refractor(auth): implement logout API and tokenized auth using sanctum

Al-Saihan · Al-Saihan · commit 06996f147c42 · 2025-12-16T00:20:18.000+06:00
diff --git a/app/Http/Controllers/Api/AuthController.php b/app/Http/Controllers/Api/AuthController.php
@@ -6,6 +6,7 @@
 use Illuminate\Http\Request;
 use App\Models\User;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Auth;
 
 class AuthController extends Controller
 {
@@ -26,34 +27,48 @@ public function register(Request $request)
             'user_type' => $request->user_type,
         ]);
 
+        $token = $user->createToken('mobile-token')->plainTextToken;
+
         return response()->json([
             'success' => true,
             'user' => $user,
-            'token' => 'demo_token_' . $user->id
+            'token' => $token
         ]);
     }
 
     // LOGIN
     public function login(Request $request)
     {
-        $request->validate([
+        $credentials = $request->validate([
             'email' => 'required|email',
             'password' => 'required'
         ]);
 
-        $user = User::where('email', $request->email)->first();
+        if (!Auth::attempt($credentials)) {
+            return response()->json(['message' => 'Invalid credentials'], 401);
+        }
+
+        $user = Auth::user();
+        $token = $user->createToken('mobile-token')->plainTextToken;
 
-        if (!$user || !Hash::check($request->password, $user->password)) {
-            return response()->json([
-                'success' => false,
-                'message' => 'Invalid credentials'
-            ], 401);
+        return response()->json([
+            'user' => $user,
+            'token' => $token
+        ]);
+    }
+
+    public function logout(Request $request)
+    {
+        // Revoke the current access token
+        if ($request->user()->currentAccessToken()) {
+            $request->user()->currentAccessToken()->delete();
         }
 
         return response()->json([
             'success' => true,
-            'user' => $user,
-            'token' => 'demo_token_' . $user->id
+            'message' => 'Logged out successfully'
         ]);
     }
+
+
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -8,11 +8,12 @@
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Str;
 use Laravel\Fortify\TwoFactorAuthenticatable;
+use Laravel\Sanctum\HasApiTokens;
 
 class User extends Authenticatable
 {
-    /** @use HasFactory<\Database\Factories\UserFactory> */
-    use HasFactory, Notifiable, TwoFactorAuthenticatable;
+    use HasApiTokens, HasFactory, Notifiable;
+
 
     /**
      * The attributes that are mass assignable.
diff --git a/routes/api.php b/routes/api.php
@@ -11,14 +11,22 @@
 use App\Http\Controllers\Api\JobController;
 use App\Http\Controllers\Api\AuthController;
 
-// LIST JOBS
-Route::get('/jobs', [JobController::class, 'index']);
+Route::middleware('auth:sanctum')->group(function () {
+    // LIST JOBS
+    Route::get('/jobs', [JobController::class, 'index']);
 
-// CREATE JOB
-Route::post('/jobs', [JobController::class, 'store']);
+    // CREATE JOB
+    Route::post('/jobs', [JobController::class, 'store']);
 
-// APPLY TO JOB
-Route::post('/jobs/{id}/apply', [JobController::class, 'apply']);
+    // APPLY TO JOB
+    Route::post('/jobs/{id}/apply', [JobController::class, 'apply']);
+
+    // GET AUTHENTICATED USER
+    Route::get('/me', fn (Request $req) => $req->user());
+    
+    // LOGOUT
+    Route::post('/logout', [AuthController::class, 'logout']);
+});
 
 // AUTH ROUTES
 Route::post('/register', [AuthController::class, 'register']);
