# PROMPT 04 — Customer Authentication

## Context
In **Water Rush**, customers are stored in a **separate `customers` table** — completely separate from the `users` (admin) table.
We use **Laravel Sanctum** with a custom guard for customers.

---

## Task

### 1. Create the `Customer` Guard

In `config/auth.php`, add:

```php
// guards
'customers' => [
    'driver' => 'sanctum',  // will use token-based
    'provider' => 'customers',
],

// providers
'customers' => [
    'driver' => 'eloquent',
    'model' => App\Models\Customer::class,
],
```

Make sure the `Customer` model uses:
- `HasApiTokens` (Sanctum)
- `HasFactory`
- `Notifiable`
- Implements `Authenticatable` contract (extend `Authenticatable` base class)

---

### 2. Create `CustomerAuthController`
**Path:** `App\Http\Controllers\Api\CustomerAuthController`

#### `register`
- Validate: name (required), phone (required, unique:customers), password (required, confirmed, min:6)
- Create customer
- Generate Sanctum token (tokenable: Customer model)
- **OTP: skipped for now — register directly and return token**
- Return:
```json
{
  "status": true,
  "message": "Registered successfully",
  "data": {
    "token": "...",
    "customer": { "id", "name", "phone" }
  }
}
```

#### `login`
- Validate: phone (required), password (required)
- Find customer by phone
- Check password using `Hash::check`
- On failure → `{ status: false, message: "Invalid credentials" }`
- On success → generate token, return same format as register

#### `logout`
- Revoke current token
- Return `{ status: true, message: "Logged out successfully" }`

#### `me`
- Return authenticated customer:
```json
{
  "status": true,
  "data": {
    "customer": { "id", "name", "phone", "is_active" }
  }
}
```

#### `updateProfile`
- Validate: name (required)
- Update name of authenticated customer
- Return updated customer data

---

### 3. Routes
Add to `routes/api.php` under prefix `/api/customer/`:

```
POST   /api/customer/auth/register       → CustomerAuthController@register   [public]
POST   /api/customer/auth/login          → CustomerAuthController@login       [public]
POST   /api/customer/auth/logout         → CustomerAuthController@logout      [auth:sanctum + customer guard]
GET    /api/customer/auth/me             → CustomerAuthController@me          [auth:sanctum + customer guard]
PUT    /api/customer/auth/profile        → CustomerAuthController@updateProfile [auth:sanctum + customer guard]
```

---

### 4. Middleware
For protected customer routes, use:
```php
middleware('auth:sanctum')
```
And make sure Sanctum resolves the `Customer` model by checking the tokenable type.

To support multiple guards with Sanctum, override `sanctum` guard resolution or use:
```php
Auth::shouldUse('customers');
```
in a middleware or at the top of protected methods.

---

## Notes
- Customers and admins are **completely separate** — a customer token must never authenticate an admin route and vice versa
- Do NOT reuse the `users` guard for customers
- Return consistent JSON: `{ status, message, data }`
- Hash all passwords