feat: implement trustlab:magic-link command and controller for AI testing bypass

2026-01-26 05:15:35 +07:00 · 2026-01-07 09:14:00 +07:00
parent ba9dd9810a
commit a5a700f42c
3 changed files with 107 additions and 0 deletions
--- a/app/Console/Commands/MagicLinkCommand.php
+++ b/app/Console/Commands/MagicLinkCommand.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Models\User;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Str;
+
+class MagicLinkCommand extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'trustlab:magic-link {email=owner@trustlab.com} {--ttl=15}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Generate a temporary magic link for AI testing/debugging (bypasses Turnstile)';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        $email = $this->argument('email');
+        $ttl = (int) $this->option('ttl');
+
+        $user = User::where('email', $email)->first();
+
+        if (!$user) {
+            $this->error("User with email {$email} not found.");
+            return 1;
+        }
+
+        $token = Str::random(64);
+        // Store in cache for 15 minutes (default)
+        Cache::put("magic_link_{$token}", $user->id, now()->addMinutes($ttl));
+
+        $baseUrl = config('app.url');
+        // The route will be defined in web.php
+        $magicUrl = "{$baseUrl}/auth/magic?token={$token}";
+
+        $this->info("Magic Link generated for {$user->first_name} ({$user->role})");
+        $this->info("URL: {$magicUrl}");
+        $this->info("Expires in: {$ttl} minutes");
+        $this->warn("CAUTION: This bypasses Turnstile and establishes a session. Use only for autonomous testing.");
+
+        return 0;
+    }
+}
--- a/app/Http/Controllers/MagicLinkController.php
+++ b/app/Http/Controllers/MagicLinkController.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Models\User;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Cache;
+
+class MagicLinkController extends Controller
+{
+    /**
+     * Handle Magic Link login
+     */
+    public function login(Request $request)
+    {
+        $token = $request->query('token');
+
+        if (!$token) {
+            return response()->json(['error' => 'Token missing'], 400);
+        }
+
+        $userId = Cache::get("magic_link_{$token}");
+
+        if (!$userId) {
+            return response()->json(['error' => 'Invalid or expired magic link'], 401);
+        }
+
+        $user = User::findOrFail($userId);
+
+        // Consume token to prevent replay attacks
+        Cache::forget("magic_link_{$token}");
+
+        // Log the user in to the web guard (sets trustlab_session cookie)
+        // Since SESSION_DOMAIN is .dyzulk.com, this cookie is shared with the frontend
+        Auth::guard('web')->login($user);
+
+        // Also create a Sanctum token for the frontend to use in headers
+        $authToken = $user->createToken('magic_auth_token')->plainTextToken;
+
+        // Redirect to Frontend Callback
+        // The frontend will handle the token and redirect to /dashboard
+        $frontendUrl = config('app.frontend_url') ?: 'https://trustlab.dyzulk.com';
+        $callbackUrl = "{$frontendUrl}/auth/callback?token={$authToken}";
+
+        return redirect($callbackUrl);
+    }
+}