user(); if (!$user) { return response()->json(['ok' => false, 'user' => null], 401); } return response()->json(['ok' => true, 'user' => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, ]]); } public function login(Request $request) { $attrs = $request->validate([ 'email' => ['required', 'email'], 'password' => ['required'], 'remember' => ['sometimes', 'boolean'], ]); $attrs['email'] = trim(strtolower($attrs['email'])); $attrs['remember'] = $attrs['remember'] ?? false; if (User::where('email', $attrs['email'])->doesntExist()) { return response()->json([ 'ok' => false, 'errors' => [ 'email' => 'Email not found', ], 'message' => 'Invalid credentials', ], 401); }; if (!Auth::attempt( [ 'email' => $attrs['email'], 'password' => $attrs['password'] ], $attrs['remember'] ?? false )) { return response()->json([ 'ok' => false, 'errors' => [ 'password' => 'Invalid password', ], 'message' => 'Invalid credentials', ], 401); } // Auth::attempt set session/cookie; regenerate session id for safety $request->session()->regenerate(); $user = $request->user(); return response()->json(['ok' => true, 'user' => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, ]]); } public function logout(Request $request) { Auth::guard('web')->logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return response()->json(['ok' => true]); } }