import type { HttpContext } from '@adonisjs/core/http' import User from '#models/user' import { loginValidator, registerValidator } from '#validators/auth' export default class AuthController { /** POST /api/auth/register */ async register({ request, response }: HttpContext) { const data = await request.validateUsing(registerValidator) const user = await User.create(data) return response.created({ id: user.id, username: user.username, firstName: user.firstName, lastName: user.lastName }) } /** POST /api/auth/login -> trả về bearer token */ async login({ request, response }: HttpContext) { const { username, password } = await request.validateUsing(loginValidator) try { const remoteUrl = process.env.ERP_API_URL || 'https://stage.nswteam.net' const remoteResp = await fetch(`${remoteUrl}/api/login`, { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify({ userEmail: username, password, }), }) const remoteData = (await remoteResp.json().catch(() => null)) as | { success?: boolean; data?: { firstName?: string | null; lastName?: string | null } } | null if (!remoteResp.ok || !remoteData?.success) { return response.badRequest({ status: false, message: 'Login ERP Fail, Email or password is incorrect', error: 'EMAIL_OR_PASSWORD_INCORRECT', }) } const remoteUser = remoteData.data const existingUser = await User.findBy('username', username) const userPayload = { username, password, firstName: remoteUser?.firstName ?? existingUser?.firstName ?? null, lastName: remoteUser?.lastName ?? existingUser?.lastName ?? null, } let user = existingUser if (user) { const needsUpdate = user.firstName !== userPayload.firstName || user.lastName !== userPayload.lastName if (needsUpdate) { user.firstName = userPayload.firstName user.lastName = userPayload.lastName await user.save() } } else { user = await User.create(userPayload) } const token = await User.accessTokens.create(user) return { user: { id: user.id, username: user.username, firstName: user.firstName, lastName: user.lastName }, token: token.value!.release(), type: 'bearer', expiresAt: token.expiresAt, } } catch (error) { return response.badRequest({ status: false, message: 'Login ERP Fail', error: error instanceof Error ? error.message : 'UNKNOWN_ERROR', details: error, }) } } /** POST /api/auth/logout */ async logout({ auth }: HttpContext) { const user = auth.getUserOrFail() const token = auth.user?.currentAccessToken if (token) await User.accessTokens.delete(user, token.identifier) return { revoked: true } } /** GET /api/auth/me */ async me({ auth }: HttpContext) { const user = auth.getUserOrFail() return { id: user.id, username: user.username, firstName: user.firstName, lastName: user.lastName } } }