copy user entity and auth from ysv

backend/app/Auth/BcryptPasswordHasher.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace App\Auth;
+
+class BcryptPasswordHasher implements PasswordHasher
+{
+    public function hash(string $password): string
+    {
+        return password_hash($password, PASSWORD_DEFAULT);
+    }
+
+    public function verify(string $password, string $hash): bool
+    {
+        return password_verify($password, $hash);
+    }
+}

backend/app/Auth/Clock.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Auth;
+
+use DateTimeImmutable;
+
+interface Clock
+{
+    public function now(): DateTimeImmutable;
+}

backend/app/Auth/CreateSessionDto.php

@@ -0,0 +1,16 @@
+<?php
+
+namespace App\Auth;
+
+use App\User\User;
+use DateTimeImmutable;
+
+class CreateSessionDto
+{
+    public function __construct(
+        public string $token,
+        public User $user,
+        public DateTimeImmutable $createdAt,
+        public DateTimeImmutable $expiresAt,
+    ) {}
+}

backend/app/Auth/EloquentSessionRepository.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Auth;
+
+use App\User\UserRepository;
+use DateTimeImmutable;
+use DateTimeZone;
+
+class EloquentSessionRepository implements SessionRepository
+{
+    public function __construct(private UserRepository $userRepo) {}
+
+    public function create(CreateSessionDto $dto): Session
+    {
+        SessionModel::create([
+            'token' => $dto->token,
+            'user_id' => $dto->user->getId(),
+            'created_at' => $dto->createdAt,
+            'expires_at' => $dto->expiresAt,
+        ]);
+
+        return new Session(
+            token: $dto->token,
+            user: $dto->user,
+            createdAt: $dto->createdAt,
+            expiresAt: $dto->expiresAt,
+        );
+    }
+
+    public function findByToken(string $token): ?Session
+    {
+        $model = SessionModel::find($token);
+        if ($model === null) {
+            return null;
+        }
+        $user = $this->userRepo->find($model->user_id);
+        if ($user === null) {
+            return null;
+        }
+        $utc = new DateTimeZone('UTC');
+
+        return new Session(
+            token: $model->token,
+            user: $user,
+            createdAt: new DateTimeImmutable(
+                $model->created_at->toDateTimeString(),
+                $utc
+            ),
+            expiresAt: new DateTimeImmutable(
+                $model->expires_at->toDateTimeString(),
+                $utc
+            ),
+        );
+    }
+
+    public function deleteByToken(string $token): void
+    {
+        SessionModel::where('token', $token)->delete();
+    }
+}

backend/app/Auth/PasswordHasher.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Auth;
+
+interface PasswordHasher
+{
+    public function hash(string $password): string;
+
+    public function verify(string $password, string $hash): bool;
+}

backend/app/Auth/RandomTokenGenerator.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Auth;
+
+class RandomTokenGenerator implements TokenGenerator
+{
+    public function generate(): string
+    {
+        return bin2hex(random_bytes(32));
+    }
+}

backend/app/Auth/Session.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Auth;
+
+use App\User\User;
+use DateTimeImmutable;
+
+class Session
+{
+    public function __construct(
+        private string $token,
+        private User $user,
+        private DateTimeImmutable $createdAt,
+        private DateTimeImmutable $expiresAt,
+    ) {}
+
+    public function getToken(): string
+    {
+        return $this->token;
+    }
+
+    public function getUser(): User
+    {
+        return $this->user;
+    }
+
+    public function getCreatedAt(): DateTimeImmutable
+    {
+        return $this->createdAt;
+    }
+
+    public function getExpiresAt(): DateTimeImmutable
+    {
+        return $this->expiresAt;
+    }
+
+    public function isExpired(DateTimeImmutable $now): bool
+    {
+        return $now >= $this->expiresAt;
+    }
+}

backend/app/Auth/SessionModel.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace App\Auth;
+
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Carbon;
+
+/**
+ * @property string $token
+ * @property int $user_id
+ * @property Carbon $created_at
+ * @property Carbon $expires_at
+ *
+ * @method static Builder<static>|SessionModel newModelQuery()
+ * @method static Builder<static>|SessionModel newQuery()
+ * @method static Builder<static>|SessionModel query()
+ *
+ * @mixin \Eloquent
+ */
+class SessionModel extends Model
+{
+    protected $table = 'sessions';
+
+    protected $primaryKey = 'token';
+
+    public $incrementing = false;
+
+    protected $keyType = 'string';
+
+    public $timestamps = false;
+
+    protected $fillable = [
+        'token',
+        'user_id',
+        'created_at',
+        'expires_at',
+    ];
+
+    protected $casts = [
+        'created_at' => 'datetime',
+        'expires_at' => 'datetime',
+    ];
+}

