@famgia/omnify-laravel 0.0.114 → 0.0.115

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@famgia/omnify-laravel",
-  "version": "0.0.114",
+  "version": "0.0.115",
   "description": "Laravel migration and TypeScript type generator for omnify-schema",
   "type": "module",
   "main": "./dist/index.js",
@@ -25,9 +25,9 @@
     "README.md"
   ],
   "dependencies": {
-    "@famgia/omnify-types": "0.0.103",
-    "@famgia/omnify-core": "0.0.105",
-    "@famgia/omnify-atlas": "0.0.99"
+    "@famgia/omnify-types": "0.0.104",
+    "@famgia/omnify-atlas": "0.0.100",
+    "@famgia/omnify-core": "0.0.106"
   },
   "scripts": {
     "build": "tsup",

package/stubs/ai-guides/cursor/laravel-controller.mdc.stub

@@ -32,7 +32,7 @@ Route::get('/users', [UserController::class, 'index']);
 | `api.php` | `/api` | `/users` | `/users` |
 | `web.php` | (none) | `/dashboard` | `/dashboard` |
 
-**Full guide:** `.claude/guides/laravel/openapi.md`
+**Full guide:** `.claude/omnify/guides/laravel/openapi.md`
 
 ---
 

package/stubs/ai-guides/cursor/laravel-testing.mdc.stub

@@ -7,7 +7,7 @@ alwaysApply: false
 # Testing Rules (PEST)
 
 > **Agent:** Act as **@tester** agent
-> - Read `.claude/guides/laravel/testing.md` for full guide
+> - Read `.claude/omnify/guides/laravel/testing.md` for full guide
 
 ## How to Run Tests
 

package/stubs/ai-guides/cursor/laravel.mdc.stub

@@ -6,8 +6,8 @@ alwaysApply: false
 
 # Laravel Rules
 
-> **Documentation:** `.claude/guides/laravel/`
-> **Team Migration Guide:** `.claude/guides/laravel/migrations-team.md`
+> **Documentation:** `.claude/omnify/guides/laravel/`
+> **Team Migration Guide:** `.claude/omnify/guides/laravel/migrations-team.md`
 > **Specific Rules:** See also `laravel-controller.mdc`, `laravel-resource.mdc`, `laravel-request.mdc`, `laravel-testing.mdc`, `migrations-workflow.mdc`, `omnify-migrations.mdc`
 
 ## ⛔ CRITICAL: DO NOT EDIT
@@ -77,6 +77,32 @@ See `migrations-workflow.mdc` for complete guide.
 | Reusable action  | Action class       |
 | Async task       | Job                |
 
+## Authentication Models
+
+When `authenticatable: true` is set in schema, model extends `Authenticatable`:
+
+```yaml
+# schemas/auth/User.yaml
+options:
+  authenticatable: true
+  authenticatableLoginIdField: email
+  authenticatablePasswordField: password
+  authenticatableGuardName: web  # Optional: for multi-guard
+```
+
+**Required `config/auth.php` for custom guards:**
+
+```php
+'guards' => [
+    'admin' => ['driver' => 'session', 'provider' => 'admins'],
+],
+'providers' => [
+    'admins' => ['driver' => 'eloquent', 'model' => App\Models\Admin::class],
+],
+```
+
+**See:** `.claude/omnify/guides/omnify/schema-guide.md` → "Authenticatable Option - Detailed Guide"
+
 ## Pre-Edit Checklist
 
 **BEFORE editing any file, MUST:**
@@ -109,4 +135,4 @@ public function store(): JsonResponse
 | "Improve" unrelated code            | Change only what's needed |
 | Build for future "just in case"     | YAGNI - build when needed |
 
