EVOLUTION-NINJA

Edit File: AuthController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Models\User;
use App\Models\Register;
use App\Models\add_student;
use App\Models\admin;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rule;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
use App\Models\LoginLog;
use App\Models\EmailOtp;
use App\Mail\OtpMail;
use Illuminate\Support\Facades\Mail;
use Stevebauman\Location\Facades\Location;
use Illuminate\Support\Facades\Cookie;

class AuthController extends Controller
{
   
public function register(Request $request){

$apiKey = $request->header('X-API-KEY');
        $screat_key='h5VGas02juPANW6zj5FLRskWbuIdp3nP4L7BkTWtCuU=';
        if (!$apiKey || $apiKey !== $screat_key) {
            return response()->json([
                'error' => 'Missing API key.',
                
            ], 401);
        }

$request->validate([
            'name' =>'required',
            'email' => 'required|email',
            'password' => 'required|min:6',
            'address' => 'required',
            'gender' => 'required',
            'role'=>'required',
        ]);

$data=[
                'name'=>$request->name,
                'email'=>$request->email,
               'password' => bcrypt($request->password),
                'gender'=>$request->gender,
                'address'=>$request->address,
                 'role' => $request->role, 
               ];
        
         $user = Register::create($data);

if (!$user) {
            return response()->json(['error' => 'failed to add data'], 401);
        }

$token = $user->createToken('api-token')->plainTextToken;

return response()->json([
            'message' => 'data add successfully',
            'token' => $token,
       
        ]);

}

public function show($id)
    {
        $user = Register::find($id);

if (!$user) {
            return response()->json(['message' => 'User not found.'], 404);
        }

return response()->json($user);
    }

public function update(Request $request, $id)
{
    $user = Register::find($id);

if (!$user) {
        return response()->json(['message' => 'User not found.'], 404);
    }

if (isset($validated['password'])) {

$validated['password'] = bcrypt($validated['password']);
    }

$user->update($validated);

return response()->json([
        'message' => 'User updated successfully.',
        'user' => $user,
    ]);
}

public function destroy($id)
    {
        $user = Register::find($id);

if (!$user) {
            return response()->json(['message' => 'User not found.'], 404);
        }

$user->delete();

return response()->json(['message' => 'User deleted successfully.']);
    }

public function login(Request $request)
    {
        //  Validate input
        $request->validate([
            'email' => 'required|email',
            'password' => 'required'
        ]);

//  Find user
        $user = Register::where('email', $request->email)->first();

//    print_r($user);

if (!$user || !Hash::check($request->password, $user->password)) {
            return response()->json([
                'mfa_required' => false,
                'message' => 'Invalid credentials',
            ], 401);
        }

// $currentIp = $this->getClientIp($request);

// if (!$user->ip_address || $user->ip_address !== $currentIp) {
            // $otp = rand(100000, 999999);

// EmailOtp::create([
            //     'user_id' => $user->id,
            //     'otp' => $otp,
            //     'expires_at' => now()->addMinutes(5)
            // ]);

// Mail::to($user->email)->send(new OtpMail($otp));

//     $user->update(['ip_address' => $currentIp]);

//     return response()->json([
        //         'mfa_required' => true,
        //         'message' => 'New network detected. OTP sent to your email.',
        //         'otp_expires_in' => 5
        //     ], 200);
        // }

$token = $user->createToken('API Token')->plainTextToken;

return response()->json([
            'mfa_required' => false,
            'message' => 'Login successful',
            'token' => $token,
            'token_type' => 'Bearer',
            'user' => [
                'id' => $user->id,
                'name' => $user->name ?? trim(($user->firstName ?? '') . ' ' . ($user->lastName ?? '')),
                'email' => $user->email,
                'ip_address' => $user->ip_address,
                'role'=>$user->role,
            ]
        ], 200);
    }

public function mfaVerify(Request $request)
    {
        $request->validate([
            'email' => 'required|email',
            'otp' => 'required'
        ]);

$user = Register::where('email', $request->email)->firstOrFail();

$record = EmailOtp::where('user_id', $user->id)
            ->where('otp', $request->otp)
            ->where('expires_at', '>', now())
            ->first();

if (! $record) {
            return response()->json(['message' => 'Invalid or expired OTP'], 400);
        }

$user->update(['last_login_at' => now()]);
        $record->delete();

$token = $user->createToken('API Token')->plainTextToken;

return response()->json([
            'message' => 'OTP verified, login successful',
            'token' => $token
        ]);
    }
    
public function getClientIp(Request $request)
{

if ($request->server('HTTP_X_FORWARDED_FOR')) {
        $ipList = explode(',', $request->server('HTTP_X_FORWARDED_FOR'));
        return trim($ipList[0]);
    }

$ip = $request->ip();

if ($ip === '127.0.0.1') {
        $ip = getHostByName(getHostName());
    }

return $ip;
}

}