From 37302ee559ceb7e73dbf2c18bc22bacef132e24e Mon Sep 17 00:00:00 2001
From: Eduard Lupacescu <lupacescueduard@gmail.com>
Date: Sun, 31 Aug 2025 14:13:52 +0300
Subject: [PATCH] fix: adding loggout and docs support, improved email
 verification

---
 config/restify.php                            |  32 ++
 docs-v3/components/SearchModal.vue            |  42 ++-
 docs-v3/components/TheSidebar.vue             |  10 +-
 docs-v3/content/auth/authentication.md        | 279 +++++++++++++++++-
 docs-v3/content/quickstart.md                 |  29 +-
 docs-v3/pages/[...slug].vue                   |   4 -
 src/Commands/PublishAuthCommand.php           |   4 +-
 src/Commands/SetupCommand.php                 | 151 ++++++++++
 src/Commands/stubs/Auth/VerifyController.stub |  49 ++-
 src/Http/Controllers/Auth/LoginController.php |   8 +-
 .../Controllers/Auth/LogoutController.php     |  25 ++
 .../Controllers/Auth/RegisterController.php   |  22 +-
 .../Controllers/Auth/VerifyController.php     |  46 ++-
 src/Notifications/VerifyEmail.php             |  17 +-
 src/RestifyApplicationServiceProvider.php     |   9 +-
 15 files changed, 688 insertions(+), 39 deletions(-)
 create mode 100644 src/Http/Controllers/Auth/LogoutController.php

diff --git a/config/restify.php b/config/restify.php
index 139f981fd..0611d2d76 100644
--- a/config/restify.php
+++ b/config/restify.php
@@ -45,9 +45,41 @@
 
         'password_reset_url' => env('FRONTEND_APP_URL').'/password/reset?token={token}&email={email}',
 
+        /*
+        |--------------------------------------------------------------------------
+        | User Email Verification URL
+        |--------------------------------------------------------------------------
+        |
+        | This URL is used to redirect users after they click the email verification
+        | link. The API will validate the verification and redirect to this frontend
+        | URL with success/failure query parameters.
+        |
+        | Available placeholders:
+        | {id} - User ID
+        | {emailHash} - SHA1 hash of user's email
+        |
+        | Query parameters added by API:
+        | ?success=true&message=Email verified successfully.
+        | ?success=false&message=Invalid or expired verification link.
+        |
+        */
         'user_verify_url' => env('FRONTEND_APP_URL').'/verify/{id}/{emailHash}',
 
         'user_model' => "\App\Models\User",
+
+        /*
+        |--------------------------------------------------------------------------
+        | Token TTL (Time To Live)
+        |--------------------------------------------------------------------------
+        |
+        | This value determines the number of minutes that authentication tokens
+        | will be considered valid. After this time expires, users will need to
+        | re-authenticate. Set to null for tokens that never expire.
+        |
+        | Default: null (never expires)
+        |
+        */
+        'token_ttl' => env('RESTIFY_TOKEN_TTL', null),
     ],
 
     /*
diff --git a/docs-v3/components/SearchModal.vue b/docs-v3/components/SearchModal.vue
index 7cee8267f..63c7565f3 100644
--- a/docs-v3/components/SearchModal.vue
+++ b/docs-v3/components/SearchModal.vue
@@ -38,9 +38,14 @@
               placeholder="Search documentation..."
               class="flex-1 bg-transparent text-gray-900 dark:text-white placeholder-gray-500 dark:placeholder-gray-400 border-0 focus:ring-0 focus:outline-none text-lg"
               @input="performSearch"
+              @keyup="performSearch"
               @keydown.down.prevent="navigateResults('down')"
               @keydown.up.prevent="navigateResults('up')"
               @keydown.enter.prevent="selectResult"
+              autocomplete="off"
+              autocorrect="off"
+              autocapitalize="off"
+              spellcheck="false"
             />
             
             <div class="hidden sm:flex items-center space-x-2 text-xs text-gray-400 dark:text-gray-500">
@@ -225,7 +230,10 @@ const debounce = (fn: Function, delay: number) => {
 