-**Full examples:** `.claude/guides/laravel/architecture.md`
+**Full examples:** `.claude/omnify/guides/laravel/architecture.md`

package/stubs/ai-guides/laravel/authentication.md.stub

@@ -0,0 +1,588 @@
+# Laravel Authentication with Omnify
+
+> Complete guide for implementing authentication using Omnify-generated models.
+
+## Overview
+
+When you set `authenticatable: true` in your schema, Omnify generates a Laravel model that:
+
+1. Extends `Illuminate\Foundation\Auth\User` (alias `Authenticatable`)
+2. Includes the `Notifiable` trait
+3. Auto-hides password and remember_token fields
+4. Works with Laravel's built-in auth system
+
+## Schema Configuration
+
+### Basic User Schema
+
+```yaml
+name: User
+displayName:
+  ja: ユーザー
+  en: User
+options:
+  timestamps: true
+  softDelete: true
+  authenticatable: true
+  authenticatableLoginIdField: email     # Field for login
+  authenticatablePasswordField: password # Field for password
+  # authenticatableGuardName: web        # Optional: guard name
+
+properties:
+  email:
+    type: Email
+    unique: true
+  password:
+    type: Password
+  name:
+    type: String
+```
+
+### Multi-Guard Setup (Admin + User)
+
+For separate admin and user authentication:
+
+**User Schema:**
+```yaml
+name: User
+options:
+  authenticatable: true
+  authenticatableGuardName: web
+
+properties:
+  email:
+    type: Email
+    unique: true
+  password:
+    type: Password
+  name:
+    type: String
+```
+
+**Admin Schema:**
+```yaml
+name: Admin
+options:
+  authenticatable: true
+  authenticatableGuardName: admin  # Different guard
+
+properties:
+  email:
+    type: Email
+    unique: true
+  password:
+    type: Password
+  name:
+    type: String
+  role:
+    type: EnumRef
+    enum: AdminRole
+```
+
+## Laravel Configuration
+
+### config/auth.php
+
+```php
+<?php
+
+return [
+    'defaults' => [
+        'guard' => 'web',
+        'passwords' => 'users',
+    ],
+
+    'guards' => [
+        'web' => [
+            'driver' => 'session',
+            'provider' => 'users',
+        ],
+        'admin' => [  // For Admin model
+            'driver' => 'session',
+            'provider' => 'admins',
+        ],
+        'api' => [    // For API authentication
+            'driver' => 'sanctum',
+            'provider' => 'users',
+        ],
+    ],
+
+    'providers' => [
+        'users' => [
+            'driver' => 'eloquent',
+            'model' => App\Models\User::class,
+        ],
+        'admins' => [  // For Admin model
+            'driver' => 'eloquent',
+            'model' => App\Models\Admin::class,
+        ],
+    ],
+
+    'passwords' => [
+        'users' => [
+            'provider' => 'users',
+            'table' => 'password_reset_tokens',
+            'expire' => 60,
+            'throttle' => 60,
+        ],
+        'admins' => [  // For Admin password reset
+            'provider' => 'admins',
+            'table' => 'password_reset_tokens',
+            'expire' => 60,
+            'throttle' => 60,
+        ],
+    ],
+
+    'password_timeout' => env('AUTH_PASSWORD_TIMEOUT', 10800),
+];
+```
+
+## Generated Model Structure
+
+### Base Model (Auto-generated, DO NOT EDIT)
+
+```php
+// app/Models/Base/UserBaseModel.php
+<?php
+
+namespace App\Models\Base;
+
+use Illuminate\Foundation\Auth\User as Authenticatable;
+use Illuminate\Notifications\Notifiable;
+
+/**
+ * DO NOT EDIT - This file is auto-generated by Omnify.
+ * Any changes will be overwritten on next generation.
+ */
+class UserBaseModel extends Authenticatable
+{
+    use Notifiable;
+    use HasLocalizedDisplayName;
+
+    protected $table = 'users';
+    protected $primaryKey = 'id';
+    public $timestamps = true;
+
+    protected $fillable = [
+        'email',
+        'password',
+        'name',
+    ];
+
+    protected $hidden = [
+        'password',
+        'remember_token',
+    ];
+
+    protected function casts(): array
+    {
+        return [
+            'email_verified_at' => 'datetime',
+            'password' => 'hashed',
+        ];
+    }
+}
+```
+
+### Your Model (Customizable)
+
+```php
+// app/Models/User.php
+<?php
+
+namespace App\Models;
+
+use App\Models\Base\UserBaseModel;
+
+class User extends UserBaseModel
+{
+    // Add your custom methods here
+    
+    public function posts(): HasMany
+    {
