Merge pull request #49 from mubbi/develop

Develop to main

Author: mubbi

app/Http/Middleware/OptionalSanctumAuthenticate.php

@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use App\Models\User;
+use Closure;
+use Illuminate\Http\Request;
+use Laravel\Sanctum\PersonalAccessToken;
+
+/**
+ * Middleware to optionally authenticate a user via Sanctum token.
+ * Sets the user resolver to null if no valid token is present.
+ */
+class OptionalSanctumAuthenticate
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  Closure(Request): mixed  $next
+     */
+    public function handle(Request $request, Closure $next): mixed
+    {
+        $user = null;
+
+        $token = $request->bearerToken();
+        if (is_string($token) && $token !== '') {
+            $accessToken = PersonalAccessToken::findToken($token);
+            if ($accessToken !== null) {
+                $tokenable = $accessToken->tokenable;
+                // Check for 'access-api' ability
+                if ($tokenable instanceof User && $accessToken->can('access-api')) {
+                    $user = $tokenable;
+                }
+            }
+        }
+
+        $request->setUserResolver(static fn (): ?User => $user);
+
+        return $next($request);
+    }
+}

app/Http/Resources/V1/Article/ArticleResource.php

@@ -4,6 +4,7 @@
 
 namespace App\Http\Resources\V1\Article;
 
+use App\Enums\UserRole;
 use Illuminate\Http\Request;
 use Illuminate\Http\Resources\Json\JsonResource;
 
@@ -36,11 +37,12 @@ public function toArray(Request $request): array
             'updated_at' => $this->updated_at?->toISOString(),
 
             // Relationships
-            'author' => $this->whenLoaded('author', function () {
+            // Original Author
+            'author' => $this->whenLoaded('author', function () use ($request) {
                 return $this->author ? [
                     'id' => $this->author->id,
                     'name' => $this->author->name,
-                    'email' => $this->author->email,
+                    'email' => $this->when((bool) $request->user()?->hasRole(UserRole::ADMINISTRATOR->value), $this->author->email),
                     'avatar_url' => $this->author->avatar_url,
                     'bio' => $this->author->bio,
                     'twitter' => $this->author->twitter,
@@ -77,26 +79,23 @@ public function toArray(Request $request): array
                 })->values()->all();
             }),
 
-            'authors' => $this->whenLoaded('authors', function () {
+            // Co-Authors
+            'authors' => $this->whenLoaded('authors', function () use ($request) {
                 /** @var \Illuminate\Database\Eloquent\Collection<int, \App\Models\User> $authors */
                 $authors = $this->authors;
 
-                return $authors->map(function ($author) {
-                    /** @var \Illuminate\Database\Eloquent\Relations\Pivot|null $pivot */
-                    $pivot = $author->getAttribute('pivot');
-
+                return $authors->map(function ($author) use ($request) {
                     return [
                         'id' => $author->id,
                         'name' => $author->name,
-                        'email' => $author->email,
+                        'email' => $this->when((bool) $request->user()?->hasRole(UserRole::ADMINISTRATOR->value), $author->email),
                         'avatar_url' => $author->avatar_url,
                         'bio' => $author->bio,
                         'twitter' => $author->twitter,
                         'facebook' => $author->facebook,
                         'linkedin' => $author->linkedin,
                         'github' => $author->github,
                         'website' => $author->website,
-                        'role' => $pivot?->getAttribute('role'),
                     ];
                 })->values()->all();
             }),

app/Services/ArticleService.php

@@ -22,7 +22,12 @@ class ArticleService
     public function getArticles(array $params): LengthAwarePaginator
     {
         $query = Article::query()
-            ->with(['author:id,name,email,avatar_url,bio,twitter,facebook,linkedin,github,website', 'categories:id,name,slug', 'tags:id,name,slug'])
+            ->with([
+                'author:id,name,email,avatar_url,bio,twitter,facebook,linkedin,github,website',
+                'categories:id,name,slug',
+                'tags:id,name,slug',
+                'authors:id,name,email,avatar_url,bio,twitter,facebook,linkedin,github,website',
+            ])
             ->withCount('comments');
 