 // Search functionality
 const performSearch = debounce(async () => {
-  if (!searchQuery.value.trim()) {
+  const query = searchQuery.value?.trim()
+  console.log('🔍 Search triggered with query:', query)
+  
+  if (!query) {
     searchResults.value = []
     return
   }
@@ -234,7 +242,10 @@ const performSearch = debounce(async () => {
   selectedIndex.value = 0
 
   try {
-    searchResults.value = await searchContent(searchQuery.value)
+    console.log('🔍 Performing search for:', query)
+    const results = await searchContent(query)
+    console.log('🔍 Search results:', results.length, 'items')
+    searchResults.value = results
   } catch (error) {
     console.error('Search error:', error)
     searchResults.value = []
@@ -243,6 +254,25 @@ const performSearch = debounce(async () => {
   }
 }, 300)
 
+// Also create immediate search for iOS
+const performImmediateSearch = async () => {
+  const query = searchQuery.value?.trim()
+  if (!query) return
+  
+  console.log('🔍 Immediate search for iOS:', query)
+  isSearching.value = true
+  
+  try {
+    const results = await searchContent(query)
+    searchResults.value = results
+  } catch (error) {
+    console.error('Immediate search error:', error)
+    searchResults.value = []
+  } finally {
+    isSearching.value = false
+  }
+}
+
 // Lifecycle
 onMounted(() => {
   document.addEventListener('keydown', handleKeydown)
@@ -265,6 +295,14 @@ watch(isOpen, (newIsOpen) => {
   }
 })
 
+// Watch searchQuery changes for iOS devices where input events might not fire
+watch(searchQuery, (newQuery) => {
+  console.log('🔍 Search query changed to:', newQuery)
+  if (newQuery !== undefined) {
+    performSearch()
+  }
+}, { immediate: false })
+
 // No need to expose methods since we're using global state
 </script>
 
diff --git a/docs-v3/components/TheSidebar.vue b/docs-v3/components/TheSidebar.vue
index 111a6cbdd..55cdf9671 100644
--- a/docs-v3/components/TheSidebar.vue
+++ b/docs-v3/components/TheSidebar.vue
@@ -144,9 +144,17 @@ watch(isMobileMenuOpen, (isOpen) => {
   }
 })
 
-// Collapsible sections state
+// Collapsible sections state - start with all sections collapsed
 const collapsedSections = ref<Set<string>>(new Set())
 
+// Initialize all sections as collapsed when navigation sections are available
+onMounted(() => {
+  if (navigationSections.value) {
+    const allSectionTitles = navigationSections.value.map(section => section.title)
+    collapsedSections.value = new Set(allSectionTitles)
+  }
+})
+
 // Toggle section visibility
 const toggleSection = (sectionTitle: string) => {
   if (collapsedSections.value.has(sectionTitle)) {
diff --git a/docs-v3/content/auth/authentication.md b/docs-v3/content/auth/authentication.md
index 1a45236fb..bf9950dee 100644
--- a/docs-v3/content/auth/authentication.md
+++ b/docs-v3/content/auth/authentication.md
@@ -5,15 +5,13 @@ category: Auth
 position: 1
 ---
 
-Laravel Restify supports easy authentication with [Laravel Sanctum](https://laravel.com/docs/sanctum#api-token-authentication).
-
-Now you can finally enjoy the auth setup (`register`, `login`, `forgot`, and `reset password`).
+Laravel Restify provides comprehensive authentication with [Laravel Sanctum](https://laravel.com/docs/sanctum#api-token-authentication), including register, login, logout, forgot password, reset password, and email verification.
 
