yisroelbaum/Rabbi_Gerzi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

implement auth controller

Browse source 
Green phase: AuthController handles login (authenticate + create session + set cookie), logout (delete session + clear cookie), and me (return user from request attribute).
This commit is contained in:
Yisroel Baum 2026-05-16 21:33:06 +03:00
parent 21dca993cd
commit e54197f8a5
Signed by: yisroelbaum
GPG key ID: 0FA60884F75520A9
1 changed files with 145 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

145
backend/app/Controllers/AuthController.php Normal file
View file

@ -0,0 +1,145 @@
<?php
namespace App\Controllers;
use App\Auth\UseCases\AuthenticateUser\AuthenticateUser;
use App\Auth\UseCases\AuthenticateUser\AuthenticateUserRequest;
use App\Auth\UseCases\CreateSession\CreateSession;
use App\Auth\UseCases\Logout\Logout;
use App\Exceptions\BadRequestException;
use App\Exceptions\UnauthorizedException;
use App\Middleware\AuthMiddleware;
use App\User\User;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\Psr7\Response;
class AuthController
{
public function __construct(
private AuthenticateUser $authenticateUser,
private CreateSession $createSession,
private Logout $logout,
) {}
public function login(
ServerRequestInterface $request,
ResponseInterface $response,
): ResponseInterface {
$body = $this->parseBody($request);
try {
$user = $this->authenticateUser->execute(
new AuthenticateUserRequest(
email: $body['email'] ?? null,
password: $body['password'] ?? null,
),
);
} catch (BadRequestException $exception) {
return $this->jsonResponse(
new Response(400),
['error' => $exception->getMessage()],
400,
);
} catch (UnauthorizedException $exception) {
return $this->jsonResponse(
new Response(401),
['error' => $exception->getMessage()],
401,
);
}
$session = $this->createSession->execute($user);
$response = $this->jsonResponse(
new Response(200),
['user' => $this->buildUserPayload($user)],
200,
);
$cookieValue = sprintf(
'%s=%s; Expires=%s; Path=/; HttpOnly; SameSite=Lax',
AuthMiddleware::COOKIE_NAME,
$session->getToken(),
$session->getExpiresAt()->format('D, d-M-Y H:i:s T'),
);
return $response->withHeader('Set-Cookie', $cookieValue);
}
public function logout(
ServerRequestInterface $request,
ResponseInterface $response,
): ResponseInterface {
$cookies = $request->getCookieParams();
$token = $cookies[AuthMiddleware::COOKIE_NAME] ?? null;
if (is_string($token) && $token !== '') {
$this->logout->execute($token);
}
$response = new Response(204);
$cookieValue = sprintf(
'%s=; Expires=%s; Path=/; HttpOnly; SameSite=Lax',
AuthMiddleware::COOKIE_NAME,
'Thu, 01-Jan-1970 00:00:00 GMT',
);
return $response->withHeader('Set-Cookie', $cookieValue);
}
public function me(
ServerRequestInterface $request,
ResponseInterface $response,
): ResponseInterface {
$user = $request->getAttribute('user');
if (! $user instanceof User) {
return $this->jsonResponse(
new Response(401),
['error' => 'unauthenticated'],
401,
);
}
return $this->jsonResponse(
new Response(200),
['user' => $this->buildUserPayload($user)],
200,
);
}
private function buildUserPayload(User $user): array
{
return [
'id' => $user->getId(),
'email' => $user->getEmail()->value(),
];
}
private function jsonResponse(
ResponseInterface $response,
array $data,
int $status,
): ResponseInterface {
$response = $response->withStatus($status);
$response->getBody()->write(json_encode($data));
return $response->withHeader('Content-Type', 'application/json');
}
private function parseBody(ServerRequestInterface $request): array
{
$contentType = $request->getHeaderLine('Content-Type');
if (str_contains($contentType, 'application/json')) {
$body = (string) $request->getBody();
$decoded = json_decode($body, true);
return is_array($decoded) ? $decoded : [];
}
return (array) $request->getParsedBody();
}
}