backend/app/Auth/SessionRepository.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Auth;
+
+interface SessionRepository
+{
+    public function create(CreateSessionDto $dto): Session;
+
+    public function findByToken(string $token): ?Session;
+
+    public function deleteByToken(string $token): void;
+}

backend/app/Auth/SystemClock.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Auth;
+
+use DateTimeImmutable;
+use DateTimeZone;
+
+class SystemClock implements Clock
+{
+    public function now(): DateTimeImmutable
+    {
+        return new DateTimeImmutable('now', new DateTimeZone('UTC'));
+    }
+}

backend/app/Auth/TokenGenerator.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace App\Auth;
+
+interface TokenGenerator
+{
+    public function generate(): string;
+}

backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+use App\Auth\PasswordHasher;
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use App\User\UserRepository;
+
+class AuthenticateUser
+{
+    public function __construct(
+        private UserRepository $userRepo,
+        private PasswordHasher $hasher,
+    ) {}
+
+    /**
+     * @throws BadRequestException
+     * @throws UnauthorizedException
+     */
+    public function execute(AuthenticateUserRequest $request): User
+    {
+        if ($request->email === null || $request->email === '') {
+            throw new BadRequestException('email is required');
+        }
+        if ($request->password === null || $request->password === '') {
+            throw new BadRequestException('password is required');
+        }
+
+        $user = $this->userRepo->findByEmail(
+            new EmailAddress($request->email)
+        );
+        if ($user === null) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        $passwordMatches = $this->hasher->verify(
+            $request->password,
+            $user->getPasswordHash(),
+        );
+        if (! $passwordMatches) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        return $user;
+    }
+}

backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+class AuthenticateUserRequest
+{
+    public function __construct(
+        public ?string $email,
+        public ?string $password,
+    ) {}
+}

backend/app/Auth/UseCases/CreateSession/CreateSession.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Auth\UseCases\CreateSession;
+
+use App\Auth\Clock;
+use App\Auth\CreateSessionDto;
+use App\Auth\Session;
+use App\Auth\SessionRepository;
+use App\Auth\TokenGenerator;
+use App\User\User;
+
+class CreateSession
+{
+    private const SESSION_LIFETIME = '+7 days';
+
+    public function __construct(
+        private SessionRepository $sessionRepo,
+        private TokenGenerator $tokenGenerator,
+        private Clock $clock,
+    ) {}
+
+    public function execute(User $user): Session
+    {
+        $now = $this->clock->now();
+        $expiresAt = $now->modify(self::SESSION_LIFETIME);
+
+        return $this->sessionRepo->create(new CreateSessionDto(
+            token: $this->tokenGenerator->generate(),
+            user: $user,
+            createdAt: $now,
+            expiresAt: $expiresAt,
+        ));
+    }
+}

backend/app/Auth/UseCases/Logout/Logout.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Auth\UseCases\Logout;
+
+use App\Auth\SessionRepository;
+
+class Logout
+{
+    public function __construct(
+        private SessionRepository $sessionRepo,
+    ) {}
+
+    public function execute(string $token): void
+    {
+        $this->sessionRepo->deleteByToken($token);
+    }
+}

backend/app/Exceptions/BadRequestException.php

@@ -0,0 +1,7 @@
+<?php
+
+namespace App\Exceptions;
+
+use DomainException;
+
+class BadRequestException extends DomainException {}

backend/app/Exceptions/UnauthorizedException.php

@@ -0,0 +1,7 @@
+<?php
+
+namespace App\Exceptions;
+
+use DomainException;
+
+class UnauthorizedException extends DomainException {}

backend/app/Http/Middleware/AuthMiddleware.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Auth\Clock;
+use App\Auth\SessionRepository;
+use Closure;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class AuthMiddleware
+{
+    public const COOKIE_NAME = 'auth_token';
+
+    public function __construct(
+        private SessionRepository $sessionRepo,
+        private Clock $clock,
+    ) {}
+
+    /**
+     * @param  Closure(Request): Response  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $token = $request->cookie(self::COOKIE_NAME);
+        if (! is_string($token) || $token === '') {
+            return $this->unauthorized();
+        }
+
+        $session = $this->sessionRepo->findByToken($token);
+        if ($session === null) {
+            return $this->unauthorized();
+        }
+
+        if ($session->isExpired($this->clock->now())) {
+            $this->sessionRepo->deleteByToken($token);
+
+            return $this->unauthorized();
+        }
+
+        $request->attributes->set('user', $session->getUser());
+
+        return $next($request);
+    }
+
+    private function unauthorized(): JsonResponse
+    {
+        return new JsonResponse(['error' => 'unauthenticated'], 401);
+    }
+}