 ## Quick start
 
-tl;dr: 
+**This is everything you need to have authentication in place:**
 
-If you run on Laravel 10 or higher, you can use this command that will do all the setup for you:
+If you run on Laravel 11 or higher, use this single command for complete authentication setup:
 
 ```shell script
 php artisan restify:setup-auth
@@ -22,20 +20,23 @@ php artisan restify:setup-auth
 This command will:
 
 - **Ensures** that `Sanctum` is installed and configured as the authentication provider in the `config/restify.php` file
+- **Identifies** the User model and updates the `auth.user_model` configuration automatically
 - **Appends** the `Route::restifyAuth();` line to the `routes/api.php` file to add the authentication routes
 
-## Prerequisites
+**That's it!** Your authentication system is ready to use with register, login, logout, password reset, and email verification.
+
+---
+
+**Prefer manual setup?** You can configure everything step-by-step as described below, starting with the [Install sanctum](#install-sanctum) section.
 
-Migrate the `users`, `password_resets` table (they already exist into a fresh Laravel app).
+## Install sanctum
 
 <alert type="success">
 
-Laravel 10 automatically ships with Sanctum, so you don't have to install it.
+Laravel 11 automatically ships with Sanctum, so you don't have to install it.
 
 </alert>
 
-### Install sanctum
-
 See the documentation [here](https://laravel.com/docs/sanctum#installation). You don't need to add `\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,` to your `'api'` middleware group. 
 
 You only have to run these 3 commands: 
@@ -64,7 +65,7 @@ The `User` model should extend the `Illuminate\Foundation\Auth\User` class or im
 <alert type="info">
 
 Make sure you have the `\Laravel\Sanctum\HasApiTokens` trait to your `User` model. 
-Laravel 10 will automatically add this trait to your `User` model.
+Laravel 11 will automatically add this trait to your `User` model.
 
 </alert>
 
@@ -96,6 +97,7 @@ These are the default routes provided by restify:
 | :------------- |:-----------------------------------------|:---------------|
 | **POST**           | `/api/register`                          | register       |
 | **POST**           | `/api/login`                             | login          |
+| **POST**           | `/api/logout`                            | logout         |
 | **POST**           | `/api/restify/forgotPassword`            | forgotPassword |
 | **POST**           | `/api/restify/resetPassword`             | resetPassword  |
 | **POST**           | `/api/restify/verify/{id}/{emailHash}`   | verifyEmail    |
@@ -216,6 +218,50 @@ curl -X GET "http://restify-app.test/api/restify/profile" \
 
 Replace `http://restify-app.test` with your actual domain and use the authentication token you received after logging in.
 
+## Token Management
+
+Laravel Restify uses Sanctum tokens for API authentication with the following characteristics:
+
+### Token Expiration
+
+By default, tokens **never expire**. You can configure token expiration in your `config/restify.php` file:
+
+```php
+// config/restify.php
+'auth' => [
+    'token_ttl' => null, // Default: tokens never expire
+    // Set to minutes for token expiration
+    // 'token_ttl' => 60, // Tokens expire after 60 minutes (1 hour)
+]
+```
+
+### Logout
+
+To revoke an authentication token before it expires, use the logout endpoint:
+
+```bash
+curl -X POST "http://restify-app.test/api/logout" \
+     -H "Accept: application/json" \
+     -H "Authorization: Bearer 1|f7D1qkALtM9GKDkjREKpwMRKTZg2ZnFqDZTSe53k"
+```
+
+Successful logout returns:
+
+```json
+{
+    "message": "Successfully logged out"
+}
+```
+
+### Multiple Devices
+
+Laravel Sanctum automatically handles multiple device authentication:
+
+- Each login creates a **new token**
+- Users can be logged in on multiple devices simultaneously
+- Each device has its own token
+- Logout only revokes the specific token used
+
 ## Register
 
 Let's see how to register a new user in the application. You can test the registration using cURL or Postman.
@@ -271,6 +317,164 @@ You should see the response like this:
 }
 ```
 
