diff --git a/app/Auth/CustomUserProvider.php b/app/Auth/CustomUserProvider.php
index 08c10bc..9637e0c 100644
--- a/app/Auth/CustomUserProvider.php
+++ b/app/Auth/CustomUserProvider.php
@@ -12,22 +12,31 @@ class CustomUserProvider extends EloquentUserProvider
         $plain = $credentials['password'];
         $hashed = $user->getAuthPassword();
 
+        // Check if the stored password is a bcrypt hash
         if ($this->isBcryptHash($hashed)) {
+            // Use the hasher to verify the password
             if ($this->hasher->check($plain, $hashed)) {
-                return true;
+            return true;
             }
         } else {
+            // Fallback for legacy MD5 hashes
             if (md5($plain) === $hashed) {
-                // Upgrade lên bcrypt
-                $user->password = $this->hasher->make($plain);
-                $user->save();
-                return true;
+            // Upgrade the password to bcrypt
+            $user->password = $this->hasher->make($plain);
+            $user->save();
+            return true;
             }
         }
 
         return false;
     }
 
+    /**
+     * Determine if the given hash is a bcrypt hash.
+     *
+     * @param string $hashedPassword
+     * @return bool
+     */
     protected function isBcryptHash($hashedPassword): bool
     {
         return password_get_info($hashedPassword)['algo'] === PASSWORD_BCRYPT;
diff --git a/app/Auth/PassportUserRepository.php b/app/Auth/PassportUserRepository.php
index c65c16c..5fe5bd8 100644
--- a/app/Auth/PassportUserRepository.php
+++ b/app/Auth/PassportUserRepository.php
@@ -22,26 +22,31 @@ class PassportUserRepository extends UserRepository
             return null;
         }
 
-        // Tránh lỗi Hash::check() với MD5
+        // Avoid Hash::check() error with non-bcrypt hashes
         if ($this->isBcryptHash($user->password)) {
             if (Hash::check($password, $user->password)) {
-                return new User($user->id);
+            return new User($user->id);
             }
         } else {
-            // Hash không phải bcrypt, kiểm tra MD5 thủ công
+            // If the hash is not bcrypt, check for MD5 manually
             if (md5($password) === $user->password) {
-                // Nâng cấp mật khẩu lên bcrypt
-                $user->password = Hash::make($password);
-                $user->save();
+            // Upgrade password to bcrypt
+            $user->password = Hash::make($password);
+            $user->save();
 
-                return new User($user->id);
+            return new User($user->id);
             }
         }
 
         return null;
     }
 
-    // Thêm method kiểm tra thuật toán hash
+    /**
+     * Check if the given hash uses the bcrypt algorithm.
+     *
+     * @param string $hashedPassword
+     * @return bool
+     */
     protected function isBcryptHash($hashedPassword): bool
     {
         return password_get_info($hashedPassword)['algo'] === PASSWORD_BCRYPT;
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 5533526..c91f8d3 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -5,10 +5,10 @@ namespace App\Providers;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Laravel\Passport\Passport;
 use League\OAuth2\Server\AuthorizationServer;
-use App\Auth\PassportUserRepository; // thêm dòng này
+use App\Auth\PassportUserRepository; // Custom Passport user repository
 use Laravel\Passport\Bridge\RefreshTokenRepository;
 use Illuminate\Support\Facades\Auth;
-use App\Auth\CustomUserProvider; // thêm dòng này
+use App\Auth\CustomUserProvider; // Custom user provider for web login
 use DateInterval;
 
 class AuthServiceProvider extends ServiceProvider
@@ -17,23 +17,24 @@ class AuthServiceProvider extends ServiceProvider
 
     public function boot(): void
     {
+        // Set Passport token expiration times
         Passport::tokensExpireIn(now()->addHour());
         Passport::refreshTokensExpireIn(now()->addMonth());
 
-        // Đăng ký CustomUserProvider cho login web
+        // Register CustomUserProvider for web login
         Auth::provider('custom', function ($app, array $config) {
             return new CustomUserProvider($app['hash'], $config['model']);
         });
 
-        // Passport custom repository cho API login
+        // Use custom Passport user repository for API login
         $this->app->afterResolving(AuthorizationServer::class, function ($server) {
             $grant = new \League\OAuth2\Server\Grant\PasswordGrant(
-                app(PassportUserRepository::class), // Custom Passport user repository
-                app(RefreshTokenRepository::class)
+            app(PassportUserRepository::class), // Custom Passport user repository
+            app(RefreshTokenRepository::class)
             );
-            $grant->setRefreshTokenTTL(new DateInterval('P1M')); // 1 tháng refresh token
+            $grant->setRefreshTokenTTL(new DateInterval('P1M')); // 1 month refresh token
 
-            $server->enableGrantType($grant, new DateInterval('PT1H')); // 1 giờ access token
+            $server->enableGrantType($grant, new DateInterval('PT1H')); // 1 hour access token
         });
     }
 }
diff --git a/bootstrap/providers.php b/bootstrap/providers.php
index fe18a0a..482b846 100644
--- a/bootstrap/providers.php
+++ b/bootstrap/providers.php
@@ -1,5 +1,5 @@
 <?php
-
+// List of service providers to be registered by the application
 return [
     App\Providers\AppServiceProvider::class,
     App\Providers\AuthServiceProvider::class,