;
use Vanguard\Events\User\Deleted;
use Vanguard\Events\User\UpdatedByAdmin;
use Vanguard\Http\Controllers\Api\ApiController;
use Vanguard\Http\Filters\UserKeywordSearch;
use Vanguard\Http\Requests\User\CreateUserRequest;
use Vanguard\Http\Requests\User\UpdateUserRequest;
use Vanguard\Http\Resources\UserResource;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Support\Enum\UserStatus;
use Vanguard\User;
/**
* @package Vanguard\Http\Controllers\Api\Users
*/
class UsersController extends ApiController
{
public function __construct(private UserRepository $users)
{
$this->middleware('permission:users.manage');
}
/**
* Paginate all users.
* @param Request $request
* @return \Illuminate\Http\Resources\Json\AnonymousResourceCollection
*/
public function index(Request $request)
{
$users = QueryBuilder::for(User::class)
->allowedIncludes(UserResource::allowedIncludes())
->allowedFilters([
AllowedFilter::custom('search', new UserKeywordSearch),
AllowedFilter::exact('status'),
])
->allowedSorts(['id', 'first_name', 'last_name', 'email', 'created_at', 'updated_at'])
->defaultSort('id')
->paginate($request->per_page ?: 20);
return UserResource::collection($users);
}
/**
* Create new user record.
* @param CreateUserRequest $request
* @return UserResource
*/
public function store(CreateUserRequest $request)
{
$data = $request->only([
'email', 'password', 'username', 'first_name', 'last_name',
'phone', 'address', 'country_id', 'birthday', 'role_id'
]);
$data += [
'status' => UserStatus::ACTIVE,
'email_verified_at' => $request->verified ? now() : null
];
$user = $this->users->create($data);
return new UserResource($user);
}
/**
* Show the info about requested user.
* @param $id
* @return UserResource
*/
public function show($id)
{
$user = QueryBuilder::for(User::where('id', $id))
->allowedIncludes(UserResource::allowedIncludes())
->firstOrFail();
return new UserResource($user);
}
/**
* @param User $user
* @param UpdateUserRequest $request
* @return UserResource
*/
public function update(User $user, UpdateUserRequest $request)
{
$data = $request->only([
'email', 'password', 'username', 'first_name', 'last_name',
'phone', 'address', 'country_id', 'birthday', 'status', 'role_id'
]);
$user = $this->users->update($user->id, $data);
event(new UpdatedByAdmin($user));
// If user status was updated to "Banned",
// fire the appropriate event.
if ($this->userIsBanned($user, $request)) {
event(new Banned($user));
}
return new UserResource($user);
}
/**
* Check if user is banned during last update.
*
* @param User $user
* @param Request $request
* @return bool
*/
private function userIsBanned(User $user, Request $request)
{
return $user->status != $request->status && $request->status == UserStatus::BANNED;
}
/**
* Remove specified user from storage.
* @param User $user
* @return \Illuminate\Http\JsonResponse
*/
public function destroy(User $user)
{
if ($user->id == auth()->id()) {
return $this->errorForbidden(__("You cannot delete yourself."));
}
event(new Deleted($user));
$this->users->delete($user->id);
return $this->respondWithSuccess();
}
}