From f481ee765d6e7b6ec3c94b7dc7314d8452d4e0ea Mon Sep 17 00:00:00 2001
From: Leonid Nikitin <i@kor-elf.net>
Date: Thu, 6 Jul 2023 10:48:32 +0600
Subject: [PATCH] Made authorization.

---
 app/Contracts/FormRequestDto.php              | 10 ++++
 app/Dto/Request/Authorization.php             | 27 +++++++++
 app/Dto/Request/Dto.php                       |  8 +++
 app/Http/Controllers/AuthController.php       | 47 +++++++++++++++
 app/Http/Controllers/Controller.php           | 13 ++++
 .../Controllers/Private/ProfileController.php | 23 +++++++
 app/Http/Requests/AuthorizationRequest.php    | 31 ++++++++++
 app/Repositories/UserRepository.php           | 14 +++++
 app/Services/AuthService.php                  | 40 +++++++++++++
 app/Services/Service.php                      | 16 +++--
 app/View/Components/Public/Layout.php         | 18 ++++++
 config/rate_limiting.php                      |  8 +++
 lang/en/auth.php                              |  2 +
 lang/ru/auth.php                              |  2 +
 resources/views/public/layout/app.blade.php   | 28 +++++++++
 resources/views/public/login.blade.php        | 60 +++++++++++++++++++
 routes/web.php                                | 14 +++++
 17 files changed, 356 insertions(+), 5 deletions(-)
 create mode 100644 app/Contracts/FormRequestDto.php
 create mode 100644 app/Dto/Request/Authorization.php
 create mode 100644 app/Dto/Request/Dto.php
 create mode 100644 app/Http/Controllers/AuthController.php
 create mode 100644 app/Http/Controllers/Controller.php
 create mode 100644 app/Http/Controllers/Private/ProfileController.php
 create mode 100644 app/Http/Requests/AuthorizationRequest.php
 create mode 100644 app/Repositories/UserRepository.php
 create mode 100644 app/Services/AuthService.php
 create mode 100644 app/View/Components/Public/Layout.php
 create mode 100644 config/rate_limiting.php
 create mode 100644 resources/views/public/layout/app.blade.php
 create mode 100644 resources/views/public/login.blade.php