+## Email Verification
+
+Email verification is only available when your User model implements the `MustVerifyEmail` interface.
+
+### Enable Email Verification
+
+Update your User model to implement email verification:
+
+```php
+// app/Models/User.php
+use Illuminate\Contracts\Auth\MustVerifyEmail;
+use Illuminate\Foundation\Auth\User as Authenticatable;
+use Laravel\Sanctum\HasApiTokens;
+
+class User extends Authenticatable implements MustVerifyEmail
+{
+    use HasApiTokens;
+    
+    // ... rest of your User model
+}
+```
+
+When a user registers, their `email_verified_at` field is set to `NULL`, and Restify automatically sends a verification email using the `VerifyEmail` notification.
+
+### How It Works
+
+When the `MustVerifyEmail` interface is implemented, during registration Restify will:
+
+1. **Send verification email** using `Binaryk\LaravelRestify\Notifications\VerifyEmail`
+2. **Generate signed verification URL** pointing directly to the Restify API endpoint
+3. **Include parameters** in the signed URL:
+   - `id` → User's ID
+   - `hash` → SHA1 hash of the user's email address
+
+The email contains a CTA (Call-To-Action) button that links directly to the API verification endpoint.
+
+### Verification Flow
+
+1. **Registration**: User registers → `email_verified_at` is `NULL`
+2. **Email Sent**: User receives verification email with CTA link
+3. **Direct API Call**: Email CTA redirects directly to `/api/restify/verify/{id}/{hash}` 
+4. **Email Verification**: API validates the signed URL and sets `email_verified_at` to current timestamp
+5. **Frontend Redirect**: 
+   - **Success**: If validation succeeds, API redirects user to frontend URL from `config('restify.auth.user_verify_url')`
+   - **Failure**: If hash is invalid, API redirects to frontend with `?success=false&message=Invalid hash`
+
+### Frontend Integration
+
+With the updated flow, users click the CTA in the email and are redirected directly to the API for verification. After verification (successful or failed), they land on your frontend application.
+
+Your frontend should handle the verification result by checking URL parameters:
+
+**Success case**: User lands on your configured URL (no additional parameters)
+```
+https://your-frontend-app.com/email/verify?id=1&hash=abc123
+```
+
+**Failure case**: User lands on your configured URL with error parameters
+```
+https://your-frontend-app.com/email/verify?id=1&hash=abc123&success=false&message=Invalid hash
+```
+
+**Frontend JavaScript example**:
+```javascript
+// Check for verification result
+const urlParams = new URLSearchParams(window.location.search);
+const success = urlParams.get('success');
+const message = urlParams.get('message');
+
+if (success === 'false') {
+    // Handle verification failure
+    console.error('Verification failed:', message);
+    // Show error message to user
+    showErrorMessage(message || 'Email verification failed');
+} else {
+    // Handle verification success (success param is absent for successful verifications)
+    console.log('Email verified successfully');
+    // Show success message and redirect or update UI
+    showSuccessMessage('Your email has been verified successfully!');
+}
+```
+
+### cURL Example
+
+For testing purposes, you can directly call the verification endpoint:
+
+```bash
+curl -X GET "http://restify-app.test/api/restify/verify/1/abc123hash?signature=xyz&expires=123456" \
+     -H "Accept: application/json"
+```
+
+**Note**: The actual verification URL includes a signed signature and expires parameter for security.
+
+### Success Response
+
+On successful verification, the API redirects to your configured frontend URL. For direct API calls (like cURL), you might receive a success response or redirect.
+
+### Configuration
+
+Configure your frontend URL in `config/restify.php`:
+
+```php
+'auth' => [
+    'user_verify_url' => env('FRONTEND_APP_URL').'/email/verify?id={id}&hash={emailHash}',
+]
+```
+
+## AI Agent Authentication
+
+Laravel Restify's MCP server uses the same Sanctum authentication system. AI agents authenticate using the same tokens that humans use.
+
+### Token Generation for AI Agents
+
+Users can generate API tokens for AI agents through your application interface, or programmatically:
+
+```php
+// Generate a token for an AI agent
+$user = auth()->user();
+$token = $user->createToken('AI Agent Token')->plainTextToken;
+
+// Token can be used by AI agents for MCP server access
+```
+
+### MCP Server Authentication
+
+When configuring the MCP server, tokens are passed in the Authorization header:
+
+```php
+// config/ai.php - MCP server with authentication
+Mcp::web('restify', RestifyServer::class)
+    ->middleware(['auth:sanctum'])  // Same authentication as REST API
+    ->name('mcp.restify');
+```
+
+### AI Agent Usage
+
+AI agents use the same Bearer token authentication:
+
+```bash
+# AI agent making MCP request
+curl -X GET "http://restify-app.test/mcp/restify" \
+     -H "Accept: application/json" \
+     -H "Authorization: Bearer 1|f7D1qkALtM9GKDkjREKpwMRKTZg2ZnFqDZTSe53k"
+```
+
+### Benefits
+
+- **Unified Authentication**: Same auth system for humans and AI agents
+- **Consistent Permissions**: Same authorization policies apply
+- **Token Management**: Same logout/expiration rules
+- **Security**: Same security model across all interfaces
+
+<alert>
+
+**Learn More**: Check the [MCP Server Guide](/mcp/mcp) for detailed AI agent configuration.
+
+</alert>
+
 ## Forgot Password
 
 To initiate the password reset process, use the following endpoint:
@@ -361,6 +565,59 @@ If the password reset is successful, you should receive a response similar to th
 
 Now the user's password has been successfully reset, and they can log in with their new password.
 