+        return $this->hasMany(Post::class);
+    }
+    
+    public function profile(): HasOne
+    {
+        return $this->hasOne(UserProfile::class);
+    }
+    
+    // Custom scopes
+    public function scopeActive($query)
+    {
+        return $query->where('status', 'active');
+    }
+    
+    // Custom accessors
+    public function getFullNameAttribute(): string
+    {
+        return $this->name;
+    }
+}
+```
+
+## Authentication Controllers
+
+### Login Controller
+
+```php
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Http\Requests\Auth\LoginRequest;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Auth;
+
+class LoginController extends Controller
+{
+    public function store(LoginRequest $request): JsonResponse
+    {
+        $request->authenticate();
+        $request->session()->regenerate();
+
+        return response()->json([
+            'user' => Auth::user(),
+            'message' => 'ログインしました',
+        ]);
+    }
+
+    public function destroy(): JsonResponse
+    {
+        Auth::guard('web')->logout();
+        request()->session()->invalidate();
+        request()->session()->regenerateToken();
+
+        return response()->json([
+            'message' => 'ログアウトしました',
+        ]);
+    }
+}
+```
+
+### Login Request
+
+```php
+<?php
+
+namespace App\Http\Requests\Auth;
+
+use Illuminate\Auth\Events\Lockout;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\RateLimiter;
+use Illuminate\Support\Str;
+use Illuminate\Validation\ValidationException;
+
+class LoginRequest extends FormRequest
+{
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    public function rules(): array
+    {
+        return [
+            'email' => ['required', 'string', 'email'],
+            'password' => ['required', 'string'],
+        ];
+    }
+
+    public function authenticate(): void
+    {
+        $this->ensureIsNotRateLimited();
+
+        if (! Auth::attempt($this->only('email', 'password'), $this->boolean('remember'))) {
+            RateLimiter::hit($this->throttleKey());
+
+            throw ValidationException::withMessages([
+                'email' => __('auth.failed'),
+            ]);
+        }
+
+        RateLimiter::clear($this->throttleKey());
+    }
+
+    protected function ensureIsNotRateLimited(): void
+    {
+        if (! RateLimiter::tooManyAttempts($this->throttleKey(), 5)) {
+            return;
+        }
+
+        event(new Lockout($this));
+
+        $seconds = RateLimiter::availableIn($this->throttleKey());
+
+        throw ValidationException::withMessages([
+            'email' => trans('auth.throttle', [
+                'seconds' => $seconds,
+                'minutes' => ceil($seconds / 60),
+            ]),
+        ]);
+    }
+
+    protected function throttleKey(): string
+    {
+        return Str::transliterate(Str::lower($this->string('email')).'|'.$this->ip());
+    }
+}
+```
+
+## API Authentication (Laravel Sanctum)
+
+### Install Sanctum
+
+```bash
+composer require laravel/sanctum
+php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
+php artisan migrate
+```
+
+### Add to User Model
+
+```php
+// app/Models/User.php
+use Laravel\Sanctum\HasApiTokens;
+
+class User extends UserBaseModel
+{
+    use HasApiTokens;  // Add this trait
+    
+    // ...
+}
+```
+
+### API Login Controller
+
+```php
+<?php
+
+namespace App\Http\Controllers\Api\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Models\User;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\ValidationException;
+
+class TokenController extends Controller
+{
+    public function store(Request $request): JsonResponse
+    {
+        $request->validate([
+            'email' => 'required|email',
+            'password' => 'required',
+            'device_name' => 'required',
+        ]);
+
+        $user = User::where('email', $request->email)->first();
+
+        if (! $user || ! Hash::check($request->password, $user->password)) {
+            throw ValidationException::withMessages([
+                'email' => [__('auth.failed')],
+            ]);
+        }
+
+        return response()->json([
+            'token' => $user->createToken($request->device_name)->plainTextToken,
+            'user' => $user,
+        ]);
+    }
+
+    public function destroy(Request $request): JsonResponse
+    {
