all(), [ 'name' => 'required|string|max:255', 'email' => 'required|string|email|max:255|unique:users', 'password' => 'required|string|min:8|confirmed', 'plan_id' => 'nullable|exists:plans,id', ], [ 'name.required' => 'El nombre es obligatorio', 'email.required' => 'El email es obligatorio', 'email.email' => 'El email debe ser válido', 'email.unique' => 'Este email ya está registrado', 'password.required' => 'La contraseña es obligatoria', 'password.min' => 'La contraseña debe tener al menos 8 caracteres', 'password.confirmed' => 'Las contraseñas no coinciden', ]); if ($validator->fails()) { return response()->json([ 'success' => false, 'message' => 'Error de validación', 'errors' => $validator->errors() ], 422); } // Create user WITHOUT email verification (will be verified after PayPal payment) $user = User::create([ 'name' => $request->name, 'email' => $request->email, 'password' => Hash::make($request->password), 'email_verified_at' => null, // NOT verified yet ]); // DISABLED: Create default categories and data for the new user // TODO: Re-enable when category templates are ready // $setupService = new UserSetupService(); // $setupService->setupNewUser($user->id); // Create a temporary token for PayPal flow (expires in 1 hour) $tempToken = $user->createToken('registration-flow', ['registration'])->plainTextToken; return response()->json([ 'success' => true, 'message' => 'Usuario registrado. Procede al pago para activar tu cuenta.', 'data' => [ 'user' => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'email_verified' => false, ], 'token' => $tempToken, 'requires_payment' => true, 'requires_activation' => true, ] ], 201); } catch (\Exception $e) { Log::error('Registration error: ' . $e->getMessage()); return response()->json([ 'success' => false, 'message' => 'Error al registrar usuario', 'error' => $e->getMessage() ], 500); } } /** * Login user */ public function login(Request $request): JsonResponse { try { $validator = Validator::make($request->all(), [ 'email' => 'required|email', 'password' => 'required', ], [ 'email.required' => 'El email es obligatorio', 'email.email' => 'El email debe ser válido', 'password.required' => 'La contraseña es obligatoria', ]); if ($validator->fails()) { return response()->json([ 'success' => false, 'message' => 'Error de validación', 'errors' => $validator->errors() ], 422); } $user = User::where('email', $request->email)->first(); if (!$user || !Hash::check($request->password, $user->password)) { return response()->json([ 'success' => false, 'message' => 'Credenciales incorrectas' ], 401); } // Check if email is verified (account activated) if (!$user->email_verified_at) { return response()->json([ 'success' => false, 'message' => 'Tu cuenta aún no está activada. Revisa tu email para activarla.', 'error' => 'email_not_verified', 'data' => [ 'email_verified' => false, 'can_resend' => true, ] ], 403); } // Check if user has an active subscription (skip for demo users) if (!$user->is_demo) { $hasActiveSubscription = $user->subscriptions()->active()->exists(); if (!$hasActiveSubscription) { return response()->json([ 'success' => false, 'message' => 'No tienes una suscripción activa. Por favor, completa el pago.', 'error' => 'no_subscription', 'data' => [ 'email_verified' => true, 'has_subscription' => false, ] ], 403); } } $token = $user->createToken('auth-token')->plainTextToken; return response()->json([ 'success' => true, 'message' => $user->is_demo ? 'Bienvenido al modo demostración' : 'Inicio de sesión exitoso', 'data' => [ 'user' => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'email_verified' => true, 'is_demo' => $user->is_demo ?? false, ], 'token' => $token, ] ], 200); } catch (\Exception $e) { Log::error('Login error: ' . $e->getMessage()); return response()->json([ 'success' => false, 'message' => 'Error al iniciar sesión', 'error' => $e->getMessage() ], 500); } } /** * Activate account via email token */ public function activateAccount(Request $request): JsonResponse { try { $validator = Validator::make($request->all(), [ 'token' => 'required|string|size:64', ]); if ($validator->fails()) { return response()->json([ 'success' => false, 'message' => 'Token inválido', ], 422); } $verificationToken = EmailVerificationToken::findValid($request->token); if (!