+## Authentication Configuration
+
+Laravel Restify provides several configuration options in `config/restify.php` under the `auth` key:
+
+### Available Options
+
+```php
+// config/restify.php
+'auth' => [
+    // User model for authentication
+    'user_model' => \App\Models\User::class,
+    
+    // Token expiration time in minutes (default: null - never expire)
+    'token_ttl' => null,
+    
+    // Password reset URL (for frontend)
+    'password_reset_url' => env('FRONTEND_APP_URL').'/password/reset?token={token}&email={email}',
+    
+    // Email verification URL (for frontend)
+    'user_verify_url' => env('FRONTEND_APP_URL').'/email/verify?id={id}&hash={emailHash}',
+],
+```
+
+### Environment Variables
+
+Add these to your `.env` file:
+
+```bash
+# Frontend application URL for auth redirects
+FRONTEND_APP_URL=https://your-frontend-app.com
+
+# Mail configuration for password reset and verification emails
+MAIL_MAILER=smtp
+MAIL_HOST=your-smtp-host
+MAIL_PORT=587
+MAIL_USERNAME=your-username
+MAIL_PASSWORD=your-password
+MAIL_ENCRYPTION=tls
+```
+
+### Token Configuration
+
+- **Default TTL**: `null` (never expire)
+- **Custom TTL**: Set any value in minutes
+- **Never Expire**: Set `token_ttl` to `null`
+
+```php
+// Examples
+'token_ttl' => null,  // Never expire (default)
+'token_ttl' => 30,    // 30 minutes
+'token_ttl' => 60,    // 1 hour
+'token_ttl' => 1440,  // 24 hours
+```
 
 ## Customizing Authentication Controllers
 
diff --git a/docs-v3/content/quickstart.md b/docs-v3/content/quickstart.md
index d8e93d424..df2fc2d92 100644
--- a/docs-v3/content/quickstart.md
+++ b/docs-v3/content/quickstart.md
@@ -36,6 +36,7 @@ This command will:
 - **Create** a new `app/Restify` directory for your repositories
 - **Generate** an abstract `app/Restify/Repository.php` base class
 - **Scaffold** a `app/Restify/UserRepository` for immediate use
+- **Create** the `routes/ai.php` file (if it doesn't exist) with commented MCP server configuration
 
 ### Run Migrations
 
@@ -120,7 +121,9 @@ For production use, enable authentication by uncommenting the Sanctum middleware
 
 ## MCP Server Setup
 
-Laravel Restify can automatically generate MCP (Model Context Protocol) servers for AI agents. Add this to your `config/ai.php` file:
+Laravel Restify can automatically generate MCP (Model Context Protocol) servers for AI agents. 
+
+**1. Add the MCP server to your `config/ai.php` file:**
 
 ```php
 use Binaryk\LaravelRestify\MCP\RestifyServer;
@@ -132,7 +135,29 @@ Mcp::web('restify', RestifyServer::class)
     ->name('mcp.restify');
 ```
 
-This creates an MCP endpoint at `/mcp/restify` that AI agents can use to interact with your API automatically.
+**2. Enable MCP tools in your repositories:**
+
+Add the `HasMcpTools` trait to any repository you want to expose to AI agents:
+
+```php
+use Binaryk\LaravelRestify\MCP\Concerns\HasMcpTools;
+
+#[Model(Post::class)]
+class PostRepository extends Repository
+{
+    use HasMcpTools; // Enables MCP tools for AI agents
+    
+    public function fields(RestifyRequest $request): array
+    {
+        return [
+            field('title')->required()->matchable(),
+            field('content'),
+        ];
+    }
+}
+```
+
+This creates an MCP endpoint at `/mcp/restify` that AI agents can use to discover and interact with your enabled repositories automatically.
 
