From 09b547e18fbfa00e6d8c509520f7d44c74d478b6 Mon Sep 17 00:00:00 2001
From: sundayenglish <quyetluu217@gmail.com>
Date: Mon, 23 Jun 2025 10:02:21 +0700
Subject: [PATCH] Mapping database authentication to Sunday English

---
 .env.example                          | 21 ++++++++++-----
 app/Models/GKUser.php                 | 36 ++++++++++++++++++++++++++
 app/Passport/CustomUserRepository.php | 37 +++++++++++++++++++++++++++
 app/Providers/AuthServiceProvider.php | 21 ++++++++++++---
 app/Providers/MD5UserProvider.php     | 32 +++++++++++++++++++++++
 bootstrap/providers.php               |  1 +
 config/auth.php                       |  7 ++---
 config/database.php                   | 19 ++++++++++++++
 8 files changed, 161 insertions(+), 13 deletions(-)
 create mode 100644 app/Models/GKUser.php
 create mode 100644 app/Passport/CustomUserRepository.php
 create mode 100644 app/Providers/MD5UserProvider.php

diff --git a/.env.example b/.env.example
index 1403052..f2fd65c 100644
--- a/.env.example
+++ b/.env.example
@@ -20,12 +20,19 @@ LOG_STACK=single
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
 
-DB_CONNECTION=sqlite
-# DB_HOST=127.0.0.1
-# DB_PORT=3306
-# DB_DATABASE=laravel
-# DB_USERNAME=root
-# DB_PASSWORD=
+DB_CONNECTION=mysql
+DB_HOST=
+DB_PORT=
+DB_DATABASE=
+DB_USERNAME=
+DB_PASSWORD=
+
+DB_SUNDAY_CONNECTION=mysql
+DB_SUNDAY_HOST=
+DB_SUNDAY_PORT=
+DB_SUNDAY_DATABASE=
+DB_SUNDAY_USERNAME=
+DB_SUNDAY_PASSWORD=
 
 SESSION_DRIVER=database
 SESSION_LIFETIME=120
@@ -66,3 +73,5 @@ VITE_APP_NAME="${APP_NAME}"
 
 PASSPORT_PASSWORD_CLIENT_ID=
 PASSPORT_PASSWORD_CLIENT_SECRET=
+
+AUTH_MODEL=App\\Models\\GkUser
diff --git a/app/Models/GKUser.php b/app/Models/GKUser.php
new file mode 100644
index 0000000..b4f1d72
--- /dev/null
+++ b/app/Models/GKUser.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Foundation\Auth\User as Authenticatable;
+use Illuminate\Notifications\Notifiable;
+use Laravel\Passport\HasApiTokens;
+use Spatie\Permission\Traits\HasRoles;
+
+class GKUser extends Authenticatable
+{
+    use HasApiTokens, Notifiable, HasRoles;
+
+    protected $table = 'gk_user';
+
+    protected $connection = 'db_sunday';
+
+    protected $fillable = [
+        'name',
+        'email',
+        'password',
+    ];
+
+    protected $hidden = [
+        'password',
+        'remember_token',
+    ];
+
+    protected function casts(): array
+    {
+        return [
+            'email_verified_at' => 'datetime',
+            'password' => 'hashed',
+        ];
+    }
+}
diff --git a/app/Passport/CustomUserRepository.php b/app/Passport/CustomUserRepository.php
new file mode 100644
index 0000000..9a1363a
--- /dev/null
+++ b/app/Passport/CustomUserRepository.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Passport;
+
+use Laravel\Passport\Bridge\User;
+use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use Illuminate\Support\Facades\Hash;
+use App\Models\GKUser;
+
+class CustomUserRepository extends PassportUserRepository
+{
+    public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $client)
+    {
+        $user = GKUser::where('email', $username)->first();
+
+        if (! $user) {
+            return;
+        }
+
+        $hashed = $user->password;
+
+        if (!Hash::needsRehash($hashed)) {
+            if (!Hash::check($password, $hashed)) {
+                return;
+            }
+        } elseif (md5($password) !== $hashed) {
+            return;
+        } else {
+            // ✅ Nếu MD5 khớp → nâng cấp lên bcrypt
+            $user->password = Hash::make($password);
+            $user->save();
+        }
+
+        return new User($user->getAuthIdentifier());
+    }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index e6eaad1..cdab7e4 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -5,8 +5,11 @@ namespace App\Providers;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Laravel\Passport\Passport;
 use League\OAuth2\Server\AuthorizationServer;
-use Laravel\Passport\Bridge\UserRepository;
+use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
 use Laravel\Passport\Bridge\RefreshTokenRepository;
+use Illuminate\Support\Facades\Auth;
+use App\Auth\Providers\MD5UserProvider;
+use App\Passport\CustomUserRepository; // ⬅️ bạn sẽ tạo file này
 use DateInterval;
 
 class AuthServiceProvider extends ServiceProvider
@@ -15,17 +18,27 @@ class AuthServiceProvider extends ServiceProvider
 
     public function boot(): void
     {
+        // ✅ Đăng ký custom provider hỗ trợ MD5 password
+        Auth::provider('md5provider', function ($app, array $config) {
+            return new MD5UserProvider($app['hash'], $config['model']);
+        });
+
+        // ✅ Ghi đè UserRepository để Passport hỗ trợ MD5
+        $this->app->bind(PassportUserRepository::class, CustomUserRepository::class);
+
+        // ✅ Thiết lập thời hạn token Passport
         Passport::tokensExpireIn(now()->addHour());
         Passport::refreshTokensExpireIn(now()->addMonth());
 
