feat(auth): Sanctum SPA setup with login/logout/user endpoints
This commit is contained in:
parent
23d1baeb2e
commit
f31739ed43
5 changed files with 149 additions and 26 deletions
68
backend/app/Http/Kernel.php
Normal file
68
backend/app/Http/Kernel.php
Normal file
|
|
@ -0,0 +1,68 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http;
|
||||||
|
|
||||||
|
use Illuminate\Foundation\Http\Kernel as HttpKernel;
|
||||||
|
|
||||||
|
class Kernel extends HttpKernel
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* The application's global HTTP middleware stack.
|
||||||
|
*
|
||||||
|
* These middleware are run during every request to your application.
|
||||||
|
*
|
||||||
|
* @var array<int, class-string|string>
|
||||||
|
*/
|
||||||
|
protected $middleware = [
|
||||||
|
// \App\Http\Middleware\TrustHosts::class,
|
||||||
|
\App\Http\Middleware\TrustProxies::class,
|
||||||
|
\Illuminate\Http\Middleware\HandleCors::class,
|
||||||
|
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
|
||||||
|
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
|
||||||
|
\App\Http\Middleware\TrimStrings::class,
|
||||||
|
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
|
||||||
|
];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The application's route middleware groups.
|
||||||
|
*
|
||||||
|
* @var array<string, array<int, class-string|string>>
|
||||||
|
*/
|
||||||
|
protected $middlewareGroups = [
|
||||||
|
'web' => [
|
||||||
|
\App\Http\Middleware\EncryptCookies::class,
|
||||||
|
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
|
||||||
|
\Illuminate\Session\Middleware\StartSession::class,
|
||||||
|
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
|
||||||
|
\App\Http\Middleware\VerifyCsrfToken::class,
|
||||||
|
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||||
|
],
|
||||||
|
|
||||||
|
'api' => [
|
||||||
|
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
|
||||||
|
\Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
|
||||||
|
\Illuminate\Routing\Middleware\SubstituteBindings::class,
|
||||||
|
],
|
||||||
|
];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The application's middleware aliases.
|
||||||
|
*
|
||||||
|
* Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
|
||||||
|
*
|
||||||
|
* @var array<string, class-string|string>
|
||||||
|
*/
|
||||||
|
protected $middlewareAliases = [
|
||||||
|
'auth' => \App\Http\Middleware\Authenticate::class,
|
||||||
|
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
|
||||||
|
'auth.session' => \Illuminate\Session\Middleware\AuthenticateSession::class,
|
||||||
|
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
|
||||||
|
'can' => \Illuminate\Auth\Middleware\Authorize::class,
|
||||||
|
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
|
||||||
|
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
|
||||||
|
'precognitive' => \Illuminate\Foundation\Http\Middleware\HandlePrecognitiveRequests::class,
|
||||||
|
'signed' => \App\Http\Middleware\ValidateSignature::class,
|
||||||
|
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
|
||||||
|
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
@ -1,34 +1,12 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
return [
|
return [
|
||||||
|
|
||||||
/*
|
|
||||||
|--------------------------------------------------------------------------
|
|
||||||
| Cross-Origin Resource Sharing (CORS) Configuration
|
|
||||||
|--------------------------------------------------------------------------
|
|
||||||
|
|
|
||||||
| Here you may configure your settings for cross-origin resource sharing
|
|
||||||
| or "CORS". This determines what cross-origin operations may execute
|
|
||||||
| in web browsers. You are free to adjust these settings as needed.
