Softpar
/
sfp_api_laravel_ginastica_cerebro


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
							<?php

namespace App\Services;

use App\Enums\UserTypeEnum;
use App\Mail\PasswordResetCodeMail;
use App\Models\User;
use App\Models\PersonalAccessToken;
use Carbon\Carbon;
use Exception;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;

class AuthService
{
    public function login(string $email, string $password, string $origem): ?array
    {
        if (!Auth::attempt(["email" => $email, "password" => $password])) {
            return null;
        }

        $user = User::where("email", $email)->first();

        if ($origem === 'admin') {
            if ($user->user_type !== UserTypeEnum::ADMIN) {
                throw new Exception('credenciais invalidas para acesso de franqueadora');
            }
        }

        $user->update(['last_login_at' => now()]);

        $user->load('units');

        $deviceId = Str::uuid()->toString();

        $accessToken  = $user->createAccessToken($deviceId);
        $refreshToken = $user->createRefreshToken($deviceId);

        return [
            "payload" => [
                "access_token" => $accessToken,
                "user"         => $user,
            ],
            "refreshToken" => $refreshToken,
        ];
    }

    public function refresh(string $refreshToken): ?array
    {
        if (!$refreshToken) {
            return null;
        }

        $tokenModel = PersonalAccessToken::findToken($refreshToken);

        if (
            !$tokenModel ||
            !in_array("refresh", $tokenModel->abilities) ||
            $tokenModel->expires_at < now()
        ) {
            return null;
        }

        $user = $tokenModel->tokenable;

        if (!$user) {
            return null;
        }

        $user->load('units');

        $deviceId = Str::afterLast($tokenModel->name, "_");

        $tokens = $this->refreshTokenTransaction($tokenModel, $user, $deviceId);

        return [
            "payload" => [
                "access_token" => $tokens["access_token"],
                "user"         => $user,
            ],
            "refreshToken" => $tokens["refresh_token"],
        ];
    }

    public function forgotPassword(string $email, string $portal = 'franchisee'): bool
    {
        $user = User::where('email', $email)->first();

        if (!$user) {
            return false;
        }

        $code = str_pad((string) random_int(0, 999999), 6, '0', STR_PAD_LEFT);

        DB::table('password_reset_tokens')->updateOrInsert(
            ['email' => $email],
            [
                'token'      => $code,
                'created_at' => now(),
                'expires_at' => now()->addMinutes(30),
            ]
        );

        $baseUrl = $portal === 'franchisor'
            ? config('app.franchisor_url')
            : config('app.franchisee_url');

        $recoveryLink = $baseUrl . '/recovery-password?email=' . urlencode($email);

        Mail::to($email)->send(new PasswordResetCodeMail($code, $recoveryLink));

        return true;
    }

    public function resetPassword(string $email, string $code, string $password): bool
    {
        if (!$this->verifyPasswordCode($email, $code)) {
            return false;
        }

        $user = User::where('email', $email)->first();

        if (!$user) {
            return false;
        }

        $user->update(['password' => $password]);

        DB::table('password_reset_tokens')->where('email', $email)->delete();

        return true;
    }

    public function verifyPasswordCode(string $email, string $code): bool
    {
        $record = DB::table('password_reset_tokens')
            ->where('email', $email)
            ->where('token', $code)
            ->first();

        if (!$record) {
            return false;
        }

        if (Carbon::parse($record->expires_at)->isPast()) {
            return false;
        }

        return true;
    }

    public function logout(): void
    {
        $user = Auth::user();

        if (!$user) {
            return;
        }

        $tokenName = $user->currentAccessToken()->name;

        $deviceId = Str::afterLast($tokenName, "_");

        $user
            ->tokens()
            ->where("name", "like", "%_{$deviceId}")
            ->delete();
    }

    protected function refreshTokenTransaction(
        PersonalAccessToken $tokenModel, User $user, string $deviceId,
    ): array {
        return DB::transaction(function () use (
            $tokenModel,
            $user,
            $deviceId,
        ): array {
            $tokenModel->update(["expires_at" => Carbon::now()]);

            $accessToken  = $user->createAccessToken($deviceId);
            $refreshToken = $user->createRefreshToken($deviceId);

            return [
                "access_token"  => $accessToken,
                "refresh_token" => $refreshToken,
            ];
        });
    }
}