         // Apply filters

bootstrap/app.php

@@ -18,6 +18,7 @@
             'ability' => \App\Http\Middleware\CheckTokenAbility::class,
             'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
             'api.logger' => \App\Http\Middleware\ApiLogger::class,
+            'optional.sanctum' => \App\Http\Middleware\OptionalSanctumAuthenticate::class,
         ]);
     })
     ->withExceptions(function (Exceptions $exceptions): void {

database/seeders/ArticleCommentSeeder.php

@@ -28,6 +28,13 @@ public function run(): void
         $articles = Article::factory(100)->create();
 
         foreach ($articles as $article) {
+            // Add 0-3 authors to the authors relation, excluding the main author/created_by
+            $possibleAuthors = $users->where('id', '!=', $article->created_by);
+            $authorCount = rand(0, 3);
+            if ($authorCount > 0 && $possibleAuthors->count() > 0) {
+                $authorIds = $possibleAuthors->random(min($authorCount, $possibleAuthors->count()))->pluck('id')->toArray();
+                $article->authors()->attach($authorIds);
+            }
             // Attach 1-3 random categories to each article
             $article->categories()->attach($categories->random(rand(1, 3))->pluck('id')->toArray());
             // Attach 2-5 random tags to each article

routes/api_v1.php

@@ -19,16 +19,20 @@
         Route::post('/auth/logout', \App\Http\Controllers\Api\V1\Auth\LogoutController::class)->name('api.v1.auth.logout');
     });
 
-    // Article Routes (Public)
-    Route::prefix('articles')->group(function () {
-        Route::get('/', \App\Http\Controllers\Api\V1\Article\GetArticlesController::class)->name('api.v1.articles.index');
-        Route::get('/{slug}', \App\Http\Controllers\Api\V1\Article\ShowArticleController::class)->name('api.v1.articles.show');
-        Route::get('/{article:slug}/comments', \App\Http\Controllers\Api\V1\Article\GetCommentsController::class)->name('api.v1.articles.comments.index');
+    // Public Routes
+    Route::middleware(['optional.sanctum'])->group(function () {
+        // Article Routes
+        Route::prefix('articles')->group(function () {
+            Route::get('/', \App\Http\Controllers\Api\V1\Article\GetArticlesController::class)->name('api.v1.articles.index');
+            Route::get('/{slug}', \App\Http\Controllers\Api\V1\Article\ShowArticleController::class)->name('api.v1.articles.show');
+            Route::get('/{article:slug}/comments', \App\Http\Controllers\Api\V1\Article\GetCommentsController::class)->name('api.v1.articles.comments.index');
+        });
+
+        // Category Routes
+        Route::get('categories', \App\Http\Controllers\Api\V1\Category\GetCategoriesController::class)->name('api.v1.categories.index');
+
+        // Tag Routes
+        Route::get('tags', \App\Http\Controllers\Api\V1\Tag\GetTagsController::class)->name('api.v1.tags.index');
     });
 
-    // Category Routes (Public)
-    Route::get('categories', \App\Http\Controllers\Api\V1\Category\GetCategoriesController::class)->name('api.v1.categories.index');
-
-    // Tag Routes (Public)
-    Route::get('tags', \App\Http\Controllers\Api\V1\Tag\GetTagsController::class)->name('api.v1.tags.index');
 });

tests/Feature/API/V1/Article/GetArticlesControllerTest.php

@@ -18,7 +18,7 @@
             ->published()
             ->create();
 
-        $response = $this->getJson('/api/v1/articles');
+        $response = $this->getJson(route('api.v1.articles.index'));
 
         $response->assertStatus(200)
             ->assertJsonStructure([
@@ -75,7 +75,7 @@
             ->published()
             ->create();
 
-        $response = $this->getJson("/api/v1/articles?category_slug={$category->slug}");
+        $response = $this->getJson(route('api.v1.articles.index', ['category_slug' => $category->slug]));
 
