namespace App\Http\Controllers\Admin; use App\Http\Controllers\Controller; use App\Models\Admin; use App\Models\AdminLoginLog; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Hash; use Illuminate\Validation\ValidationException; class AuthController extends Controller { public function showLoginForm() { if (Auth::guard('admin')->check()) { return redirect()->route('admin.dashboard'); } return view('admin.auth.login'); } public function login(Request $request) { $request->validate([ 'email' => 'required|email', 'password' => 'required', ]); // Check rate limiting $this->checkTooManyFailedAttempts($request); $admin = Admin::where('email', $request->email)->first(); if (!$admin || !Hash::check($request->password, $admin->password)) { $this->incrementLoginAttempts($request); $this->logLoginAttempt($request, null, 'failed', 'Invalid credentials'); throw ValidationException::withMessages([ 'email' => ['The provided credentials are incorrect.'], ]); } // Check if admin is active if (!$admin->isActive()) { $this->logLoginAttempt($request, $admin, 'failed', 'Account inactive'); return back()->withErrors([ 'email' => 'Your account is inactive. Please contact super admin.', ]); } // Check IP whitelist if (!$admin->isIpAllowed($request->ip())) { $this->logLoginAttempt($request, $admin, 'failed', 'IP not whitelisted'); return back()->withErrors([ 'email' => 'Access denied from this IP address.', ]); } // Log successful login $this->logLoginAttempt($request, $admin, 'success'); // Clear failed attempts $this->clearLoginAttempts($request); // Login admin Auth::guard('admin')->login($admin, $request->boolean('remember')); // Update last login $admin->updateLastLogin($request->ip()); // Log activity $admin->logActivity('Logged in', ['ip' => $request->ip()]); return redirect()->intended(route('admin.dashboard')); } public function logout(Request $request) { $admin = Auth::guard('admin')->user(); if ($admin) { // Update logout time in login log AdminLoginLog::where('admin_id', $admin->id) ->whereNull('logout_at') ->latest() ->first() ?->update(['logout_at' => now()]); $admin->logActivity('Logged out'); } Auth::guard('admin')->logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return redirect()->route('admin.login'); } protected function logLoginAttempt(Request $request, $admin = null, $status = 'success', $reason = null) { AdminLoginLog::create([ 'admin_id' => $admin ? $admin->id : null, 'ip_address' => $request->ip(), 'user_agent' => $request->userAgent(), 'login_at' => now(), 'status' => $status, 'failure_reason' => $reason, ]); } protected function checkTooManyFailedAttempts(Request $request) { $key = $this->throttleKey($request); $maxAttempts = 5; $decayMinutes = 30; if (app('limiter')->tooManyAttempts($key, $maxAttempts)) { $seconds = app('limiter')->availableIn($key); throw ValidationException::withMessages([ 'email' => ['Too many login attempts. Please try again in ' . ceil($seconds / 60) . ' minutes.'], ]); } } protected function incrementLoginAttempts(Request $request) { app('limiter')->hit($this->throttleKey($request), 30 * 60); } protected function clearLoginAttempts(Request $request) { app('limiter')->clear($this->throttleKey($request)); } protected function throttleKey(Request $request) { return 'admin_login:' . $request->ip() . ':' . $request->email; } }