surveyor_indonesia_backend/app/Http/Controllers/AuthController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;

use App\Models\User;
use App\Models\Role;

class AuthController extends Controller
{
	public function __construct()
	{
		$this->middleware('auth:api', ['except' => ['login']]);
	}

	public function login(Request $request)
	{
		$username  = $request->username;
		$password  = $request->password;
		$remember  = $request->remember;
		$is_mobile = $request->is_mobile;

		if(empty($username) || empty($password))
			return response()->json(['status'=>'error','message'=>'You must fill all the fields'], 400);

		$user = User::where('username', $username)->where('password', md5($password))->first();

		if($is_mobile){
			$fcm_token = $request->fcm_token;

			if(!$fcm_token || $fcm_token=="")
				return response()->json(['status'=>'error','message'=>'FCM Token is required'], 400);

			$dataUpdateFcm = array(
				"fcm_token"=>$fcm_token
			);

			$hr = User::find($user->id);

			if($hr)
				$hr->update($dataUpdateFcm);
		}

		$dataRole = Role::find($user->role_id);

		if($dataRole)
			$user->role = $dataRole;

		if (! $token =Auth::login($user))
			return response()->json(['error' => 'Unauthorized'], 401);

		$ttl = 60;
		if($remember)
			$ttl = 10080;

		// todo : change existing md5 hashed function to laravel's originally bcrypt
		/* $token = auth()->setTTL($ttl)->attempt(['username' => $username, 'password' => Hash::make($password)]); */
		/* dd(response()->json(['code'=>'200', 'token' => $token, 'ttl' => $ttl])); */

		return response()->json([
			'code' => 200,
			'data' => array(
				'data_user' => $user,
				'access_token' => $token,
				'token_type' => 'bearer',
				'expires_in' => auth()->factory()->getTTL() * $ttl,
			),
		]);
	}
}