trakli · nfebe · Jan 26, 2025 · Jan 25, 2025 · Jan 25, 2025 · Jan 25, 2025
diff --git a/app/Http/Controllers/API/ApiController.php b/app/Http/Controllers/API/ApiController.php
@@ -3,9 +3,17 @@
 namespace App\Http\Controllers\API;
 
 use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
 use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Support\Facades\Validator;
 use OpenApi\Attributes as OA;
 
+#[OA\OpenApi(
+    security: [
+        ['bearerAuth' => []],
+    ]
+)]
 #[OA\Info(title: 'Trakli API', version: '1.0.0')]
 #[OA\Server(url: 'http://localhost:8000/api/v1', description: 'Development server')]
 #[OA\Server(url: 'https://api.trakli.io/v1', description: 'Production server')]
@@ -18,8 +26,68 @@
     //     new OA\ServerVariable(name: "host", default: "api.trakli.io", enum: ["api.trakli.io", "api.staging.example.com"])
     // ]
 )]
+#[OA\Components(
+    securitySchemes: [
+        new OA\SecurityScheme(
+            securityScheme: 'bearerAuth',
+            type: 'http',
+            scheme: 'bearer',
+            description: 'Bearer token authentication'
+        ),
+    ]
+)]
 class ApiController extends BaseController
 {
+    /**
+     * Check if the authenticated user can access the given resource.
+     *
+     * @param  mixed  $resource
+     * @param  string|null  $ownerKey
+     * @return void
+     *
+     * @throws \Illuminate\Http\Exceptions\HttpResponseException
+     */
+    public function userCanAccessResource($resource, $ownerKey = 'user_id')
+    {
+        if (is_null($resource)) {
+            abort(Response::HTTP_NOT_FOUND, 'Resource not found.');
+        }
+
+        if (auth()->id() !== $resource->{$ownerKey}) {
+            abort(Response::HTTP_FORBIDDEN, 'You are not authorized to access this resource.');
+        }
+    }
+
+    /**
+     * Validate the request data.
+     */
+    protected function validateRequest(Request $request, array $rules): array
+    {
+        $validator = Validator::make($request->all(), $rules);
+
+        if ($validator->fails()) {
+            $errors = $validator->errors();
+
+            if ($errors->hasAny(array_keys($rules))) {
+                return [
+                    'isValidated' => false,
+                    'message' => 'Server failed to validate request.',
+                    'code' => 422,
+                    'errors' => $errors->toArray(),
+                ];
+            }
+
+            return [
+                'isValidated' => false,
+                'message' => 'Server unable to process request.',
+                'code' => 400,
+                'errors' => $errors->toArray(),
+            ];
+        }
+
+        return ['isValidated' => true, 'data' => $validator->validated()];
+    }
+
     /**
      * Return a success response.
      *

diff --git a/app/Http/Controllers/API/v1/Auth/AuthController.php b/app/Http/Controllers/API/v1/Auth/AuthController.php
@@ -11,11 +11,13 @@
 use Illuminate\Support\Facades\Validator;
 use OpenApi\Attributes as OA;
 
+#[OA\Tag(name: 'Authentication', description: 'Endpoints for user authentication')]
 class AuthController extends ApiController
 {
     #[OA\Post(
         path: '/register',
         tags: ['Authentication'],
+        security: [],
         summary: 'Register a new user',
         requestBody: new OA\RequestBody(
             required: true,
@@ -68,6 +70,7 @@ public function register(Request $request)
     #[OA\Post(
         path: '/login',
         tags: ['Authentication'],
+        security: [],
         summary: 'User login',
         requestBody: new OA\RequestBody(
             required: true,

diff --git a/app/Http/Controllers/API/v1/Auth/PasswordResetController.php b/app/Http/Controllers/API/v1/Auth/PasswordResetController.php
@@ -11,13 +11,15 @@
 use Illuminate\Support\Facades\Validator;
 use OpenApi\Attributes as OA;
 
+#[OA\Tag(name: 'Authentication', description: 'Endpoints for password reset')]
 class PasswordResetController extends ApiController
 {
     public function __construct(private NotificationService $notificationService) {}
 
     #[OA\Post(
         path: '/password/reset-code',
         tags: ['Authentication'],
+        security: [],
         summary: 'Send password reset code',
         requestBody: new OA\RequestBody(
             required: true,
@@ -84,6 +86,7 @@ public function sendPasswordResetCode(Request $request)
     #[OA\Post(
         path: '/password/reset',
         tags: ['Authentication'],
+        security: [],
         summary: 'Reset password using verification code',
         requestBody: new OA\RequestBody(
             required: true,