$verificationToken) { return response()->json([ 'success' => false, 'message' => 'El enlace de activación es inválido o ha expirado.', 'error' => 'invalid_token', ], 400); } $user = $verificationToken->user; // Activate the user $user->update(['email_verified_at' => now()]); $verificationToken->markAsUsed(); // Create auth token for immediate login $authToken = $user->createToken('auth-token')->plainTextToken; return response()->json([ 'success' => true, 'message' => '¡Tu cuenta ha sido activada! Ya puedes acceder al sistema.', 'data' => [ 'user' => [ 'id' => $user->id, 'name' => $user->name, 'email' => $user->email, 'email_verified' => true, ], 'token' => $authToken, ] ]); } catch (\Exception $e) { Log::error('Activation error: ' . $e->getMessage()); return response()->json([ 'success' => false, 'message' => 'Error al activar la cuenta', ], 500); } } /** * Resend activation email */ public function resendActivation(Request $request): JsonResponse { try { $validator = Validator::make($request->all(), [ 'email' => 'required|email|exists:users,email', ]); if ($validator->fails()) { return response()->json([ 'success' => false, 'message' => 'Email no encontrado', ], 404); } $user = User::where('email', $request->email)->first(); if ($user->email_verified_at) { return response()->json([ 'success' => false, 'message' => 'Esta cuenta ya está activada', ], 400); } // Check if user has completed payment $subscription = $user->subscriptions()->active()->first(); if (!$subscription) { return response()->json([ 'success' => false, 'message' => 'Primero debes completar el pago de tu suscripción', ], 400); } // Create new verification token and send email $verificationToken = EmailVerificationToken::createForUser($user); $frontendUrl = config('app.frontend_url', 'https://webmoney.cnxifly.com'); $activationUrl = "{$frontendUrl}/activate?token={$verificationToken->token}"; Mail::to($user->email)->send(new AccountActivationMail( $user, $activationUrl, $subscription->plan->name )); return response()->json([ 'success' => true, 'message' => 'Email de activación reenviado. Revisa tu bandeja de entrada.', ]); } catch (\Exception $e) { Log::error('Resend activation error: ' . $e->getMessage()); return response()->json([ 'success' => false, 'message' => 'Error al reenviar el email', ], 500); } } /** * Cancel registration - delete unactivated user account * Used when PayPal payment is canceled or fails */ public function cancelRegistration(Request $request): JsonResponse { try { $validator = Validator::make($request->all(), [ 'email' => 'required|email|exists:users,email', ]); if ($validator->fails()) { return response()->json([ 'success' => false, 'message' => 'Usuario no encontrado', ], 404); } $user = User::where('email', $request->email)->first(); // Only allow deletion if account is NOT activated if ($user->email_verified_at) { return response()->json([ 'success' => false, 'message' => 'Esta cuenta ya está activada y no puede ser eliminada', ], 400); } // Delete associated data $user->tokens()->delete(); // Delete all tokens EmailVerificationToken::where('user_id', $user->id)->delete(); $user->subscriptions()->delete(); $user->delete(); Log::info("Unactivated user account deleted: {$request->email}"); return response()->json([ 'success' => true, 'message' => 'Registro cancelado. Puedes intentar nuevamente.', ]); } catch (\Exception $e) { Log::error('Cancel registration error: ' . $e->getMessage()); return response()->json([ 'success' => false, 'message' => 'Error al cancelar el registro', ], 500); } } /** * Logout user (revoke token) */ public function logout(Request $request): JsonResponse { try { $request->user()->currentAccessToken()->delete(); return response()->json([ 'success' => true, 'message' => 'Sesión cerrada exitosamente' ], 200); } catch (\Exception $e) { return response()->json([ 'success' => false, 'message' => 'Error al cerrar sesión', 