 <alert>
 
diff --git a/docs-v3/pages/[...slug].vue b/docs-v3/pages/[...slug].vue
index 356a7c03d..2a770930f 100644
--- a/docs-v3/pages/[...slug].vue
+++ b/docs-v3/pages/[...slug].vue
@@ -36,10 +36,6 @@
             <h1 class="text-4xl font-bold text-gray-900 dark:text-white mb-4">
               {{ doc.title }}
             </h1>
-            
-            <p v-if="doc.description" class="text-xl text-gray-600 dark:text-gray-400">
-              {{ doc.description }}
-            </p>
           </header>
           
           <!-- Page content -->
diff --git a/src/Commands/PublishAuthCommand.php b/src/Commands/PublishAuthCommand.php
index 88dab483d..4f76f852e 100644
--- a/src/Commands/PublishAuthCommand.php
+++ b/src/Commands/PublishAuthCommand.php
@@ -76,7 +76,7 @@ protected function copyDirectory(string $path, string $stubDirectory, string $fo
                     return true;
                 }
 
-                $actionName = Str::before($file->getFilename(), 'Controller');
+                $actionName = Str::before($file->getFilename(), 'Controller.stub');
 
                 return in_array($actionName, $actions, true) || in_array(Str::lower($actionName), $actions, true);
             })
@@ -141,7 +141,7 @@ protected function getRouteStubs(): string
         $routeStubs = '';
 
         foreach ($routes as $action => $routeStub) {
-            if (! $actions || in_array($action, $actions, true)) {
+            if (! $actions || in_array($action, $actions, true) || in_array(Str::lower($action), $actions, true)) {
                 $routeStubs .= file_get_contents($stubDirectory.$routeStub);
             }
         }
diff --git a/src/Commands/SetupCommand.php b/src/Commands/SetupCommand.php
index f76e4cc3d..e4f049e5a 100644
--- a/src/Commands/SetupCommand.php
+++ b/src/Commands/SetupCommand.php
@@ -46,6 +46,10 @@ public function handle()
         }
 
         $this->setAppNamespace();
+        
+        $this->configureUserModel();
+        
+        $this->createAiRoutesFile();
 