diff --git a/app/Contracts/FormRequestDto.php b/app/Contracts/FormRequestDto.php
new file mode 100644
index 0000000..3b0d99e
--- /dev/null
+++ b/app/Contracts/FormRequestDto.php
@@ -0,0 +1,10 @@
+<?php declare(strict_types=1);
+
+namespace App\Contracts;
+
+use App\Dto\Request\Dto;
+
+interface FormRequestDto
+{
+    public function getDto(): Dto;
+}
diff --git a/app/Dto/Request/Authorization.php b/app/Dto/Request/Authorization.php
new file mode 100644
index 0000000..e689bd7
--- /dev/null
+++ b/app/Dto/Request/Authorization.php
@@ -0,0 +1,27 @@
+<?php declare(strict_types=1);
+
+namespace App\Dto\Request;
+
+final readonly class Authorization extends Dto
+{
+    public function __construct(
+        private string $email,
+        private string $password,
+        private bool   $remember = false
+    ) { }
+
+    public function getEmail(): string
+    {
+        return $this->email;
+    }
+
+    public function getPassword(): string
+    {
+        return $this->password;
+    }
+
+    public function getRemember(): bool
+    {
+        return $this->remember;
+    }
+}
diff --git a/app/Dto/Request/Dto.php b/app/Dto/Request/Dto.php
new file mode 100644
index 0000000..944c7dc
--- /dev/null
+++ b/app/Dto/Request/Dto.php
@@ -0,0 +1,8 @@
+<?php declare(strict_types=1);
+
+namespace App\Dto\Request;
+
+abstract readonly class Dto
+{
+
+}
diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
new file mode 100644
index 0000000..32fab44
--- /dev/null
+++ b/app/Http/Controllers/AuthController.php
@@ -0,0 +1,47 @@
+<?php declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use App\Http\Requests\AuthorizationRequest;
+use App\Services\AuthService;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Log;
+use Illuminate\View\View;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Facades\Auth;
+
+final class AuthController extends Controller
+{
+    public function __construct(
+        private readonly AuthService $authService
+    ) { }
+
+    public function login(): View
+    {
+        return view('public/login');
+    }
+
+    public function authorization(AuthorizationRequest $request)
+    {
+        $authorization = $request->getDto();
+        $result = $this->authService->authorization($authorization);
+        if (!$result->isSuccess()) {
+            if ($result->getCode() === Response::HTTP_UNAUTHORIZED) {
+                Log::warning('Unauthorized ' . $authorization->getEmail() . ' [' . $request->getClientIp() . ']');
+            }
+            return redirect()->route('login')->withInput()->withErrors($result->getMessage());
+        }
+        $request->session()->regenerate();
+        Log::notice('Logged in ' . $authorization->getEmail() . ' [' . $request->getClientIp() . ']');
+        return redirect()->route('home');
+    }
+
+    public function logout(Request $request): RedirectResponse
+    {
+        Auth::logout();
+        $request->session()->invalidate();
+        $request->session()->regenerateToken();
+        return redirect(route('login'));
+    }
+}
diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php
new file mode 100644
index 0000000..44fe5b4
--- /dev/null
+++ b/app/Http/Controllers/Controller.php
@@ -0,0 +1,13 @@
+<?php declare(strict_types=1);
+
+namespace App\Http\Controllers;
+
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
+use Illuminate\Foundation\Bus\DispatchesJobs;
+use Illuminate\Foundation\Validation\ValidatesRequests;
+use Illuminate\Routing\Controller as BaseController;
+
+class Controller extends BaseController
+{
+    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
+}
diff --git a/app/Http/Controllers/Private/ProfileController.php b/app/Http/Controllers/Private/ProfileController.php
new file mode 100644
index 0000000..bfddfb2
--- /dev/null
+++ b/app/Http/Controllers/Private/ProfileController.php
@@ -0,0 +1,23 @@
+<?php declare(strict_types=1);
+
+namespace App\Http\Controllers\Private;
+
+use Illuminate\Support\Facades\Auth;
+use Illuminate\View\View;
+
+final class ProfileController extends Controller
+{
+    public function profile(): View
+    {
+        return view('private/profile/profile', [
+            'user' => Auth::user()
+        ]);
+    }
+
+    public function settings(): View
+    {
+        return view('private/profile/settings', [
+            'user' => Auth::user()
+        ]);
+    }
+}
diff --git a/app/Http/Requests/AuthorizationRequest.php b/app/Http/Requests/AuthorizationRequest.php
new file mode 100644
index 0000000..f4ed7af
--- /dev/null
+++ b/app/Http/Requests/AuthorizationRequest.php
@@ -0,0 +1,31 @@
+<?php declare(strict_types=1);
+
+namespace App\Http\Requests;
+
+use App\Contracts\FormRequestDto;
+use App\Dto\Request\Authorization;
+use Illuminate\Foundation\Http\FormRequest;
+
+final class AuthorizationRequest extends FormRequest implements FormRequestDto
+{
+    /**
+     * Get the validation rules that apply to the request.
+     */
+    public function rules(): array
+    {
+        return [
+            'email' => ['required', 'email', 'max:255'],
+            'password' => ['required', 'min:3'],
+            'remember' => ['nullable', 'boolean'],
+        ];
+    }
+
+    public function getDto(): Authorization
+    {
+        return new Authorization(
+            email:    $this->input('email'),
+            password: $this->input('password'),
+            remember: (bool) $this->input('remember', false)
+        );
+    }
+}
diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
new file mode 100644
index 0000000..c8022e9
--- /dev/null
+++ b/app/Repositories/UserRepository.php
@@ -0,0 +1,14 @@
+<?php declare(strict_types=1);
+
+namespace App\Repositories;
+
+use App\Models\User;
+use Illuminate\Support\Str;
+
+final readonly class UserRepository
+{
+    public function getUserByEmail(string $email): ?User
+    {
+        return User::query()->where('email', Str::lower($email))->first();
+    }
+}
diff --git a/app/Services/AuthService.php b/app/Services/AuthService.php
new file mode 100644
index 0000000..03dc196
--- /dev/null
+++ b/app/Services/AuthService.php
@@ -0,0 +1,40 @@
+<?php declare(strict_types=1);
+
+namespace App\Services;
+
+use App\Dto\Request\Authorization;
+use App\Repositories\UserRepository;
+use App\ServiceResults\ServiceResultArray;
+use App\ServiceResults\ServiceResultError;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+
+final class AuthService extends Service
+{
+    public function __construct(
+        private readonly UserRepository $userRepository
+    ) { }
+
+    public function authorization(Authorization $authorization): ServiceResultError | ServiceResultArray
+    {
+        $user = $this->userRepository->getUserByEmail($authorization->getEmail());
+        if (is_null($user)) {
+            return $this->errUnauthorized(__('auth.failed'));
+        }
+        if (Hash::check($authorization->getPassword(), $user->password) !== true) {
+            return $this->errUnauthorized(__('auth.password'));
+        }
+        if ($user->is_active === false) {
+            return $this->errFobidden(__('auth.disabled'));
+        }
+
+        try {
+            Auth::login($user, $authorization->getRemember());
+        } catch (\Throwable $e) {
+            report($e);
+            return $this->errService(__('Server Error'));
+        }
+
+        return $this->ok(__('auth.success'));
+    }
+}
diff --git a/app/Services/Service.php b/app/Services/Service.php
index 10fb348..d844c35 100644
--- a/app/Services/Service.php
+++ b/app/Services/Service.php
@@ -5,32 +5,38 @@ namespace App\Services;
 
