Phases 206-210: REST API Layer (v1) — 34 tests, 1806 total passing

Sanctum token auth (login/logout/me), abstract ApiController base with
success/error/paginated helpers. 11 API controllers exposing: Products,
Invoices, Customers, Inventory (stock/movements/adjust), CRM leads,
Helpdesk tickets, HR (employees/departments/leave), Manufacturing orders+BOMs,
POS sessions+orders, cross-module Dashboard summary. All routes under
/api/v1/ with auth:sanctum middleware. 34/34 API tests, 1806 total passing.

https://claude.ai/code/session_01RdUGwo74JXChRCF88Yu27d

Author: claude

erp/app/Http/Controllers/Api/V1/ApiController.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Contracts\Pagination\LengthAwarePaginator;
+
+abstract class ApiController extends Controller
+{
+    protected function success(mixed $data, int $status = 200): JsonResponse
+    {
+        return response()->json(['success' => true, 'data' => $data], $status);
+    }
+
+    protected function error(string $message, int $status = 400): JsonResponse
+    {
+        return response()->json(['success' => false, 'message' => $message], $status);
+    }
+
+    protected function paginated(LengthAwarePaginator $paginator): JsonResponse
+    {
+        return response()->json([
+            'success' => true,
+            'data'    => $paginator->items(),
+            'meta'    => [
+                'total'        => $paginator->total(),
+                'per_page'     => $paginator->perPage(),
+                'current_page' => $paginator->currentPage(),
+                'last_page'    => $paginator->lastPage(),
+            ],
+        ]);
+    }
+}

erp/app/Http/Controllers/Api/V1/AuthController.php

@@ -0,0 +1,72 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1;
+
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+
+class AuthController extends ApiController
+{
+    /**
+     * POST /api/v1/auth/login
+     * Validate credentials, return Sanctum token.
+     */
+    public function login(Request $request): JsonResponse
+    {
+        $request->validate([
+            'email'    => 'required|email',
+            'password' => 'required',
+        ]);
+
+        if (! Auth::attempt($request->only('email', 'password'))) {
+            return $this->error('Invalid credentials', 401);
+        }
+
+        /** @var \App\Models\User $user */
+        $user  = Auth::user();
+        $token = $user->createToken('api-token')->plainTextToken;
+
+        return $this->success([
+            'token' => $token,
+            'user'  => [
+                'id'        => $user->id,
+                'name'      => $user->name,
+                'email'     => $user->email,
+                'tenant_id' => $user->tenant_id,
+            ],
+        ]);
+    }
+
+    /**
+     * POST /api/v1/auth/logout
+     * Revoke the current access token.
+     */
+    public function logout(Request $request): JsonResponse
+    {
+        $request->user()->currentAccessToken()->delete();
+
+        return $this->success(['message' => 'Logged out successfully']);
+    }
+
+    /**
+     * GET /api/v1/auth/me
+     * Return authenticated user with tenant info.
+     */
+    public function me(Request $request): JsonResponse
+    {
+        $user = $request->user()->load('tenant');
+
+        return $this->success([
+            'id'        => $user->id,
+            'name'      => $user->name,
+            'email'     => $user->email,
+            'tenant_id' => $user->tenant_id,
+            'tenant'    => $user->tenant ? [
+                'id'   => $user->tenant->id,
+                'name' => $user->tenant->name,
+                'slug' => $user->tenant->slug,
+            ] : null,
+        ]);
+    }
+}