         $this->info('Restify setup successfully.');
     }
@@ -135,4 +139,151 @@ protected function setAppNamespaceOn($file, $namespace)
             file_get_contents($file)
         ));
     }
+
+    /**
+     * Configure the User model in the restify config.
+     *
+     * @return void
+     */
+    protected function configureUserModel()
+    {
+        $this->comment('Searching for User models in your application...');
+        
+        $userModels = $this->findUserModels();
+        
+        if (empty($userModels)) {
+            $this->warn('No User models found in App namespace. Using default \\App\\Models\\User.');
+            return;
+        }
+        
+        if (count($userModels) === 1) {
+            $selectedModel = $userModels[0];
+            if ($this->confirm("Found User model: {$selectedModel}. Use this as your authentication model?", true)) {
+                $this->updateUserModelConfig($selectedModel);
+                $this->info("Updated restify config to use: {$selectedModel}");
+            }
+            return;
+        }
+        
+        $this->info('Multiple User models found:');
+        foreach ($userModels as $index => $model) {
+            $this->line(" [{$index}] {$model}");
+        }
+        
+        $choice = $this->ask('Please select the User model to use (enter the number)', '0');
+        
+        if (isset($userModels[$choice])) {
+            $selectedModel = $userModels[$choice];
+            $this->updateUserModelConfig($selectedModel);
+            $this->info("Updated restify config to use: {$selectedModel}");
+        } else {
+            $this->warn('Invalid selection. Using default \\App\\Models\\User.');
+        }
+    }
+
+    /**
+     * Find User models in the App namespace.
+     *
+     * @return array
+     */
+    protected function findUserModels()
+    {
+        $appPath = app_path();
+        $namespace = $this->laravel->getNamespace();
+        $userModels = [];
+        
+        $iterator = new \RecursiveIteratorIterator(
+            new \RecursiveDirectoryIterator($appPath, \RecursiveDirectoryIterator::SKIP_DOTS),
+            \RecursiveIteratorIterator::SELF_FIRST
+        );
+        
+        foreach ($iterator as $file) {
+            if ($file->isFile() && $file->getExtension() === 'php') {
+                $relativePath = str_replace($appPath . DIRECTORY_SEPARATOR, '', $file->getPathname());
+                $className = str_replace(['/', '.php'], ['\\', ''], $relativePath);
+                $fqcn = $namespace . $className;
+                
+                if ($this->isUserModel($file->getPathname(), $className)) {
+                    $userModels[] = $fqcn;
+                }
+            }
+        }
+        
+        return $userModels;
+    }
+
+    /**
+     * Check if a PHP file contains a User model.
+     *
+     * @param  string  $filePath
+     * @param  string  $className
+     * @return bool
+     */
+    protected function isUserModel($filePath, $className)
+    {
+        if (! str_contains(strtolower($className), 'user')) {
+            return false;
+        }
+        
+        $content = file_get_contents($filePath);
+        
+        return str_contains($content, 'extends Authenticatable') ||
+               str_contains($content, 'use Authenticatable') ||
+               str_contains($content, 'implements AuthenticatableContract') ||
+               str_contains($content, 'HasApiTokens');
+    }
+
+    /**
+     * Update the user_model configuration in restify config.
+     *
+     * @param  string  $userModel
+     * @return void
+     */
+    protected function updateUserModelConfig($userModel)
+    {
+        $configPath = config_path('restify.php');
+        
+        if (! file_exists($configPath)) {
+            $this->warn('restify.php config file not found.');
+            return;
+        }
+        
+        $content = file_get_contents($configPath);
+        $escapedUserModel = addslashes($userModel);
+        
+        $pattern = "/'user_model'\s*=>\s*['\"].*?['\"]/";
+        $replacement = "'user_model' => \"{$escapedUserModel}\"";
+        
+        $newContent = preg_replace($pattern, $replacement, $content);
+        
+        if ($newContent !== $content) {
+            file_put_contents($configPath, $newContent);
+        } else {
+            $this->warn('Could not update user_model configuration.');
+        }
+    }
+
+    /**
+     * Create the ai.php routes file if it doesn't exist.
+     *
+     * @return void
+     */
+    protected function createAiRoutesFile()
+    {
+        $routesPath = base_path('routes');
+        $aiRoutesFile = $routesPath . '/ai.php';
+        
+        if (file_exists($aiRoutesFile)) {
+            $this->line('AI routes file already exists.');
+            return;
+        }
+        
+        app(Filesystem::class)->ensureDirectoryExists($routesPath);
+        
+        $content = "<?php\n\nuse Binaryk\\LaravelRestify\\MCP\\RestifyServer;\nuse Laravel\\Mcp\\Server\\Facades\\Mcp;\n\n// Restify MCP Server - provides AI agents access to your Restify repositories\n// Mcp::web('restify', RestifyServer::class)\n//     ->middleware(['auth:sanctum']); // Available at /mcp/restify\n\n// Mcp::local('restify', RestifyServer::class); // Start with ./artisan mcp:start restify\n\n// Example custom servers:\n// Mcp::web('demo', \\App\\Mcp\\Servers\\PublicServer::class); // Available at /mcp/demo\n// Mcp::local('demo', \\App\\Mcp\\Servers\\LocalServer::class); // Start with ./artisan mcp:start demo\n";
+        
+        file_put_contents($aiRoutesFile, $content);
+        
+        $this->info('Created routes/ai.php file for MCP server configuration.');
+    }
 }
diff --git a/src/Commands/stubs/Auth/VerifyController.stub b/src/Commands/stubs/Auth/VerifyController.stub
index 8cbed3573..4469f8733 100644
--- a/src/Commands/stubs/Auth/VerifyController.stub
+++ b/src/Commands/stubs/Auth/VerifyController.stub
@@ -3,22 +3,49 @@
 namespace {{namespace}};
 
 use App\Models\User;
-use Binaryk\LaravelRestify\Contracts\Sanctumable;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Auth\Events\Verified;
+use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\MustVerifyEmail;
+use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
 
 class VerifyController extends Controller
 {
-    public function __invoke(int $id, string $hash)
+    public function __invoke(Request $request, int $id, string $hash)
     {
+        $frontendUrl = config('restify.auth.user_verify_url');
+        
+        if (! $request->hasValidSignature()) {
+            if ($frontendUrl) {
+                $redirectUrl = str_replace(
+                    ['{id}', '{emailHash}'],
+                    [$id, $hash],
+                    $frontendUrl
+                );
+                
+                return redirect($redirectUrl . '?success=false&message=' . urlencode('Invalid or expired verification link.'));
+            }
+            
+            throw new AuthorizationException('Invalid or expired verification link.');
+        }
+
         /**
-         * @var User $user
+         * @var Authenticatable $user
          */
         $user = config('restify.auth.user_model')::query()->findOrFail($id);
 
