Complete Phase 1: MVC, DB migrations, Auth, RBAC, Security, and Views

2026-06-05 00:56:41 +03:00
parent 7ffbc8bafa
commit bed7624ae9
51 changed files with 3295 additions and 0 deletions
--- a/app/Controllers/AuthController.php
+++ b/app/Controllers/AuthController.php
@@ -0,0 +1,115 @@
+<?php
+
+namespace App\Controllers;
+
+use App\Core\Request;
+use App\Core\Response;
+use App\Services\Auth\AuthService;
+use App\Services\Database\ActivityLogger;
+use Throwable;
+
+class AuthController extends Controller
+{
+    private AuthService $authService;
+    private ActivityLogger $logger;
+
+    public function __construct(AuthService $authService, ActivityLogger $logger)
+    {
+        parent::__construct();
+        $this->authService = $authService;
+        $this->logger = $logger;
+    }
+
+    /**
+     * Render the login page.
+     */
+    public function showLogin(Request $request, Response $response): string
+    {
+        if ($this->session->get('user_id')) {
+            $response->redirect('/admin/dashboard');
+        }
+        return $this->render('auth/login', [], 'auth');
+    }
+
+    /**
+     * Handle login requests.
+     */
+    public function login(Request $request, Response $response): void
+    {
+        $email = $request->post('email', '');
+        $password = $request->post('password', '');
+
+        try {
+            $user = $this->authService->login($email, $password);
+            
+            $this->session->set('user_id', $user['id']);
+            $this->session->set('user_name', $user['name']);
+            $this->session->set('user_email', $user['email']);
+
+            // Security log
+            $this->logger->log($user['id'], 'user_login', 'User logged in successfully via Web.');
+
+            $this->session->setFlash('success', 'Welcome back, ' . $user['name'] . '!');
+            $response->redirect('/admin/dashboard');
+        } catch (Throwable $e) {
+            $this->session->setFlash('error', $e->getMessage());
+            $response->redirect('/login');
+        }
+    }
+
+    /**
+     * Render registration page.
+     */
+    public function showRegister(Request $request, Response $response): string
+    {
+        if ($this->session->get('user_id')) {
+            $response->redirect('/admin/dashboard');
+        }
+        return $this->render('auth/register', [], 'auth');
+    }
+
+    /**
+     * Handle registration requests.
+     */
+    public function register(Request $request, Response $response): void
+    {
+        $name = $request->post('name', '');
+        $email = $request->post('email', '');
+        $password = $request->post('password', '');
+
+        try {
+            if (empty($name) || empty($email) || empty($password)) {
+                throw new \Exception("All fields are required.");
+            }
+
+            $user = $this->authService->register($name, $email, $password);
+
+            $this->session->set('user_id', $user['id']);
+            $this->session->set('user_name', $user['name']);
+            $this->session->set('user_email', $user['email']);
+
+            // Security log
+            $this->logger->log($user['id'], 'user_register', 'User registered and logged in.');
+
+            $this->session->setFlash('success', 'Registration successful! Welcome to ScoutIQ.');
+            $response->redirect('/admin/dashboard');
+        } catch (Throwable $e) {
+            $this->session->setFlash('error', $e->getMessage());
+            $response->redirect('/register');
+        }
+    }
+
+    /**
+     * Destroy user sessions and logout.
+     */
+    public function logout(Request $request, Response $response): void
+    {
+        $userId = $this->session->get('user_id');
+        if ($userId) {
+            $this->logger->log($userId, 'user_logout', 'User logged out.');
+        }
+
+        $this->session->destroy();
+        $response->redirect('/login');
+    }
+}