correcao login app e backoffice

app/Http/Controllers/AuthController.php

@@ -4,11 +4,13 @@ namespace App\Http\Controllers;
 
 use App\Http\Requests\AuthRequest;
 use App\Http\Requests\RefreshTokenRequest;
+use App\Http\Requests\RefreshTokenAppRequest;
 use App\Http\Requests\UserAppsRequest;
 use App\Http\Requests\UserAppsValidateCodeRequest;
 use Illuminate\Http\JsonResponse;
 use App\Http\Resources\AuthResource;
 use App\Services\AuthService;
+use Illuminate\Support\Facades\Log;
 
 class AuthController extends Controller
 {
@@ -27,6 +29,37 @@ class AuthController extends Controller
       return $this->errorResponse(message: __("auth.failed"), code: 401);
     }
 
+    return $this->successResponse(
+      payload: new AuthResource($result["payload"]),
+      message: __("auth.logged_in"),
+    )->withCookie(
+      cookie(
+        "refresh_token",
+        $result["refreshToken"],
+        config("sanctum.rt_expiration") * 60,
+        "/",
+        config("session.domain"),
+        config("session.secure"),
+        true,
+        false,
+        "Lax",
+      ),
+    );
+  }
+
+  public function loginApp(AuthRequest $request): JsonResponse
+  {
+    $validated = $request->validated();
+
+    $result = $this->authService->login(
+      email: $validated["email"],
+      password: $validated["password"],
+    );
+
+    if (!$result) {
+      return $this->errorResponse(message: __("auth.failed"), code: 401);
+    }
+
     return $this->successResponse(
       payload: new AuthResource([
         ...$result["payload"],
@@ -46,13 +79,50 @@ class AuthController extends Controller
   }
 
   public function refresh(RefreshTokenRequest $request): JsonResponse
+  {
+    $refresh_token = $request->cookie("refresh_token");
+
+    if (is_null($refresh_token)) {
+      return $this->errorResponse(
+        code: 403,
+      )->withoutCookie("refresh_token");
+    }
+
+    $result = $this->authService->refresh(
+      $refresh_token
+    );
+
+    if (is_null($result)) {
+      return $this->errorResponse(
+        message: __("auth.unauthorized"),
+        code: 403,
+      )->withoutCookie("refresh_token");
+    }
+
+    return $this->successResponse(
+      payload: new AuthResource($result["payload"]),
+    )->withCookie(
+      cookie(
+        "refresh_token",
+        $result["refreshToken"],
+        config("sanctum.rt_expiration") * 60,
+        "/",
+        config("session.domain"),
+        config("session.secure"),
+        true,
+        true,
+        "Lax",
+      ),
+    );
+  }
+
+  public function refreshApp(RefreshTokenAppRequest $request): JsonResponse
   {
     $refresh_token = $request->validated("refresh_token");
 
     if (is_null($refresh_token)) {
       return $this->errorResponse(code: 403);
     }
-
     $result = $this->authService->refresh(
       $refresh_token
     );
@@ -63,7 +133,6 @@ class AuthController extends Controller
         code: 403,
       );
     }
-
     return $this->successResponse(
       payload: new AuthResource([
         ...$result["payload"],

app/Http/Requests/RefreshTokenAppRequest.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class RefreshTokenAppRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    public function rules(): array
+    {
+        return [
+            'refresh_token' => ['required', 'string'],
+        ];
+    }
+}

app/Http/Requests/RefreshTokenRequest.php

@@ -13,8 +13,14 @@ class RefreshTokenRequest extends FormRequest
 
     public function rules(): array
     {
-        return [
-            'refresh_token' => ['required', 'string'],
-        ];
+        return [];
+    }
+
+    //This adds the cookie value to the request data.
+    protected function passedValidation(): void
+    {
+        $this->merge([
+            'refresh_token' => $this->cookie('refresh_token'),
+        ]);
     }
 }

routes/noAuthRoutes/auth.php

@@ -5,11 +5,14 @@ use App\Http\Controllers\AuthController;
 use App\Http\Controllers\ClientController;
 use App\Http\Controllers\ProviderController;
 
+// backoffice
 Route::post('/login', [AuthController::class, 'login']);
-Route::post('/user-send-code', [AuthController::class, 'sendCode']);
 Route::post('/refresh', [AuthController::class, 'refresh']);
-// user-validate-code
-Route::post('/user-validate-code', [AuthController::class, 'validateCode']);
 
+// app
+Route::post('/login-app', [AuthController::class, 'loginApp']);
+Route::post('/refresh-app', [AuthController::class, 'refreshApp']);
+Route::post('/user-send-code', [AuthController::class, 'sendCode']);
+Route::post('/user-validate-code', [AuthController::class, 'validateCode']);
 Route::post('/register-client', [ClientController::class, 'register']);
 Route::post('/register-provider', [ProviderController::class, 'register']);