 use App\ServiceResults\ServiceResultArray;
 use App\ServiceResults\ServiceResultError;
+use Illuminate\Http\Response;
 
 abstract class Service
 {
     final protected function errValidate(string $message, array $errors = []): ServiceResultError
     {
-        return $this->error(422, $message, $errors);
+        return $this->error(Response::HTTP_UNPROCESSABLE_ENTITY, $message, $errors);
     }
 
     final protected function errFobidden(string $message): ServiceResultError
     {
-        return $this->error(403, $message);
+        return $this->error(Response::HTTP_FORBIDDEN, $message);
     }
 
     final protected function errNotFound(string $message): ServiceResultError
     {
-        return $this->error(404, $message);
+        return $this->error(Response::HTTP_NOT_FOUND, $message);
     }
 
     final protected function errService(string $message): ServiceResultError
     {
-        return $this->error(500, $message);
+        return $this->error(Response::HTTP_INTERNAL_SERVER_ERROR, $message);
     }
 
     final protected function notAcceptable(string $message): ServiceResultError
     {
-        return $this->error(406, $message);
+        return $this->error(Response::HTTP_NOT_ACCEPTABLE, $message);
+    }
+
+    final protected function errUnauthorized(string $message): ServiceResultError
+    {
+        return $this->error(Response::HTTP_UNAUTHORIZED, $message);
     }
 