erp/app/Http/Controllers/Api/V1/CrmApiController.php

@@ -0,0 +1,141 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Modules\CRM\Models\CrmLead;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+class CrmApiController extends ApiController
+{
+    /**
+     * GET /api/v1/crm/leads
+     */
+    public function index(Request $request): JsonResponse
+    {
+        $query = CrmLead::with(['stage:id,name', 'assignee:id,name']);
+
+        if ($type = $request->query('type')) {
+            $query->where('type', $type);
+        }
+
+        if ($status = $request->query('status')) {
+            $query->where('status', $status);
+        }
+
+        if ($assignedTo = $request->query('assigned_to')) {
+            $query->where('assigned_to', $assignedTo);
+        }
+
+        $paginator = $query->latest()->paginate(20);
+
+        return $this->paginated($paginator);
+    }
+
+    /**
+     * GET /api/v1/crm/leads/{id}
+     */
+    public function show(int $id): JsonResponse
+    {
+        $lead = CrmLead::with(['stage', 'activities', 'assignee:id,name'])->findOrFail($id);
+
+        return $this->success($lead);
+    }
+
+    /**
+     * POST /api/v1/crm/leads
+     */
+    public function store(Request $request): JsonResponse
+    {
+        $validated = $request->validate([
+            'title'            => 'required|string|max:255',
+            'type'             => 'nullable|string|in:lead,opportunity',
+            'contact_name'     => 'nullable|string|max:255',
+            'company_name'     => 'nullable|string|max:255',
+            'email'            => 'nullable|email|max:255',
+            'phone'            => 'nullable|string|max:50',
+            'source'           => 'nullable|string|max:100',
+            'expected_revenue' => 'nullable|numeric|min:0',
+            'probability'      => 'nullable|numeric|min:0|max:100',
+            'priority'         => 'nullable|string',
+            'stage_id'         => 'nullable|integer|exists:crm_stages,id',
+            'assigned_to'      => 'nullable|integer|exists:users,id',
+            'description'      => 'nullable|string',
+        ]);
+
+        $tenantId = app()->has('tenant') ? app('tenant')->id : $request->user()->tenant_id;
+
+        $validated['tenant_id'] = $tenantId;
+        $validated['created_by'] = $request->user()->id;
+
+        $lead = CrmLead::create($validated);
+
+        return $this->success($lead, 201);
+    }
+
+    /**
+     * PUT /api/v1/crm/leads/{id}
+     */
+    public function update(Request $request, int $id): JsonResponse
+    {
+        $lead = CrmLead::findOrFail($id);
+
+        $validated = $request->validate([
+            'title'            => 'sometimes|string|max:255',
+            'type'             => 'nullable|string|in:lead,opportunity',
+            'contact_name'     => 'nullable|string|max:255',
+            'company_name'     => 'nullable|string|max:255',
+            'email'            => 'nullable|email|max:255',
+            'phone'            => 'nullable|string|max:50',
+            'source'           => 'nullable|string|max:100',
+            'expected_revenue' => 'nullable|numeric|min:0',
+            'probability'      => 'nullable|numeric|min:0|max:100',
+            'priority'         => 'nullable|string',
+            'stage_id'         => 'nullable|integer|exists:crm_stages,id',
+            'assigned_to'      => 'nullable|integer|exists:users,id',
+            'description'      => 'nullable|string',
+        ]);
+
+        $lead->update($validated);
+
+        return $this->success($lead);
+    }
+
+    /**
+     * DELETE /api/v1/crm/leads/{id}
+     */
+    public function destroy(int $id): JsonResponse
+    {
+        $lead = CrmLead::findOrFail($id);
+        $lead->delete();
+
+        return $this->success(['message' => 'Lead deleted']);
+    }
+
+    /**
+     * POST /api/v1/crm/leads/{lead}/won
+     */
+    public function markWon(int $lead): JsonResponse
+    {
+        $crmLead = CrmLead::findOrFail($lead);
+        $crmLead->markWon();
+
+        return $this->success($crmLead);
+    }
+
+    /**
+     * POST /api/v1/crm/leads/{lead}/lost
+     */
+    public function markLost(Request $request, int $lead): JsonResponse
+    {
+        $crmLead = CrmLead::findOrFail($lead);
+
+        $validated = $request->validate([
+            'reason' => 'nullable|string',
+        ]);
+
+        $crmLead->markLost($validated['reason'] ?? '');
+
+        return $this->success($crmLead);
+    }
+}

erp/app/Http/Controllers/Api/V1/CustomerApiController.php

@@ -0,0 +1,97 @@
+<?php
+
+namespace App\Http\Controllers\Api\V1;
+
+use App\Modules\Finance\Models\Contact;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+
+class CustomerApiController extends ApiController
+{
+    /**
+     * GET /api/v1/customers
+     */
+    public function index(Request $request): JsonResponse
+    {
+        $query = Contact::customers();
+
+        if ($search = $request->query('search')) {
+            $query->where(function ($q) use ($search) {
+                $q->where('name', 'like', "%{$search}%")
+                  ->orWhere('email', 'like', "%{$search}%");
+            });
+        }
+
+        $paginator = $query->latest()->paginate(20);
+
+        return $this->paginated($paginator);
+    }
+
+    /**
+     * GET /api/v1/customers/{id}
+     */
+    public function show(int $id): JsonResponse
+    {
+        $customer = Contact::customers()->with([
+            'invoices' => fn ($q) => $q->select('id', 'contact_id', 'number', 'status', 'issue_date', 'due_date')->latest()->limit(10),
+        ])->findOrFail($id);
+
+        return $this->success($customer);
+    }
+
+    /**
+     * POST /api/v1/customers
+     */
+    public function store(Request $request): JsonResponse
+    {
+        $validated = $request->validate([
+            'name'    => 'required|string|max:255',
+            'email'   => 'nullable|email|max:255',
+            'phone'   => 'nullable|string|max:50',
+            'address' => 'nullable|string',
+            'notes'   => 'nullable|string',
+        ]);
+
+        $tenantId = app()->has('tenant') ? app('tenant')->id : $request->user()->tenant_id;
+
+        $validated['tenant_id'] = $tenantId;
+        $validated['type']      = 'customer';
+        $validated['is_active'] = true;
+
+        $customer = Contact::create($validated);
+
+        return $this->success($customer, 201);
+    }
+
+    /**
+     * PUT /api/v1/customers/{id}
+     */
+    public function update(Request $request, int $id): JsonResponse
+    {
+        $customer = Contact::customers()->findOrFail($id);
+
+        $validated = $request->validate([
+            'name'    => 'sometimes|string|max:255',
+            'email'   => 'nullable|email|max:255',
+            'phone'   => 'nullable|string|max:50',
+            'address' => 'nullable|string',
+            'notes'   => 'nullable|string',
+            'is_active' => 'nullable|boolean',
+        ]);
+
+        $customer->update($validated);
+
+        return $this->success($customer);
+    }
+
+    /**
+     * DELETE /api/v1/customers/{id}
+     */
+    public function destroy(int $id): JsonResponse
+    {
+        $customer = Contact::customers()->findOrFail($id);
+        $customer->delete();
+
+        return $this->success(['message' => 'Customer deleted']);
+    }
+}