Mapping database authentication to Sunday English

4 weeks ago · 09b547e18f
parent fe7a7e5970
commit 09b547e18f
8 changed files with 161 additions and 13 deletions
--- a/.env.example
+++ b/.env.example
@ -20,12 +20,19 @@ LOG_STACK=single
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug

-DB_CONNECTION=sqlite
-# DB_HOST=127.0.0.1
-# DB_PORT=3306
-# DB_DATABASE=laravel
-# DB_USERNAME=root
-# DB_PASSWORD=
+DB_CONNECTION=mysql
+DB_HOST=
+DB_PORT=
+DB_DATABASE=
+DB_USERNAME=
+DB_PASSWORD=
+
+DB_SUNDAY_CONNECTION=mysql
+DB_SUNDAY_HOST=
+DB_SUNDAY_PORT=
+DB_SUNDAY_DATABASE=
+DB_SUNDAY_USERNAME=
+DB_SUNDAY_PASSWORD=

 SESSION_DRIVER=database
 SESSION_LIFETIME=120
@ -66,3 +73,5 @@ VITE_APP_NAME="${APP_NAME}"

 PASSPORT_PASSWORD_CLIENT_ID=
 PASSPORT_PASSWORD_CLIENT_SECRET=
+
+AUTH_MODEL=App\\Models\\GkUser
--- a/app/Models/GKUser.php
+++ b/app/Models/GKUser.php
@ -0,0 +1,36 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Foundation\Auth\User as Authenticatable;
+use Illuminate\Notifications\Notifiable;
+use Laravel\Passport\HasApiTokens;
+use Spatie\Permission\Traits\HasRoles;
+
+class GKUser extends Authenticatable
+{
+    use HasApiTokens, Notifiable, HasRoles;
+
+    protected $table = 'gk_user';
+
+    protected $connection = 'db_sunday';
+
+    protected $fillable = [
+        'name',
+        'email',
+        'password',
+    ];
+
+    protected $hidden = [
+        'password',
+        'remember_token',
+    ];
+
+    protected function casts(): array
+    {
+        return [
+            'email_verified_at' => 'datetime',
+            'password' => 'hashed',
+        ];
+    }
+}
--- a/app/Passport/CustomUserRepository.php
+++ b/app/Passport/CustomUserRepository.php
@ -0,0 +1,37 @@
+<?php
+
+namespace App\Passport;
+
+use Laravel\Passport\Bridge\User;
+use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use Illuminate\Support\Facades\Hash;
+use App\Models\GKUser;
+
+class CustomUserRepository extends PassportUserRepository
+{
+    public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $client)
+    {
+        $user = GKUser::where('email', $username)->first();
+
+        if (! $user) {
+            return;
+        }
+
+        $hashed = $user->password;
+
+        if (!Hash::needsRehash($hashed)) {
+            if (!Hash::check($password, $hashed)) {
+                return;
+            }
+        } elseif (md5($password) !== $hashed) {
+            return;
+        } else {
+            // ✅ Nếu MD5 khớp → nâng cấp lên bcrypt
+            $user->password = Hash::make($password);
+            $user->save();
+        }
+
+        return new User($user->getAuthIdentifier());
+    }
+}
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@ -5,8 +5,11 @@ namespace App\Providers;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Laravel\Passport\Passport;
 use League\OAuth2\Server\AuthorizationServer;
-use Laravel\Passport\Bridge\UserRepository;
+use Laravel\Passport\Bridge\UserRepository as PassportUserRepository;
 use Laravel\Passport\Bridge\RefreshTokenRepository;
+use Illuminate\Support\Facades\Auth;
+use App\Auth\Providers\MD5UserProvider;
+use App\Passport\CustomUserRepository; // ⬅️ bạn sẽ tạo file này
 use DateInterval;

 class AuthServiceProvider extends ServiceProvider
@ -15,17 +18,27 @@ class AuthServiceProvider extends ServiceProvider

    public function boot(): void
    {
+        // ✅ Đăng ký custom provider hỗ trợ MD5 password
+        Auth::provider('md5provider', function ($app, array $config) {
+            return new MD5UserProvider($app['hash'], $config['model']);
+        });
+
+        // ✅ Ghi đè UserRepository để Passport hỗ trợ MD5
+        $this->app->bind(PassportUserRepository::class, CustomUserRepository::class);
+
+        // ✅ Thiết lập thời hạn token Passport
        Passport::tokensExpireIn(now()->addHour());
        Passport::refreshTokensExpireIn(now()->addMonth());

