feat: add routes, lang, tests, stubs, docs, and docker configurations

tests/Feature/Api/AuthTest.php

@@ -0,0 +1,101 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Support\Facades\Hash;
+use Spatie\Permission\Models\Role;
+
+beforeEach(function () {
+    // Ensure the User role exists so register() can assign it
+    Role::findOrCreate('User', 'web');
+});
+
+// ── Register ────────────────────────────────────────────────────────────────
+
+test('user can register', function () {
+    $response = $this->postJson('/api/v1/register', [
+        'name' => 'Test User',
+        'email' => 'newuser@example.com',
+        'password' => 'password123',
+    ]);
+
+    $response->assertStatus(201)
+        ->assertJsonPath('status', 'success')
+        ->assertJsonStructure(['data' => ['user', 'token']]);
+});
+
+test('register rejects duplicate email', function () {
+    User::factory()->create(['email' => 'existing@example.com']);
+
+    $this->postJson('/api/v1/register', [
+        'name' => 'Another',
+        'email' => 'existing@example.com',
+        'password' => 'password123',
+    ])->assertStatus(422);
+});
+
+// ── Login ────────────────────────────────────────────────────────────────────
+
+test('user can login with valid credentials', function () {
+    $user = User::factory()->create([
+        'password' => Hash::make('secret123'),
+        'is_active' => true,
+    ]);
+    $user->assignRole('User');
+
+    $this->postJson('/api/v1/login', [
+        'email' => $user->email,
+        'password' => 'secret123',
+    ])->assertOk()
+        ->assertJsonPath('status', 'success')
+        ->assertJsonStructure(['data' => ['token']]);
+});
+
+test('login rejects wrong password', function () {
+    $user = User::factory()->create(['password' => Hash::make('correct')]);
+
+    $this->postJson('/api/v1/login', [
+        'email' => $user->email,
+        'password' => 'wrong',
+    ])->assertUnauthorized()
+        ->assertJsonPath('status', 'error');
+});
+
+test('login rejects inactive user', function () {
+    $user = User::factory()->create([
+        'password' => Hash::make('password'),
+        'is_active' => false,
+    ]);
+
+    $this->postJson('/api/v1/login', [
+        'email' => $user->email,
+        'password' => 'password',
+    ])->assertForbidden();
+});
+
+// ── Logout ───────────────────────────────────────────────────────────────────
+
+test('authenticated user can logout', function () {
+    $user = User::factory()->create();
+    $token = $user->createToken('test')->plainTextToken;
+
+    $this->withHeader('Authorization', "Bearer {$token}")
+        ->postJson('/api/v1/logout')
+        ->assertOk()
+        ->assertJsonPath('status', 'success');
+});
+
+test('unauthenticated request to logout returns 401', function () {
+    $this->postJson('/api/v1/logout')->assertUnauthorized();
+});
+
+// ── Get User ─────────────────────────────────────────────────────────────────
+
+test('authenticated user can fetch own profile', function () {
+    $user = User::factory()->create();
+
+    $this->actingAs($user, 'sanctum')
+        ->getJson('/api/v1/user')
+        ->assertOk()
+        ->assertJsonPath('status', 'success')
+        ->assertJsonPath('data.user.email', $user->email);
+});