Admin panel

Author: atomjoy

routes/admin.php

@@ -7,6 +7,8 @@
 use Atomjoy\Apilogin\Http\Controllers\Admin\PasswordResetController as AdminPasswordResetController;
 use Atomjoy\Apilogin\Http\Controllers\Admin\LoggedController as AdminLoggedController;
 use Atomjoy\Apilogin\Http\Controllers\Admin\LogoutController as AdminLogoutController;
+use Atomjoy\Apilogin\Http\Controllers\Admin\PasswordChangeController as AdminPasswordChangeController;
+use Atomjoy\Apilogin\Http\Controllers\Admin\UploadAvatarController as AdminUploadAvatarController;
 
 // Admin panel
 Route::prefix('web/api/admin')->name('web.api.admin')->middleware([
@@ -19,26 +21,41 @@
 	Route::get('/logged', [AdminLoggedController::class, 'index'])->name('logged');
 	Route::post('/f2a', [AdminF2aController::class, 'index'])->name('f2a');
 
-	// Private routes (guard admin)
+	// Private admin, worker routes (guard admin)
 	Route::middleware([
 		'auth:admin', 'apilogin_is_admin',
 		'role:' . config(
-			'apilogin.allowed_admin_roles',
+			'apilogin.allowed_worker_roles',
 			'super_admin|admin|worker'
 		) . ',admin'
 	])->group(function () {
-		// 2FA auth on/off
+		// Admin, worker routes
+		Route::post('/password/change', [AdminPasswordChangeController::class, 'index'])->name('change');
 		Route::post('/f2a/enable', [AdminF2aController::class, 'enable'])->name('f2a.enable');
 		Route::post('/f2a/disable', [AdminF2aController::class, 'disable'])->name('f2a.disable');
+		Route::post('/upload/avatar', [AdminUploadAvatarController::class, 'index'])->name('upload.avatar');
+		Route::post('/remove/avatar', [AdminUploadAvatarController::class, 'remove'])->name('remove.avatar');
 
-		// Admin panel routes
-		// ...
-
-		// Test route
 		Route::get('/test', function () {
 			return response()->json([
 				'message' => 'Authenticated.'
 			]);
 		})->middleware('throttle:20,1'); // 20/min
 	});
+
+	// Private admin routes (guard admin)
+	Route::middleware([
+		'auth:admin', 'apilogin_is_admin',
+		'role:' . config(
+			'apilogin.allowed_admin_roles',
+			'super_admin|admin'
+		) . ',admin'
+	])->group(function () {
+		// Admin only routes
+		Route::get('/test/admin', function () {
+			return response()->json([
+				'message' => 'Authenticated.'
+			]);
+		})->middleware('throttle:20,1'); // 20/min
+	});
 });

src/Events/PasswordChange.php

@@ -3,6 +3,7 @@
 namespace Atomjoy\Apilogin\Events;
 
 use App\Models\User;
+use Atomjoy\Apilogin\Models\Admin;
 use Illuminate\Broadcasting\Channel;
 use Illuminate\Broadcasting\InteractsWithSockets;
 use Illuminate\Broadcasting\PresenceChannel;
@@ -20,7 +21,7 @@ class PasswordChange
 	 *
 	 * @return void
 	 */
-	public function __construct(public User $user)
+	public function __construct(public User|Admin $user)
 	{
 	}
 

src/Events/UploadAvatar.php

@@ -3,6 +3,7 @@
 namespace Atomjoy\Apilogin\Events;
 
 use App\Models\User;
+use Atomjoy\Apilogin\Models\Admin;
 use Illuminate\Broadcasting\Channel;
 use Illuminate\Broadcasting\InteractsWithSockets;
 use Illuminate\Broadcasting\PresenceChannel;
@@ -21,7 +22,7 @@ class UploadAvatar
 	 * @return void
 	 */
 	public function __construct(
-		public User $user,
+		public User|Admin $user,
 		public $path
 	) {
 	}

src/Http/Controllers/Admin/PasswordChangeController.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Atomjoy\Apilogin\Http\Controllers\Admin;
+
+use App\Http\Controllers\Controller;
+use Atomjoy\Apilogin\Exceptions\JsonException;
+use Atomjoy\Apilogin\Http\Requests\PasswordChangeRequest;
+use Atomjoy\Apilogin\Events\PasswordChange;
+use Atomjoy\Apilogin\Events\PasswordChangeError;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Hash;
+use Exception;
+
+class PasswordChangeController extends Controller
+{
+	function index(PasswordChangeRequest $request)
+	{
+		$valid = $request->validated();
+
+		if (Auth::guard('admin')->check()) {
+			$user = Auth::guard('admin')->user();
+
+			if (Hash::check($valid['password_current'], $user->password)) {
+				try {
+					// Tests error
+					$request->testDatabase();
+
+					$user->update([
+						'password' => Hash::make($valid['password']),
+					]);
+
+					PasswordChange::dispatch($user);
+					return response()->json([
+						'message' => __('apilogin.change.success')
+					], 200);
+				} catch (Exception $e) {
+					report($e);
+					PasswordChangeError::dispatch($valid);
+					throw new JsonException(__('apilogin.change.error'), 422);
+				}
+			} else {
+				PasswordChangeError::dispatch($valid);
+				throw new JsonException(__('apilogin.change.invalid.current.password'), 422);
+			}
+		} else {
+			PasswordChangeError::dispatch($valid);
+			throw new JsonException(__('apilogin.change.unauthenticated.'), 422);
+		}
+	}
+}

