From 8f2f689872e68868a263ae72318d5a89f637343c Mon Sep 17 00:00:00 2001
From: Hanif Dwy Putra S <hanifdwyputrasembiring@gmail.com>
Date: Sat, 15 Apr 2023 11:45:26 +0000
Subject: [PATCH] I don't know what I'm doin

Signed-off-by: Hanif Dwy Putra S <hanifdwyputrasembiring@gmail.com>
---
 app/Console/Commands/CreateAdmin.php          |  4 +--
 .../Api/Users/DeleteUserController.php        | 34 +++++++++++++++++++
 .../Api/Users/ShowUserController.php          | 26 ++++++++++++++
 app/Http/Middleware/OnlyFAUser.php            | 28 +++++++++++++++
 routes/api.php                                | 20 ++++++++++-
 5 files changed, 109 insertions(+), 3 deletions(-)
 create mode 100644 app/Http/Controllers/Api/Users/DeleteUserController.php
 create mode 100644 app/Http/Controllers/Api/Users/ShowUserController.php
 create mode 100644 app/Http/Middleware/OnlyFAUser.php

diff --git a/app/Console/Commands/CreateAdmin.php b/app/Console/Commands/CreateAdmin.php
index 91b3b6d..d08adc1 100644
--- a/app/Console/Commands/CreateAdmin.php
+++ b/app/Console/Commands/CreateAdmin.php
@@ -49,7 +49,7 @@ public function handle()
                 $user->update([
                     'password' => Hash::make($password),
                     'email' => $email,
-                    'status' => 1,
+                    'status' => 2,
                 ]);
                 $this->info('Done overwrite');
                 $this->info('Password: ' . $password);
@@ -60,7 +60,7 @@ public function handle()
 
             $user->email = $email;
             $user->password = Hash::make($password);
-            $user->status = 1;
+            $user->status = 2;
             $user->username = $this->argument('username');
 
             $user->save();
diff --git a/app/Http/Controllers/Api/Users/DeleteUserController.php b/app/Http/Controllers/Api/Users/DeleteUserController.php
new file mode 100644
index 0000000..cd9128c
--- /dev/null
+++ b/app/Http/Controllers/Api/Users/DeleteUserController.php
@@ -0,0 +1,34 @@
+<?php
+namespace App\Http\Controllers\Api\Users;
+
+use App\Http\Controllers\ApiController;
+use App\Models\User;
+use Illuminate\Http\Request;
+
+class DeleteUserController extends ApiController
+{
+    public function delete(Request $request, string $user_id)
+    {
+        $user = User::find($user_id);
+        if (!isset($user)) {
+            return response()->json([
+                'errors' => ['_' => 'user doesn\'t exist']
+            ], 400);
+        } else if ($user->id === $request->user()->id) {
+            return response()->json([
+                'errors' => ['_' => 'you couldn\'t delete yourself'],
+            ], 400);
+        }
+
+        if (User::destroy($user->id)) {
+            return response()->json([
+                'data' => $user,
+            ], 200);
+        } else {
+            return response()->json([
+                'errors' => ['_' => 'couldn\'t delete this user'],
+            ], 400);
+        }
+    }
+}
+?>
diff --git a/app/Http/Controllers/Api/Users/ShowUserController.php b/app/Http/Controllers/Api/Users/ShowUserController.php
new file mode 100644
index 0000000..b8d14e9
--- /dev/null
+++ b/app/Http/Controllers/Api/Users/ShowUserController.php
@@ -0,0 +1,26 @@
+<?php
+namespace App\Http\Controllers\Api\Users;
+
+use App\Http\Controllers\ApiController;
+use App\Models\User;
+use Illuminate\Http\Request;
+
+class ShowUserController extends ApiController
+{
+    public function show(Request $request, string $user_id)
+    {
+        $self = $request->user();
+
+        if (strval($self->id) === $user_id || $self->status === 2) {
+            $self = User::find($user_id);
+            return response()->json([
+                'data' => $self,
+            ], isset($self) ? 200 : 404);
+        } else {
+            return response()->json([
+                'errors' => ['_' => 'user doesn\'t exist'],
+            ], 404);
+        }
+    }
+}
+?>
diff --git a/app/Http/Middleware/OnlyFAUser.php b/app/Http/Middleware/OnlyFAUser.php
new file mode 100644
index 0000000..ef60d38
--- /dev/null
+++ b/app/Http/Middleware/OnlyFAUser.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class OnlyFAUser
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $user = $request->user();
+
+        if (isset($user) && $user->status === 2) {
+            return $next($request);
+        } else {
+            return response()->json([
+                'errors' => ['_' => 'Unauthorized'],
+            ], 401);
+        }
+    }
+}
diff --git a/routes/api.php b/routes/api.php
index 7fce87e..acff0e0 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -3,8 +3,11 @@
 use App\Http\Controllers\Api\Auth\LoginController;
 use App\Http\Controllers\Api\Auth\ProfileController;
 use App\Http\Controllers\Api\Auth\RegisterController;
+use App\Http\Controllers\Api\Users\DeleteUserController;
+use App\Http\Controllers\Api\Users\ShowUserController;
 use App\Http\Middleware\JwtLogged;
 use App\Http\Middleware\OnlyActiveUser;
+use App\Http\Middleware\OnlyFAUser;
 use Illuminate\Support\Facades\Route;
 
 /*
@@ -18,16 +21,31 @@
 |
 */
 
+// /api/auth
 Route::group([
     'middleware' => 'api',
     'prefix' => 'auth'
 ], function() {
     Route::post('register', [RegisterController::class, 'register'])->middleware([
         JwtLogged::class,
-        OnlyActiveUser::class,
+        OnlyFAUser::class,
     ]);
     Route::post('login', [LoginController::class, 'login'])->middleware('guest');
     Route::get('profile', [ProfileController::class, 'self'])->middleware([
         JwtLogged::class,
     ]);
 });
+
+// /api/users
+Route::group([
+    'middleware' => 'api',
+    'prefix' => 'users',
+], function() {
+    Route::delete('{id}', [DeleteUserController::class, 'delete'])->middleware([
+        JwtLogged::class,
+        OnlyFAUser::class,
+    ]);
+    Route::get('{id}', [ShowUserController::class, 'show'])->middleware([
+        JwtLogged::class,
+    ]);
+});