'error' => $e->getMessage() ], 500); } } /** * Get authenticated user */ public function me(Request $request): JsonResponse { try { $user = $request->user(); return response()->json([ 'success' => true, 'data' => [ 'user' => [ 'id' => $user->id, 'name' => $user->name, 'first_name' => $user->first_name, 'last_name' => $user->last_name, 'full_name' => $user->full_name, 'email' => $user->email, 'phone_country_code' => $user->phone_country_code, 'phone' => $user->phone, 'full_phone' => $user->full_phone, 'accept_whatsapp' => $user->accept_whatsapp, 'accept_emails' => $user->accept_emails, 'avatar' => $user->avatar, 'country' => $user->country, 'timezone' => $user->timezone, 'locale' => $user->locale, ] ] ], 200); } catch (\Exception $e) { return response()->json([ 'success' => false, 'message' => 'Error al obtener datos del usuario', 'error' => $e->getMessage() ], 500); } } /** * Update user profile (all profile fields including password) */ public function updateProfile(Request $request): JsonResponse { try { $user = $request->user(); $rules = [ 'first_name' => 'sometimes|required|string|max:255', 'last_name' => 'sometimes|required|string|max:255', 'email' => 'sometimes|required|string|email|max:255|unique:users,email,' . $user->id, 'phone_country_code' => 'nullable|string|max:5', 'phone' => 'nullable|string|max:20', 'accept_whatsapp' => 'nullable|boolean', 'accept_emails' => 'nullable|boolean', 'country' => 'nullable|string|size:2', 'timezone' => 'nullable|string|max:50', 'locale' => 'nullable|string|max:5', 'current_password' => 'required_with:new_password', 'new_password' => 'nullable|string|min:8|confirmed', ]; $messages = [ 'first_name.required' => 'O nome é obrigatório', 'first_name.max' => 'O nome deve ter no máximo 255 caracteres', 'last_name.required' => 'O sobrenome é obrigatório', 'last_name.max' => 'O sobrenome deve ter no máximo 255 caracteres', 'email.required' => 'O email é obrigatório', 'email.email' => 'O email deve ser válido', 'email.unique' => 'Este email já está em uso', 'current_password.required_with' => 'A senha atual é obrigatória para alterar a senha', 'new_password.min' => 'A nova senha deve ter pelo menos 8 caracteres', 'new_password.confirmed' => 'As senhas não coincidem', ]; $validator = Validator::make($request->all(), $rules, $messages); if ($validator->fails()) { return response()->json([ 'success' => false, 'message' => 'Erro de validação', 'errors' => $validator->errors() ], 422); } // Verificar senha atual se estiver alterando senha if ($request->filled('new_password')) { if (!Hash::check($request->current_password, $user->password)) { return response()->json([ 'success' => false, 'message' => 'Senha atual incorreta', 'errors' => ['current_password' => ['A senha atual está incorreta']] ], 422); } $user->password = Hash::make($request->new_password); } // Atualizar campos do perfil $profileFields = [ 'first_name', 'last_name', 'email', 'phone_country_code', 'phone', 'accept_whatsapp', 'accept_emails', 'country', 'timezone', 'locale' ]; foreach ($profileFields as $field) { if ($request->has($field)) { $user->$field = $request->$field; } } // Atualizar name baseado em first_name e last_name if ($request->has('first_name') || $request->has('last_name')) { $user->name = trim(($user->first_name ?? '') . ' ' . ($user->last_name ?? '')); } $user->save(); return response()->json([ 'success' => true, 'message' => 'Perfil atualizado com sucesso', 'data' => [ 'user' => [ 'id' => $user->id, 'name' => $user->name, 'first_name' => $user->first_name, 'last_name' => $user->last_name, 'full_name' => $user->full_name, 'email' => $user->email, 'phone_country_code' => $user->phone_country_code, 'phone' => $user->phone, 'full_phone' => $user->full_phone, 'accept_whatsapp' => $user->accept_whatsapp, 'accept_emails' => $user->accept_emails, 'avatar' => $user->avatar, 'country' => $user->country, 'timezone' => $user->timezone, 'locale' => $user->locale, ] ] ], 200); } catch (\Exception $e) { return response()->json([ 'success' => false, 'message' => 'Erro ao atualizar perfil', 'error' => $e->getMessage() ], 500); } } }