✨ Add OAuth functionality, MCP tools, and feature tests

- 🔒 Added migrations for `oauth_access_tokens`, `oauth_refresh_tokens`, `oauth_auth_codes`, `oauth_clients`, and `oauth_device_codes`. - 🤖 Created MCP tools (Meetups, Cities, Venues, Courses, Lecturers) for managing entities with authentication and validation. - 🛠️ Implemented Passport-backed OAuth API guard configuration and validation endpoints. - ✅ Added comprehensive feature tests for MCP tools and OAuth functionality (access control, validation, and token-based authentication).
2026-06-15 03:50:30 +00:00 · 2026-06-08 09:37:00 +02:00
parent 3cad5f5636
commit d0544bfac9
67 changed files with 3948 additions and 83 deletions
@@ -0,0 +1,57 @@
+<?php
+
+namespace App\Mcp\Tools\MeetupEvent;
+
+use App\Http\Requests\Api\StoreMeetupEventRequest;
+use App\Http\Resources\MeetupEventResource;
+use App\Models\MeetupEvent;
+use Illuminate\Contracts\JsonSchema\JsonSchema;
+use Illuminate\JsonSchema\Types\Type;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+
+#[Description('Legt einen neuen Meetup-Termin für den authentifizierten Nutzer an. Der Ersteller (created_by) wird automatisch gesetzt.')]
+class CreateMeetupEventTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('create', MeetupEvent::class)) {
+            return Response::error('Nicht berechtigt, einen Meetup-Termin anzulegen.');
+        }
+
+        $storeRequest = new StoreMeetupEventRequest;
+
+        $validated = $request->validate(
+            $storeRequest->rules(),
+            $storeRequest->messages(),
+        );
+
+        $meetupEvent = MeetupEvent::create($validated);
+
+        return Response::json(MeetupEventResource::make($meetupEvent->fresh())->resolve());
+    }
+
+    /**
+     * @return array<string, Type>
+     */
+    public function schema(JsonSchema $schema): array
+    {
+        return [
+            'meetup_id' => $schema->integer()->description('ID des zugehörigen Meetups (vorher per search-meetups auflösen).')->required(),
+            'start' => $schema->string()->description('Startzeitpunkt als Datum/Uhrzeit (z. B. 2026-08-01 18:00:00).')->required(),
+            'location' => $schema->string()->description('Veranstaltungsort.'),
+            'description' => $schema->string()->description('Beschreibung des Termins.'),
+            'link' => $schema->string()->description('Link zum Termin (URL).'),
+            'recurrence_type' => $schema->string()->description('Wiederholungstyp.'),
+            'recurrence_day_of_week' => $schema->string()->description('Wochentag der Wiederholung.'),
+            'recurrence_day_position' => $schema->string()->description('Position des Wochentags im Monat.'),
+            'recurrence_interval' => $schema->integer()->description('Wiederholungsintervall.'),
+            'recurrence_end_date' => $schema->string()->description('Enddatum der Wiederholung.'),
+        ];
+    }
+}
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Mcp\Tools\MeetupEvent;
+
+use App\Http\Resources\MeetupEventResource;
+use App\Models\MeetupEvent;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+use Laravel\Mcp\Server\Tools\Annotations\IsReadOnly;
+
+#[IsReadOnly]
+#[Description('Listet alle vom authentifizierten Nutzer erstellten Meetup-Termine, nach Startzeitpunkt absteigend sortiert.')]
+class ListMyMeetupEventsTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('viewAny', MeetupEvent::class)) {
+            return Response::error('Nicht authentifiziert.');
+        }
+
+        $meetupEvents = MeetupEvent::query()
+            ->where('created_by', $user->getAuthIdentifier())
+            ->orderByDesc('start')
+            ->get();
+
+        return Response::json(MeetupEventResource::collection($meetupEvents)->resolve());
+    }
+}
@@ -0,0 +1,46 @@
+<?php
+
+namespace App\Mcp\Tools\MeetupEvent;
+
+use App\Http\Resources\MeetupEventResource;
+use App\Models\MeetupEvent;
+use Illuminate\Contracts\JsonSchema\JsonSchema;
+use Illuminate\JsonSchema\Types\Type;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+use Laravel\Mcp\Server\Tools\Annotations\IsReadOnly;
+
+#[IsReadOnly]
+#[Description('Zeigt einen einzelnen, vom authentifizierten Nutzer erstellten Meetup-Termin.')]
+class ShowMyMeetupEventTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $meetupEvent = MeetupEvent::find($request->get('id'));
+
+        if (! $meetupEvent) {
+            return Response::error('Meetup-Termin nicht gefunden.');
+        }
+
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('view', $meetupEvent)) {
+            return Response::error('Nur der Ersteller oder ein Super-Admin darf diesen Meetup-Termin sehen.');
+        }
+
+        return Response::json(MeetupEventResource::make($meetupEvent)->resolve());
+    }
+
+    /**
+     * @return array<string, Type>
+     */
+    public function schema(JsonSchema $schema): array
+    {
+        return [
+            'id' => $schema->integer()->description('ID des Meetup-Termins.')->required(),
+        ];
+    }
+}
@@ -0,0 +1,59 @@
+<?php
+
+namespace App\Mcp\Tools\MeetupEvent;
+
+use App\Http\Requests\Api\UpdateMeetupEventRequest;
+use App\Http\Resources\MeetupEventResource;
+use App\Models\MeetupEvent;
+use Illuminate\Contracts\JsonSchema\JsonSchema;
+use Illuminate\JsonSchema\Types\Type;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+
+#[Description('Aktualisiert einen bestehenden Meetup-Termin. Nur der Ersteller oder ein Super-Admin darf ihn ändern.')]
+class UpdateMeetupEventTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $meetupEvent = MeetupEvent::find($request->get('id'));
+
+        if (! $meetupEvent) {
+            return Response::error('Meetup-Termin nicht gefunden.');
+        }
+
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('update', $meetupEvent)) {
+            return Response::error('Nur der Ersteller oder ein Super-Admin darf diesen Meetup-Termin ändern.');
+        }
+
+        $validated = $request->validate((new UpdateMeetupEventRequest)->rules());
+
+        $meetupEvent->update($validated);
+
+        return Response::json(MeetupEventResource::make($meetupEvent->fresh())->resolve());
+    }
+
+    /**
+     * @return array<string, Type>
+     */
+    public function schema(JsonSchema $schema): array
+    {
+        return [
+            'id' => $schema->integer()->description('ID des zu aktualisierenden Meetup-Termins.')->required(),
+            'meetup_id' => $schema->integer()->description('ID des zugehörigen Meetups.'),
+            'start' => $schema->string()->description('Startzeitpunkt als Datum/Uhrzeit (z. B. 2026-08-01 18:00:00).'),
+            'location' => $schema->string()->description('Veranstaltungsort.'),
+            'description' => $schema->string()->description('Beschreibung des Termins.'),
+            'link' => $schema->string()->description('Link zum Termin (URL).'),
+            'recurrence_type' => $schema->string()->description('Wiederholungstyp.'),
+            'recurrence_day_of_week' => $schema->string()->description('Wochentag der Wiederholung.'),
+            'recurrence_day_position' => $schema->string()->description('Position des Wochentags im Monat.'),
+            'recurrence_interval' => $schema->integer()->description('Wiederholungsintervall.'),
+            'recurrence_end_date' => $schema->string()->description('Enddatum der Wiederholung.'),
+        ];
+    }
+}