From c9d5ad37b8d2833742767724076f80ee82c2e161 Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Fri, 24 Apr 2026 13:28:22 +0300
Subject: [PATCH] add auth controller

---
 app/Auth/AuthController.php | 166 ++++++++++++++++++++++++++++++++++++
 1 file changed, 166 insertions(+)
 create mode 100644 app/Auth/AuthController.php

diff --git a/app/Auth/AuthController.php b/app/Auth/AuthController.php
new file mode 100644
index 0000000..9dcc342
--- /dev/null
+++ b/app/Auth/AuthController.php
@@ -0,0 +1,166 @@
+<?php
+
+namespace App\Auth;
+
+use App\Auth\UseCases\CreateSession;
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\User\UseCases\AuthenticateUser;
+use App\User\UseCases\AuthenticateUserRequest;
+use App\User\UseCases\CreateUser;
+use App\User\UseCases\CreateUserRequest;
+use App\User\User;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+
+class AuthController
+{
+    private const COOKIE_MAX_AGE = 7 * 24 * 60 * 60;
+
+    public function login(
+        Request $request,
+        Response $response,
+        AuthenticateUser $authenticateUser,
+        CreateSession $createSession,
+    ): Response {
+        $data = $this->parseBody($request);
+
+        try {
+            $user = $authenticateUser->execute(
+                new AuthenticateUserRequest(
+                    email: $data['email'] ?? null,
+                    password: $data['password'] ?? null,
+                )
+            );
+        } catch (BadRequestException $exception) {
+            return $this->errorResponse(
+                $response,
+                400,
+                $exception->getMessage()
+            );
+        } catch (UnauthorizedException $exception) {
+            return $this->errorResponse(
+                $response,
+                401,
+                $exception->getMessage()
+            );
+        }
+
+        $session = $createSession->execute($user);
+
+        return $this->userResponse($response, $user)
+            ->withHeader(
+                'Set-Cookie',
+                $this->buildSetCookie($session->getToken())
+            );
+    }
+
+    public function register(
+        Request $request,
+        Response $response,
+        CreateUser $createUser,
+        CreateSession $createSession,
+    ): Response {
+        $data = $this->parseBody($request);
+
+        try {
+            $user = $createUser->execute(new CreateUserRequest(
+                email: $data['email'] ?? null,
+                password: $data['password'] ?? null,
+                isAdmin: false,
+            ));
+        } catch (BadRequestException $exception) {
+            return $this->errorResponse(
+                $response,
+                400,
+                $exception->getMessage()
+            );
+        }
+
+        $session = $createSession->execute($user);
+
+        return $this->userResponse($response, $user)
+            ->withHeader(
+                'Set-Cookie',
+                $this->buildSetCookie($session->getToken())
+            );
+    }
+
+    public function logout(
+        Request $request,
+        Response $response,
+        SessionRepository $sessionRepo,
+    ): Response {
+        $cookies = $request->getCookieParams();
+        $token = $cookies[AuthMiddleware::COOKIE_NAME] ?? null;
+
+        if ($token !== null) {
+            $sessionRepo->deleteByToken($token);
+        }
+
+        return $response->withStatus(204)
+            ->withHeader('Set-Cookie', $this->buildClearCookie());
+    }
+
+    public function me(Request $request, Response $response): Response
+    {
+        $user = $request->getAttribute('user');
+        if (!$user instanceof User) {
+            return $this->errorResponse(
+                $response,
+                401,
+                'unauthenticated'
+            );
+        }
+
+        return $this->userResponse($response, $user);
+    }
+
+    private function parseBody(Request $request): array
+    {
+        return json_decode((string) $request->getBody(), true) ?? [];
+    }
+
+    private function userResponse(Response $response, User $user): Response
+    {
+        $response->getBody()->write(json_encode([
+            'user' => [
+                'id' => $user->getId(),
+                'email' => (string) $user->getEmail(),
+                'isAdmin' => $user->isAdmin(),
+            ],
+        ]));
+
+        return $response->withHeader(
+            'Content-Type',
+            'application/json'
+        );
+    }
+
+    private function errorResponse(
+        Response $response,
+        int $status,
+        string $message,
+    ): Response {
+        $response->getBody()->write(
+            json_encode(['error' => $message])
+        );
+
+        return $response->withStatus($status)
+            ->withHeader('Content-Type', 'application/json');
+    }
+
+    private function buildSetCookie(string $token): string
+    {
+        $maxAge = self::COOKIE_MAX_AGE;
+
+        return AuthMiddleware::COOKIE_NAME . '=' . $token
+            . '; Path=/; HttpOnly; SameSite=Lax; Max-Age=' . $maxAge;
+    }
+
+    private function buildClearCookie(): string
+    {
+        return AuthMiddleware::COOKIE_NAME . '=;'
+            . ' Path=/; HttpOnly; SameSite=Lax; Max-Age=0';
+    }
+}