     final protected function ok(string $message = 'OK'): ServiceResultArray
diff --git a/app/View/Components/Public/Layout.php b/app/View/Components/Public/Layout.php
new file mode 100644
index 0000000..be8689e
--- /dev/null
+++ b/app/View/Components/Public/Layout.php
@@ -0,0 +1,18 @@
+<?php declare(strict_types=1);
+
+namespace App\View\Components\Public;
+
+use Illuminate\View\Component;
+use Illuminate\View\View;
+
+final class Layout extends Component
+{
+
+    /**
+     * @inheritDoc
+     */
+    public function render(): View
+    {
+        return view('public.layout.app');
+    }
+}
diff --git a/config/rate_limiting.php b/config/rate_limiting.php
new file mode 100644
index 0000000..b5fc841
--- /dev/null
+++ b/config/rate_limiting.php
@@ -0,0 +1,8 @@
+<?php
+return [
+    /**
+     * Max limit of the hour.
+     */
+    'login_max_request' => env('LOGIN_MAX_REQUEST', 50),
+    'login_max_email_request' => env('LOGIN_MAX_EMAIL_REQUEST', 10),
+];
diff --git a/lang/en/auth.php b/lang/en/auth.php
index 6db4982..cbe6067 100644
--- a/lang/en/auth.php
+++ b/lang/en/auth.php
@@ -6,4 +6,6 @@ return [
     'failed'   => 'These credentials do not match our records.',
     'password' => 'The password is incorrect.',
     'throttle' => 'Too many login attempts. Please try again in :seconds seconds.',
+    'success' => 'The user is logged in.',
+    'disabled' => 'Disabled the user.',
 ];
diff --git a/lang/ru/auth.php b/lang/ru/auth.php
index 38ca958..0f6d38e 100644
--- a/lang/ru/auth.php
+++ b/lang/ru/auth.php
@@ -6,4 +6,6 @@ return [
     'failed'   => 'Неверное имя пользователя или пароль.',
     'password' => 'Некорректный пароль.',
     'throttle' => 'Слишком много попыток входа. Пожалуйста, попробуйте ещё раз через :seconds секунд.',
+    'success' => 'Пользователь вошел в систему.',
+    'disabled' => 'Отключили пользователя.',
 ];
diff --git a/resources/views/public/layout/app.blade.php b/resources/views/public/layout/app.blade.php
new file mode 100644
index 0000000..352a8c6
--- /dev/null
+++ b/resources/views/public/layout/app.blade.php
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+
+    <title>@yield('meta_title', '')</title>
+    <meta name="keywords" content="@yield('meta_keywords', '')" />
+    <meta name="description" content="@yield('meta_description', '')" />
+
+    @vite('resources/volt/scss/app.scss')
+
+    <meta name="msapplication-TileColor" content="#ffffff">
+    <meta name="theme-color" content="#ffffff">
+</head>
+<body>
+    <main>
+        <!-- Section -->
+        <section class="vh-lg-100 mt-5 mt-lg-0 bg-soft d-flex align-items-center">
+            <div class="container">
+                {{ $slot }}
+            </div>
+        </section>
+    </main>
+
+    @vite('resources/volt/js/app.js')
+</body>
+</html>
diff --git a/resources/views/public/login.blade.php b/resources/views/public/login.blade.php
new file mode 100644
index 0000000..f83ca1b
--- /dev/null
+++ b/resources/views/public/login.blade.php
@@ -0,0 +1,60 @@
+@section('meta_title', __('Sign in to our platform'))
+<x-public.layout>
+    <div class="row justify-content-center form-bg-image" data-background-lg="{{ Vite::asset('resources/volt/images/illustrations/signin.svg') }}">
+        <div class="col-12 d-flex align-items-center justify-content-center">
+            <div class="bg-white shadow border-0 rounded border-light p-4 p-lg-5 w-100 fmxw-500">
+                <div class="text-center text-md-center mb-4 mt-md-0">
+                    <h1 class="mb-0 h3">{{ __('Sign in to our platform') }}</h1>
+                </div>
+                @if ($errors->any())
+                    <div class="alert alert-danger">
+                        <ul>
+                            @foreach ($errors->all() as $error)
+                                <li>{{ $error }}</li>
+                            @endforeach
+                        </ul>
+                    </div>
+                @endif
+                <form action="{{ route('authorization') }}" class="mt-4" method="post">
+                    @csrf
+                    <!-- Form -->
+                    <div class="form-group mb-4">
+                        <label for="email">{{ __('Your Email') }}</label>
+                        <div class="input-group">
+                            <span class="input-group-text" id="basic-addon1">
+                                <svg class="icon icon-xs text-gray-600" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M2.003 5.884L10 9.882l7.997-3.998A2 2 0 0016 4H4a2 2 0 00-1.997 1.884z"></path><path d="M18 8.118l-8 4-8-4V14a2 2 0 002 2h12a2 2 0 002-2V8.118z"></path></svg>
+                            </span>
+                            <input type="email" name="email" class="form-control" placeholder="example@company.com" id="email" autofocus required>
+                        </div>
+                    </div>
+                    <!-- End of Form -->
+                    <div class="form-group">
+                        <!-- Form -->
+                        <div class="form-group mb-4">
+                            <label for="password">{{ __('Your Password') }}</label>
+                            <div class="input-group">
+                                <span class="input-group-text" id="basic-addon2">
+                                    <svg class="icon icon-xs text-gray-600" fill="currentColor" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" d="M5 9V7a5 5 0 0110 0v2a2 2 0 012 2v5a2 2 0 01-2 2H5a2 2 0 01-2-2v-5a2 2 0 012-2zm8-2v2H7V7a3 3 0 016 0z" clip-rule="evenodd"></path></svg>
+                                </span>
+                                <input type="password" name="password" placeholder="Password" class="form-control" id="password" required>
+                            </div>
+                        </div>
+                        <!-- End of Form -->
+                        <div class="d-flex justify-content-between align-items-top mb-4">
+                            <div class="form-check">
+                                <input name="remember" type="hidden" value="0">
+                                <input class="form-check-input" name="remember" type="checkbox" value="1" id="remember">
+                                <label class="form-check-label mb-0" for="remember">
+                                    {{ __('Remember me') }}
+                                </label>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="d-grid">
+                        <button type="submit" class="btn btn-gray-800">{{ __('Sign in') }}</button>
+                    </div>
+                </form>
+            </div>
+        </div>
+    </div>
+</x-public.layout>
diff --git a/routes/web.php b/routes/web.php
index 83469ef..daac5b0 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -12,3 +12,17 @@ use Illuminate\Support\Facades\Route;
 | be assigned to the "web" middleware group. Make something great!
 |
 */
+
+Route::middleware('guest')->group(function () {
+    Route::get('login', [\App\Http\Controllers\AuthController::class, 'login'])->name('login');
+    Route::middleware(['throttle:login'])->post('login', [\App\Http\Controllers\AuthController::class, 'authorization'])->name('authorization');
+});
+Route::middleware(['auth', 'verified'])->group(function () {
+    Route::post('logout', [\App\Http\Controllers\AuthController::class, 'logout'])->name('logout');
+    Route::get('/', [\App\Http\Controllers\Private\DashboardController::class, 'index'])->name('home');
+    Route::prefix('profile')->as('profile.')
+        ->group(function () {
+            Route::get('/', [\App\Http\Controllers\Private\ProfileController::class, 'profile'])->name('edit');
+            Route::get('settings', [\App\Http\Controllers\Private\ProfileController::class, 'settings'])->name('settings');
+        });
+});