src/Http/Controllers/Admin/UploadAvatarController.php

@@ -0,0 +1,128 @@
+<?php
+
+namespace Atomjoy\Apilogin\Http\Controllers\Admin;
+
+use Exception;
+use App\Http\Controllers\Controller;
+use Atomjoy\Apilogin\Events\UploadAvatar;
+use Atomjoy\Apilogin\Exceptions\JsonException;
+use Atomjoy\Apilogin\Http\Requests\UploadAvatarRequest;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Storage;
+use Response;
+
+class UploadAvatarController extends Controller
+{
+	protected $disk = 's3';
+
+	function index(UploadAvatarRequest $request)
+	{
+		try {
+			Auth::shouldUse('admin');
+
+			$user =  Auth::user();
+
+			$filename = $user->id . '.webp';
+
+			// $path = $request->file('avatar')->storeAs('avatars/admin', $filename, 'public');
+
+			$path = Storage::disk($this->disk)
+				->putFileAs(
+					'avatars/admin',
+					$request->file('avatar'),
+					$filename
+				);
+
+			$user->avatar = $path;
+			$user->save();
+
+			UploadAvatar::dispatch($user, $path);
+
+			return response()->json([
+				'message' => __('apilogin.upload.avatar.success'),
+				'avatar' => $path,
+			], 200);
+		} catch (Exception $e) {
+			report($e);
+			throw new JsonException(__('apilogin.upload.avatar.error'), 422);
+		}
+	}
+
+	function remove(Request $request)
+	{
+		try {
+			Auth::shouldUse('admin');
+
+			$filename = 'avatars/admin/' . Auth::id() . '.webp';
+
+			if (Storage::disk($this->disk)->exists($filename)) {
+				Storage::disk($this->disk)->delete($filename);
+				Auth::user()->update(['avatar' => null]);
+			}
+
+			return response()->json([
+				'message' => __('apilogin.remove.avatar.success'),
+			], 200);
+		} catch (Exception $e) {
+			report($e);
+			throw new JsonException(__('apilogin.remove.avatar.error'), 422);
+		}
+	}
+
+	public function show()
+	{
+		return $this->showAvatar();
+	}
+
+	/**
+	 *	Show avatar only for logged in users.
+	 */
+	public function showAvatar($default_avatar = 'js/components/input/profil/avatar.png')
+	{
+		try {
+			Auth::shouldUse('admin');
+
+			$id = Auth::id() ?? 'error';
+
+			$filename = '/avatars/admin/' . $id . '.webp';
+
+			$exists = Storage::disk($this->disk)->exists($filename);
+
+			if ($exists) {
+				$mime = Storage::disk($this->disk)->mimeType($filename);
+
+				$content = Storage::disk($this->disk)->get($filename);
+
+				$response = Response::make($content, 200);
+
+				$response->header("Content-Type", $mime);
+
+				return $response;
+			} else {
+				$default = resource_path($default_avatar);
+
+				if (!file_exists($default)) {
+					$default = fake()->image(
+						null,
+						128,
+						128,
+						null,
+						true,
+						true,
+						'avatar',
+						true,
+						'png'
+					);
+				}
+
+				return response(
+					file_get_contents($default)
+				)->header('Content-Type', 'image/png');
+			}
+		} catch (Exception $e) {
+			report($e);
+			throw new JsonException(__('apilogin.show.avatar.error'), 422);
+		}
+	}
+}

src/Http/Requests/PasswordChangeRequest.php

@@ -4,6 +4,7 @@
 
 use Exception;
 use App\Models\User;
+use Atomjoy\Apilogin\Models\Admin;
 use Illuminate\Contracts\Validation\Validator;
 use Illuminate\Foundation\Http\FormRequest;
 use Illuminate\Validation\ValidationException;
@@ -15,7 +16,7 @@ class PasswordChangeRequest extends FormRequest
 
 	public function authorize()
 	{
-		if (auth()->user() instanceof User) {
+		if (auth()->user() instanceof User or auth()->user() instanceof Admin) {
 			return true; // Allow logged
 		}