         $response->assertStatus(200);
         expect($response->json('data.articles'))->toHaveCount(1);
@@ -102,7 +102,7 @@
             ->published()
             ->create();
 
-        $response = $this->getJson("/api/v1/articles?tag_slug={$tag->slug}");
+        $response = $this->getJson(route('api.v1.articles.index', ['tag_slug' => $tag->slug]));
 
         $response->assertStatus(200);
         expect($response->json('data.articles'))->toHaveCount(1);
@@ -124,7 +124,7 @@
             ->published()
             ->create(['title' => 'PHP Best Practices']);
 
-        $response = $this->getJson('/api/v1/articles?search=Laravel');
+        $response = $this->getJson(route('api.v1.articles.index', ['search' => 'Laravel']));
 
         $response->assertStatus(200);
         expect($response->json('data.articles'))->toHaveCount(1);
@@ -147,7 +147,7 @@
             ->published()
             ->create();
 
-        $response = $this->getJson("/api/v1/articles?created_by={$author1->id}");
+        $response = $this->getJson(route('api.v1.articles.index', ['created_by' => $author1->id]));
 
         $response->assertStatus(200);
         expect($response->json('data.articles'))->toHaveCount(1);
@@ -169,7 +169,7 @@
             ->draft()
             ->create();
 
-        $response = $this->getJson('/api/v1/articles?status=published');
+        $response = $this->getJson(route('api.v1.articles.index', ['status' => 'published']));
 
         $response->assertStatus(200);
         expect($response->json('data.articles'))->toHaveCount(1);
@@ -185,7 +185,7 @@
             ->published()
             ->create();
 
-        $response = $this->getJson('/api/v1/articles?per_page=5&page=2');
+        $response = $this->getJson(route('api.v1.articles.index', ['per_page' => 5, 'page' => 2]));
 
         $response->assertStatus(200);
         expect($response->json('data.articles'))->toHaveCount(5);
@@ -208,7 +208,7 @@
             ->published()
             ->create(['title' => 'Z Article']);
 
-        $response = $this->getJson('/api/v1/articles?sort_by=title&sort_direction=asc');
+        $response = $this->getJson(route('api.v1.articles.index', ['sort_by' => 'title', 'sort_direction' => 'asc']));
 
         $response->assertStatus(200);
         expect($response->json('data.articles.0.id'))->toBe($article1->id);
@@ -222,7 +222,7 @@
                 ->andThrow(new \Exception('Database connection failed'));
         });
 
-        $response = $this->getJson('/api/v1/articles');
+        $response = $this->getJson(route('api.v1.articles.index'));
 
         $response->assertStatus(500)
             ->assertJson([

tests/Feature/API/V1/Article/ShowArticleControllerTest.php

@@ -22,7 +22,7 @@
         $article->categories()->attach($category->id);
         $article->tags()->attach($tag->id);
 
-        $response = $this->getJson("/api/v1/articles/{$article->slug}");
+        $response = $this->getJson(route('api.v1.articles.show', ['slug' => $article->slug]));
 
         $response->assertStatus(200)
             ->assertJsonStructure([
@@ -46,7 +46,6 @@
                     'author' => [
                         'id',
                         'name',
-                        'email',
                         'avatar_url',
                         'bio',
                     ],
@@ -76,6 +75,7 @@
     it('returns 404 when article not found by slug', function () {
         $response = $this->getJson('/api/v1/articles/non-existent-slug');
 
+        $response = $this->getJson(route('api.v1.articles.show', ['slug' => 'non-existent-slug']));
         $response->assertStatus(404)
             ->assertJson([
                 'status' => false,
@@ -93,7 +93,7 @@
                 ->andThrow(new \Exception('Database connection failed'));
         });
 
-        $response = $this->getJson('/api/v1/articles/test-slug');
+        $response = $this->getJson(route('api.v1.articles.show', ['slug' => 'test-slug']));
 
         $response->assertStatus(500)
             ->assertJson([