crewli/api/app/Http/Controllers/Api/V1/PortalTokenController.php

<?php

declare(strict_types=1);

namespace App\Http\Controllers\Api\V1;

use App\Http\Controllers\Controller;
use App\Http\Requests\Api\V1\PortalTokenAuthRequest;
use App\Http\Resources\Api\V1\PortalEventResource;
use App\Models\Event;
use App\Models\Scopes\OrganisationScope;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\DB;

final class PortalTokenController extends Controller
{
    public function auth(PortalTokenAuthRequest $request): JsonResponse
    {
        $hashedToken = hash('sha256', $request->validated('token'));

        // Try artists table
        $artist = DB::table('artists')->where('portal_token', $hashedToken)->first();

        if ($artist) {
            $event = Event::withoutGlobalScope(OrganisationScope::class)->find($artist->event_id);

            return response()->json([
                'context' => 'artist',
                'data' => [
                    'id' => $artist->id,
                    'name' => $artist->name,
                    'booking_status' => $artist->booking_status,
                ],
                'event' => $event ? new PortalEventResource($event) : null,
            ]);
        }

        // Try production_requests table (may not exist yet)
        try {
            $productionRequest = DB::table('production_requests')->where('token', $hashedToken)->first();

            if ($productionRequest) {
                $event = Event::withoutGlobalScope(OrganisationScope::class)->find($productionRequest->event_id);

                return response()->json([
                    'context' => 'supplier',
                    'data' => [
                        'id' => $productionRequest->id,
                        'name' => $productionRequest->name ?? null,
                    ],
                    'event' => $event ? new PortalEventResource($event) : null,
                ]);
            }
        } catch (\Illuminate\Database\QueryException) {
            // Table doesn't exist yet — skip
        }

        return response()->json([
            'message' => 'Invalid or expired portal token',
        ], 401);
    }
}