cms-frontend/app/Http/Controllers/AuthController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;

class AuthController extends Controller
{
    protected $apiBaseUrl = 'http://192.168.100.6:8081/api';

    /**
     * Show the login form
     */
    public function showLoginForm()
    {
        return view('login');
    }

    /**
     * Handle login form submission by calling the API
     */
    public function login(Request $request)
    {
        $url = "{$this->apiBaseUrl}/cms/login_password";
        $csrfToken = $request->session()->token();

        try {
            $response = Http::withHeaders([
                'X-CSRF-TOKEN' => $csrfToken,
                'Accept' => 'application/json',
            ])->post($url, [
                'username' => $request->input('username'),
                'password' => $request->input('password'),
            ]);

            $data = $response->json();

            // Log the full response for debugging
            Log::info('Login API Response: ', [$data]);

            if ($response->successful() && isset($data['code']) && $data['code'] === 200) {
                if (isset($data['data']) && isset($data['data']['access_token'])) {
                    session(['token' => $data['data']['access_token']]);
                    return redirect()->intended(route('my-profile'));
                } elseif (isset($data['data']['prompt_password'])) {
                    session(['admin_uuid' => $data['data']['admin_uuid']]);
                    return redirect()->route('password.change.form');
                } else {
                    return redirect()->back()->withErrors(['login' => 'Invalid API response or no token received.']);
                }
            }

            return redirect()->back()->withErrors(['login' => $data['message'] ?? 'Login failed.']);
        } catch (\Exception $e) {
            Log::error('Login Exception: ' . $e->getMessage());
            return redirect()->back()->withErrors(['login' => 'Login request failed: ' . $e->getMessage()]);
        }
    }

    /**
     * Show the change password form
     */
    public function showChangePasswordForm()
    {
        if (!session()->has('admin_uuid')) {
            return redirect()->route('login')->withErrors(['error' => 'Unauthorized access']);
        }

        return view('change-password');
    }

    /**
     * Handle change password form submission by calling the API
     */
    public function changePassword(Request $request)
    {
        $url = "{$this->apiBaseUrl}/cms/login_changePassword";
        $csrfToken = $request->session()->token();

        try {
            $response = Http::withHeaders([
                'X-CSRF-TOKEN' => $csrfToken,
                'Accept' => 'application/json',
                'Authorization' => 'Bearer ' . session('token'),
            ])->post($url, [
                'admin_uuid' => $request->input('admin_uuid'),
                'password' => $request->input('password'),
            ]);

            $data = $response->json();

            Log::info('Change Password API Response: ', [$data]);

            if ($response->successful() && isset($data['code']) && $data['code'] === 200) {
                if (isset($data['data']['access_token'])) {
                    session(['token' => $data['data']['access_token']]);
                } elseif (isset($data['data']['token'])) {
                    session(['token' => $data['data']['token']]);
                }
                session()->forget('admin_uuid');
                return redirect()->route('my-profile')->with('success', $data['message'] ?? 'Password changed successfully');
            }

            return redirect()->back()->withErrors(['error' => $data['message'] ?? 'Failed to change password']);
        } catch (\Exception $e) {
            Log::error('Change Password Exception: ' . $e->getMessage());
            return redirect()->back()->withErrors(['error' => 'Password change request failed: ' . $e->getMessage()]);
        }
    }

    /**
     * Handle logout by calling the API
     */
    public function logout(Request $request)
    {
        $url = "{$this->apiBaseUrl}/logout_cms";
        $csrfToken = $request->session()->token();

        try {
            Http::withHeaders([
                'X-CSRF-TOKEN' => $csrfToken,
                'Accept' => 'application/json',
                'Authorization' => 'Bearer ' . session('token'),
            ])->post($url);

            session()->flush();
            return redirect()->route('login')->with('success', 'Logged out successfully');
        } catch (\Exception $e) {
            Log::error('Logout Exception: ' . $e->getMessage());
            session()->flush();
            return redirect()->route('login')->with('success', 'Logged out successfully');
        }
    }
}