+        // ✅ Đăng ký Password Grant cho OAuth
         $this->app->afterResolving(AuthorizationServer::class, function ($server) {
             $grant = new \League\OAuth2\Server\Grant\PasswordGrant(
-                app(UserRepository::class),
+                app(PassportUserRepository::class),
                 app(RefreshTokenRepository::class)
             );
-            $grant->setRefreshTokenTTL(new DateInterval('P1M')); // 1 tháng
 
-            $server->enableGrantType($grant, new DateInterval('PT1H')); // 1 giờ
+            $grant->setRefreshTokenTTL(new DateInterval('P1M'));
+            $server->enableGrantType($grant, new DateInterval('PT1H'));
         });
     }
 }
diff --git a/app/Providers/MD5UserProvider.php b/app/Providers/MD5UserProvider.php
new file mode 100644
index 0000000..9990491
--- /dev/null
+++ b/app/Providers/MD5UserProvider.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Auth\Providers;
+
+use Illuminate\Auth\EloquentUserProvider;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Support\Facades\Hash;
+
+class MD5UserProvider extends EloquentUserProvider
+{
+    public function validateCredentials(Authenticatable $user, array $credentials)
+    {
+        $plain = $credentials['password'];
+        $hashed = $user->getAuthPassword();
+
+        // Nếu là Bcrypt → dùng bình thường
+        if (!Hash::needsRehash($hashed)) {
+            return Hash::check($plain, $hashed);
+        }
+
+        // Nếu là MD5 → kiểm tra tay
+        if (md5($plain) === $hashed) {
+            // Tự động upgrade
+            $user->password = Hash::make($plain);
+            $user->save();
+
+            return true;
+        }
+
+        return false;
+    }
+}
diff --git a/bootstrap/providers.php b/bootstrap/providers.php
index fe18a0a..c2d67f8 100644
--- a/bootstrap/providers.php
+++ b/bootstrap/providers.php
@@ -3,5 +3,6 @@
 return [
     App\Providers\AppServiceProvider::class,
     App\Providers\AuthServiceProvider::class,
+    App\Providers\MD5UserProvider::class,
     App\Providers\MiddlewareServiceProvider::class,
 ];
diff --git a/config/auth.php b/config/auth.php
index 6d9c511..69c403c 100644
--- a/config/auth.php
+++ b/config/auth.php
@@ -42,7 +42,7 @@ return [
         ],
 
         'api' => [
-            'driver' => 'passport',  // ← Quan trọng: phải là 'passport'
+            'driver' => 'passport',  //
             'provider' => 'users',
         ],
     ],
@@ -66,8 +66,9 @@ return [
 
     'providers' => [
         'users' => [
-            'driver' => 'eloquent',
-            'model' => env('AUTH_MODEL', App\Models\User::class),
+            // 'driver' => 'eloquent',
+            'driver' => 'md5provider',
+            'model' => App\Models\GKUser::class,
         ],
 
         // 'users' => [
diff --git a/config/database.php b/config/database.php
index 8910562..f2118b0 100644
--- a/config/database.php
+++ b/config/database.php
@@ -61,6 +61,25 @@ return [
                 PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
             ]) : [],
         ],
+        'db_sunday' => [
+            'driver' => 'mysql',
+            'url' => env('DB_URL'),
+            'host' => env('DB_SUNDAY_HOST', '127.0.0.1'),
+            'port' => env('DB_SUNDAY_PORT', '3306'),
+            'database' => env('DB_SUNDAY_DATABASE', 'laravel'),
+            'username' => env('DB_SUNDAY_USERNAME', 'root'),
+            'password' => env('DB_SUNDAY_PASSWORD', ''),
+            'unix_socket' => env('DB_SOCKET', ''),
+            'charset' => env('DB_CHARSET', 'utf8mb4'),
+            'collation' => env('DB_COLLATION', 'utf8mb4_unicode_ci'),
+            'prefix' => '',
+            'prefix_indexes' => true,
+            'strict' => true,
+            'engine' => null,
+            'options' => extension_loaded('pdo_mysql') ? array_filter([
+                PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
+            ]) : [],
+        ],
 
         'mariadb' => [
             'driver' => 'mariadb',