+        $request->user()->currentAccessToken()->delete();
+
+        return response()->json(['message' => 'Token revoked']);
+    }
+}
+```
+
+## Routes Configuration
+
+### Web Routes (routes/web.php)
+
+```php
+use App\Http\Controllers\Auth\LoginController;
+
+Route::middleware('guest')->group(function () {
+    Route::post('/login', [LoginController::class, 'store']);
+});
+
+Route::middleware('auth')->group(function () {
+    Route::post('/logout', [LoginController::class, 'destroy']);
+});
+```
+
+### API Routes (routes/api.php)
+
+```php
+use App\Http\Controllers\Api\Auth\TokenController;
+
+Route::post('/tokens', [TokenController::class, 'store']);
+
+Route::middleware('auth:sanctum')->group(function () {
+    Route::delete('/tokens', [TokenController::class, 'destroy']);
+    
+    Route::get('/user', function (Request $request) {
+        return $request->user();
+    });
+});
+```
+
+## Multi-Guard Middleware
+
+### Admin-Only Routes
+
+```php
+Route::middleware('auth:admin')->prefix('admin')->group(function () {
+    Route::get('/dashboard', [AdminDashboardController::class, 'index']);
+});
+```
+
+### Admin Login Controller
+
+```php
+public function store(AdminLoginRequest $request): JsonResponse
+{
+    if (! Auth::guard('admin')->attempt($request->only('email', 'password'))) {
+        throw ValidationException::withMessages([
+            'email' => __('auth.failed'),
+        ]);
+    }
+
+    $request->session()->regenerate();
+
+    return response()->json([
+        'admin' => Auth::guard('admin')->user(),
+    ]);
+}
+```
+
+## Common Patterns
+
+### Check Authentication
+
+```php
+// In controller
+if (Auth::check()) {
+    $user = Auth::user();
+}
+
+// In middleware
+Route::middleware('auth')->group(function () {
+    // Protected routes
+});
+
+// In Blade
+@auth
+    Welcome, {{ Auth::user()->name }}
+@endauth
+```
+
+### Get Current User
+
+```php
+// Via Auth facade
+$user = Auth::user();
+$userId = Auth::id();
+
+// Via request
+$user = $request->user();
+
+// Via helper
+$user = auth()->user();
+```
+
+### Password Hashing
+
+```php
+// Hash password (automatic in Omnify models via cast)
+$user->password = 'plain-text';  // Auto-hashed by 'hashed' cast
+$user->save();
+
+// Manual hashing if needed
+use Illuminate\Support\Facades\Hash;
+$hashed = Hash::make('plain-text');
+
+// Verify password
+if (Hash::check('plain-text', $user->password)) {
+    // Correct
+}
+```
+
+## Testing Authentication
+
+```php
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+class AuthTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_user_can_login(): void
+    {
+        $user = User::factory()->create([
+            'email' => 'test@example.com',
+            'password' => 'password',
+        ]);
+
+        $response = $this->postJson('/login', [
+            'email' => 'test@example.com',
+            'password' => 'password',
+        ]);
+
+        $response->assertOk();
+        $this->assertAuthenticated();
+    }
+
+    public function test_authenticated_user_can_access_protected_route(): void
+    {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)
+            ->getJson('/api/user');
+
+        $response->assertOk();
+    }
+
+    public function test_guest_cannot_access_protected_route(): void
+    {
+        $response = $this->getJson('/api/user');
+
+        $response->assertUnauthorized();
+    }
+}
+```
+
+## Future: Trait-based Authentication
+
+> **Coming Soon:** In future versions, Omnify may support a trait-based approach:
+>
+> ```php
+> use Illuminate\Database\Eloquent\Model;
+> use Illuminate\Auth\Authenticatable;
+> use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
+>
+> class UserBaseModel extends Model implements AuthenticatableContract
+> {
+>     use Authenticatable;  // Trait instead of extending class
+> }
+> ```
+>
+> This will provide more flexibility in model inheritance while maintaining 
+> full authentication support.
+
+## Summary
+
+| Option | Type | Default | When to Use |
+|--------|------|---------|-------------|
+| `authenticatable` | boolean | `false` | User can login |
+| `authenticatableLoginIdField` | string | `email` | Custom login field |
+| `authenticatablePasswordField` | string | `password` | Custom password field |
+| `authenticatableGuardName` | string | (none) | Multi-guard setup |