|
|
||||||
|
|
|
||||||
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
|
||||||
|
|
|
||||||
*/
|
|
||||||
|
|
||||||
'paths' => ['api/*', 'sanctum/csrf-cookie'],
|
'paths' => ['api/*', 'sanctum/csrf-cookie'],
|
||||||
|
|
||||||
'allowed_methods' => ['*'],
|
'allowed_methods' => ['*'],
|
||||||
|
'allowed_origins' => [env('FRONTEND_URL', 'http://localhost:3000')],
|
||||||
'allowed_origins' => ['*'],
|
|
||||||
|
|
||||||
'allowed_origins_patterns' => [],
|
'allowed_origins_patterns' => [],
|
||||||
|
|
||||||
'allowed_headers' => ['*'],
|
'allowed_headers' => ['*'],
|
||||||
|
|
||||||
'exposed_headers' => [],
|
'exposed_headers' => [],
|
||||||
|
|
||||||
'max_age' => 0,
|
'max_age' => 0,
|
||||||
|
'supports_credentials' => true,
|
||||||
'supports_credentials' => false,
|
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -17,8 +17,8 @@
|
||||||
|
|
||||||
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
|
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
|
||||||
'%s%s',
|
'%s%s',
|
||||||
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
|
'localhost,localhost:3000,localhost:80,127.0.0.1,127.0.0.1:8000',
|
||||||
Sanctum::currentApplicationUrlWithPort()
|
\Illuminate\Support\Str::contains(env('APP_URL', ''), 'https://') ? ','.parse_url(env('APP_URL', ''), PHP_URL_HOST) : ''
|
||||||
))),
|
))),
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
36
backend/routes/api.php
Normal file
36
backend/routes/api.php
Normal file
|
|
@ -0,0 +1,36 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
use Illuminate\Support\Facades\Route;
|
||||||
|
|
||||||
|
Route::post('/login', function (Request $request) {
|
||||||
|
$credentials = $request->validate([
|
||||||
|
'email' => ['required', 'email'],
|
||||||
|
'password' => ['required'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
if (! auth()->attempt($credentials)) {
|
||||||
|
return response()->json(['message' => 'Invalid credentials'], 401);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($request->hasSession()) {
|
||||||
|
$request->session()->regenerate();
|
||||||
|
}
|
||||||
|
|
||||||
|
return response()->json(['data' => auth()->user()]);
|
||||||
|
});
|
||||||
|
|
||||||
|
Route::post('/logout', function (Request $request) {
|
||||||
|
auth()->logout();
|
||||||
|
if ($request->hasSession()) {
|
||||||
|
$request->session()->invalidate();
|
||||||
|
$request->session()->regenerateToken();
|
||||||
|
}
|
||||||
|
return response()->json([], 204);
|
||||||
|
})->middleware('auth:sanctum');
|
||||||
|
|
||||||
|
Route::get('/user', function (Request $request) {
|
||||||
|
return response()->json(['data' => $request->user()]);
|
||||||
|
})->middleware('auth:sanctum');
|
||||||
|
|
||||||
|
// Module routes added in Task 10
|
||||||
41
backend/tests/Feature/Auth/AuthTest.php
Normal file
41
backend/tests/Feature/Auth/AuthTest.php
Normal file
|
|
@ -0,0 +1,41 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use App\Models\User;
|
||||||
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||||
|
|
||||||
|
uses(RefreshDatabase::class);
|
||||||
|
|
||||||
|
it('returns 401 for invalid credentials', function () {
|
||||||
|
$response = $this->postJson('/api/login', [
|
||||||
|
'email' => 'nobody@example.com',
|
||||||
|
'password' => 'wrong',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertStatus(401);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('logs in with valid credentials and returns user', function () {
|
||||||
|
$user = User::factory()->create([
|
||||||
|
'email' => 'staff@example.com',
|
||||||
|
'password' => bcrypt('password'),
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response = $this->postJson('/api/login', [
|
||||||
|
'email' => 'staff@example.com',
|
||||||
|
'password' => 'password',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertStatus(200)
|
||||||
|
->assertJsonPath('data.email', 'staff@example.com');
|
||||||
|
});
|
||||||
|
|
||||||
|
it('returns 401 on /api/user when unauthenticated', function () {
|
||||||
|
$response = $this->getJson('/api/user');
|
||||||
|
$response->assertStatus(401);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('returns user on /api/user when authenticated', function () {
|
||||||
|
$user = User::factory()->create();
|
||||||
|
$response = $this->actingAs($user)->getJson('/api/user');
|
||||||
|
$response->assertStatus(200)->assertJsonPath('data.id', $user->id);
|
||||||
|
});
|
||||||
Loading…
Reference in a new issue