autocde2.0/app/Http/Controllers/API/AuthController.php

<?php

namespace App\Http\Controllers\API;

use App\Http\Controllers\Controller;
use App\Http\Requests\API\User\ForgetPasswordEmialRequest;
use App\Http\Requests\API\User\LoginRequest;
use App\Http\Requests\API\User\ResetPasswordRequest;
use App\Mail\ForgetPasswordMailable;
use App\Models\User;
use Carbon\Carbon;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;

class AuthController extends Controller
{
    public function login(LoginRequest $request)
    {
        $user = User::query()
            ->where("username", $request->username)
            ->orWhere("email", $request->username)
            ->first();

        if (! $user || ! Hash::check($request->password, $user->password)) {
            throw ValidationException::withMessages([
                'username' => [__("auth.failed")],
            ]);
        }
        if ($user->status===0){
            throw ValidationException::withMessages([
                'username' => [__("auth.ban")],
            ]);
        }

        return $this->success([
            'data' => [
                'token' => $user->createToken('user')->plainTextToken,
            ]
        ]);
    }


    public function logout()
    {
        Auth::user()->currentAccessToken()->delete();

        return $this->noContent();
    }

    /**
     * 发送重置密码邮件
     * @param ForgetPasswordEmialRequest $request username用户名或邮箱
     * @return \Illuminate\Http\Response
     * @throws \Random\RandomException
     */
    public function sendForgetPasswordEmail(ForgetPasswordEmialRequest $request)
    {
        //1.通过用户名或邮箱检索用户
       $user = User::query()
            ->where('username',$request->username)
            ->orWhere('email',$request->username)
            ->first();


        $code = uniqid();

        $exists = DB::table('password_reset_tokens')->where('email', $user->email)->exists();

        if ($exists) {
            // 如果记录存在，更新它
            DB::table('password_reset_tokens')->where('email', $user->email)->update([
                'token' => $code,
                'exp_date' => Carbon::now(),
            ]);
        } else {
            // 如果记录不存在，插入新记录
            DB::table('password_reset_tokens')->insert([
                'email' => $user->email,
                'token' => $code,
                'created_at' => Carbon::now(),
                'exp_date' => Carbon::now(),
            ]);
        }
        //3.发送重置验证码邮件
        Mail::to($user)->send(new ForgetPasswordMailable($code));
        return $this->noContent();
    }

    /**
     * 重置用户密码
     * @param ResetPasswordRequest $request
     * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response
     */
    public function resetPassword(ResetPasswordRequest $request)
    {
        //1.通过用户名或邮箱检索用户
        $user = User::query()
            ->where('username',$request->username)
            ->orWhere('email',$request->username)
            ->first();
        //2.获取该用户的最后验证码信息
        $resetToken = DB::table('password_reset_tokens')
            ->where('email', $user->email)
            ->orderBy('created_at', 'desc')
            ->first(); // 获取第一条记录;

        //3.判断验证码是否存在 验证码是否一致 验证码是否过期(15分钟) 若过期,执行以下if代码
        if (!$resetToken || $resetToken->token != $request->code || Carbon::parse($resetToken->exp_date)->diffInMinutes(Carbon::now()) > 15){
            return $this->badRequest('Verification code error or expired');
        }
        //4.一切没问题,则修改该用户的密码
        $user->password = Hash::make($request->new_password);
        $user->save();
        return $this->noContent();

    }
}