backend/app/Shared/ValueObject/EmailAddress.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace App\Shared\ValueObject;
+
+use InvalidArgumentException;
+
+final readonly class EmailAddress
+{
+    private string $normalized;
+
+    private string $domain;
+
+    private const ERROR_MESSAGE = 'Invalid email address:';
+
+    public function __construct(string $email)
+    {
+
+        $trimmed = trim($email);
+
+        if ($trimmed === '' || ! str_contains($trimmed, '@')) {
+            throw new InvalidArgumentException(self::ERROR_MESSAGE." $email");
+        }
+
+        [$local, $domain] = explode('@', $trimmed, 2);
+        $this->domain = mb_strtolower($domain);
+        $normalized = $local.'@'.$this->domain;
+
+        if (filter_var($normalized, FILTER_VALIDATE_EMAIL) === false) {
+            throw new InvalidArgumentException(self::ERROR_MESSAGE." $email");
+        }
+
+        $this->normalized = $normalized;
+    }
+
+    public function value(): string
+    {
+        return $this->normalized;
+    }
+
+    public function equals(self $other): bool
+    {
+        return $this->normalized === $other->normalized;
+    }
+
+    public function getDomain(): string
+    {
+        return $this->domain;
+    }
+
+    public function __toString(): string
+    {
+        return $this->normalized;
+    }
+}

backend/app/User/CreateUserDto.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace App\User;
+
+use App\Shared\ValueObject\EmailAddress;
+
+class CreateUserDto
+{
+    public function __construct(
+        public EmailAddress $email,
+        public string $passwordHash,
+    ) {}
+}

backend/app/User/EloquentUserRepository.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace App\User;
+
+use App\Shared\ValueObject\EmailAddress;
+
+class EloquentUserRepository implements UserRepository
+{
+    public function create(CreateUserDto $dto): User
+    {
+        $model = UserModel::create([
+            'email' => $dto->email->value(),
+            'password_hash' => $dto->passwordHash,
+        ]);
+
+        return $this->toDomain($model);
+    }
+
+    public function findByEmail(EmailAddress $email): ?User
+    {
+        $model = UserModel::where('email', $email->value())->first();
+
+        return $model === null ? null : $this->toDomain($model);
+    }
+
+    public function findByEmailDomain(string $domain): array
+    {
+        $models = UserModel::where('email', 'like', '%@'.$domain)->get();
+        $users = [];
+        foreach ($models as $model) {
+            $users[] = $this->toDomain($model);
+        }
+
+        return $users;
+    }
+
+    public function find(int $id): ?User
+    {
+        $model = UserModel::find($id);
+
+        return $model === null ? null : $this->toDomain($model);
+    }
+
+    private function toDomain(UserModel $model): User
+    {
+        return new User(
+            id: $model->id,
+            email: new EmailAddress($model->email),
+            passwordHash: $model->password_hash,
+        );
+    }
+}

backend/app/User/User.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace App\User;
+
+use App\Shared\ValueObject\EmailAddress;
+
+class User
+{
+    public function __construct(
+        private int $id,
+        private EmailAddress $email,
+        private string $passwordHash,
+    ) {}
+
+    public function getId(): int
+    {
+        return $this->id;
+    }
+
+    public function getEmail(): EmailAddress
+    {
+        return $this->email;
+    }
+
+    public function getPasswordHash(): string
+    {
+        return $this->passwordHash;
+    }
+}

backend/app/User/UserModel.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\User;
+
+use Illuminate\Database\Eloquent\Model;
+
+/**
+ * @property int $id
+ * @property string $email
+ * @property string $password_hash
+ *
+ * @method static \Illuminate\Database\Eloquent\Builder<static>|UserModel newModelQuery()
+ * @method static \Illuminate\Database\Eloquent\Builder<static>|UserModel newQuery()
+ * @method static \Illuminate\Database\Eloquent\Builder<static>|UserModel query()
+ * @method static \Illuminate\Database\Eloquent\Builder<static>|UserModel whereEmail($value)
+ * @method static \Illuminate\Database\Eloquent\Builder<static>|UserModel whereId($value)
+ *
+ * @mixin \Eloquent
+ */
+class UserModel extends Model
+{
+    protected $table = 'users';
+
+    public $timestamps = false;
+
+    protected $fillable = ['email', 'password_hash'];
+}

backend/app/User/UserRepository.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace App\User;
+
+use App\Shared\ValueObject\EmailAddress;
+
+interface UserRepository
+{
+    public function create(CreateUserDto $dto): User;
+
+    public function findByEmail(EmailAddress $email): ?User;
+
+    /**
+     * @return User[]
+     */
+    public function findByEmailDomain(string $domain): array;
+
+    public function find(int $id): ?User;
+}