+        // ✅ Đăng ký Password Grant cho OAuth
        $this->app->afterResolving(AuthorizationServer::class, function ($server) {
            $grant = new \League\OAuth2\Server\Grant\PasswordGrant(
-                app(UserRepository::class),
+                app(PassportUserRepository::class),
                app(RefreshTokenRepository::class)
            );
-            $grant->setRefreshTokenTTL(new DateInterval('P1M')); // 1 tháng

-            $server->enableGrantType($grant, new DateInterval('PT1H')); // 1 giờ
+            $grant->setRefreshTokenTTL(new DateInterval('P1M'));
+            $server->enableGrantType($grant, new DateInterval('PT1H'));
        });
    }
 }
--- a/app/Providers/MD5UserProvider.php
+++ b/app/Providers/MD5UserProvider.php
@ -0,0 +1,32 @@
+<?php
+
+namespace App\Auth\Providers;
+
+use Illuminate\Auth\EloquentUserProvider;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Support\Facades\Hash;
+
+class MD5UserProvider extends EloquentUserProvider
+{
+    public function validateCredentials(Authenticatable $user, array $credentials)
+    {
+        $plain = $credentials['password'];
+        $hashed = $user->getAuthPassword();
+
+        // Nếu là Bcrypt → dùng bình thường
+        if (!Hash::needsRehash($hashed)) {
+            return Hash::check($plain, $hashed);
+        }
+
+        // Nếu là MD5 → kiểm tra tay
+        if (md5($plain) === $hashed) {
+            // Tự động upgrade
+            $user->password = Hash::make($plain);
+            $user->save();
+
+            return true;
+        }
+
+        return false;
+    }
+}
--- a/bootstrap/providers.php
+++ b/bootstrap/providers.php
@ -3,5 +3,6 @@
 return [
    App\Providers\AppServiceProvider::class,
    App\Providers\AuthServiceProvider::class,
+    App\Providers\MD5UserProvider::class,
    App\Providers\MiddlewareServiceProvider::class,
 ];
--- a/config/auth.php
+++ b/config/auth.php
@ -42,7 +42,7 @@ return [
        ],

        'api' => [
-            'driver' => 'passport',  // ← Quan trọng: phải là 'passport'
+            'driver' => 'passport',  //
            'provider' => 'users',
        ],
    ],
@ -66,8 +66,9 @@ return [

    'providers' => [
        'users' => [
-            'driver' => 'eloquent',
-            'model' => env('AUTH_MODEL', App\Models\User::class),
+            // 'driver' => 'eloquent',
+            'driver' => 'md5provider',
+            'model' => App\Models\GKUser::class,
        ],

        // 'users' => [
--- a/config/database.php
+++ b/config/database.php
@ -61,6 +61,25 @@ return [
                PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
            ]) : [],
        ],
+        'db_sunday' => [
+            'driver' => 'mysql',
+            'url' => env('DB_URL'),
+            'host' => env('DB_SUNDAY_HOST', '127.0.0.1'),
+            'port' => env('DB_SUNDAY_PORT', '3306'),
+            'database' => env('DB_SUNDAY_DATABASE', 'laravel'),
+            'username' => env('DB_SUNDAY_USERNAME', 'root'),
+            'password' => env('DB_SUNDAY_PASSWORD', ''),
+            'unix_socket' => env('DB_SOCKET', ''),
+            'charset' => env('DB_CHARSET', 'utf8mb4'),
+            'collation' => env('DB_COLLATION', 'utf8mb4_unicode_ci'),
+            'prefix' => '',
+            'prefix_indexes' => true,
+            'strict' => true,
+            'engine' => null,
+            'options' => extension_loaded('pdo_mysql') ? array_filter([
+                PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
+            ]) : [],
+        ],

        'mariadb' => [
            'driver' => 'mariadb',