# PROMPT 02 — Admin Authentication

## Context
In **Water Rush**, the default Laravel `users` table is for **admins only**.
We use **Laravel Sanctum** for token-based API authentication.

---

## Task

### 1. Install & Configure Sanctum
- Make sure Sanctum is installed and configured
- Publish the Sanctum config if not already done
- Add `HasApiTokens` trait to the `User` model

### 2. Create `AdminAuthController`
**Path:** `App\Http\Controllers\AdminAuthController`

Methods:

#### `login`
- Validate: `email` (required), `password` (required)
- Attempt login using `Auth::guard('web')`
- On failure → return `{ status: false, message: "Invalid credentials" }`
- On success → create Sanctum token, return:
```json
{
  "status": true,
  "message": "Login successful",
  "data": {
    "token": "...",
    "user": { "id", "name", "email" }
  }
}
```

#### `logout`
- Revoke the current access token
- Return `{ status: true, message: "Logged out successfully" }`

#### `me`
- Return the authenticated admin user data
- Return `{ status: true, data: { user } }`

---

### 3. Routes
Add to `routes/api.php` under prefix `/api/admin/`:

```
POST   /api/admin/auth/login    → AdminAuthController@login   [public]
POST   /api/admin/auth/logout   → AdminAuthController@logout  [auth:sanctum]
GET    /api/admin/auth/me       → AdminAuthController@me      [auth:sanctum]
```

---

### 4. Admin Seeder
Create `AdminSeeder` and add to `DatabaseSeeder`:
- name: `Admin`
- email: `admin@waterrush.com`
- password: `password` (hashed)

Run: `php artisan db:seed --class=AdminSeeder`

---

## Notes
- All protected admin routes must use `middleware('auth:sanctum')`
- Return consistent JSON format: `{ status, message, data }`
- Do NOT create any frontend views — APIs only