-        if ($user instanceof Sanctumable && ! hash_equals((string) $hash, sha1($user->getEmailForVerification()))) {
+        if (! hash_equals((string) $hash, sha1($user->getEmailForVerification()))) {
+            if ($frontendUrl) {
+                $redirectUrl = str_replace(
+                    ['{id}', '{emailHash}'],
+                    [$user->getKey(), $hash],
+                    $frontendUrl
+                );
+                
+                return redirect($redirectUrl . '?success=false&message=' . urlencode('Invalid hash'));
+            }
+            
             throw new AuthorizationException('Invalid hash');
         }
 
@@ -26,6 +53,18 @@ class VerifyController extends Controller
             event(new Verified($user));
         }
 
-        return rest($user);
+        if ($frontendUrl) {
+            $redirectUrl = str_replace(
+                ['{id}', '{emailHash}'],
+                [$user->getKey(), $hash],
+                $frontendUrl
+            );
+
+            return redirect($redirectUrl . '?success=true&message=' . urlencode('Email verified successfully.'));
+        }
+
+        return rest($user)->indexMeta([
+            'message' => 'Email verified successfully.',
+        ]);
     }
 }
diff --git a/src/Http/Controllers/Auth/LoginController.php b/src/Http/Controllers/Auth/LoginController.php
index d506bb0ed..267843170 100644
--- a/src/Http/Controllers/Auth/LoginController.php
+++ b/src/Http/Controllers/Auth/LoginController.php
@@ -30,8 +30,14 @@ public function __invoke(Request $request)
 
         Auth::login($user);
 
+        $tokenTtl = config('restify.auth.token_ttl');
+        $expiresAt = $tokenTtl ? now()->addMinutes($tokenTtl) : null;
+        
+        $token = $user->createToken('login', ['*'], $expiresAt);
+
         return rest($user)->indexMeta([
-            'token' => $user->createToken('login')->plainTextToken,
+            'token' => $token->plainTextToken,
+            'expires_in' => $tokenTtl ? $tokenTtl * 60 : null,
         ]);
     }
 }
diff --git a/src/Http/Controllers/Auth/LogoutController.php b/src/Http/Controllers/Auth/LogoutController.php
new file mode 100644
index 000000000..ed545a158
--- /dev/null
+++ b/src/Http/Controllers/Auth/LogoutController.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Binaryk\LaravelRestify\Http\Controllers\Auth;
+
+use Illuminate\Http\Request;
+use Illuminate\Routing\Controller;
+use Illuminate\Support\Facades\Auth;
+
+class LogoutController extends Controller
+{
+    public function __invoke(Request $request)
+    {
+        $user = Auth::user();
+
+        if ($user && method_exists($user, 'currentAccessToken')) {
+            $user->currentAccessToken()->delete();
+        }
+
+        Auth::logout();
+
+        return response()->json([
+            'message' => 'Successfully logged out.',
+        ]);
+    }
+}
\ No newline at end of file
diff --git a/src/Http/Controllers/Auth/RegisterController.php b/src/Http/Controllers/Auth/RegisterController.php
index 365b31976..917dda9a3 100644
--- a/src/Http/Controllers/Auth/RegisterController.php
+++ b/src/Http/Controllers/Auth/RegisterController.php
@@ -2,6 +2,8 @@
 
 namespace Binaryk\LaravelRestify\Http\Controllers\Auth;
 
+use Binaryk\LaravelRestify\Notifications\VerifyEmail;
+use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
 use Illuminate\Support\Facades\Config;
@@ -24,8 +26,22 @@ public function __invoke(Request $request)
             'password' => Hash::make($request->input('password')),
         ]);
 
-        return rest($user)->indexMeta([
-            'token' => $user->createToken('login')->plainTextToken,
-        ]);
+        $tokenTtl = config('restify.auth.token_ttl');
+        $expiresAt = $tokenTtl ? now()->addMinutes($tokenTtl) : null;
+        
+        $token = $user->createToken('login', ['*'], $expiresAt);
+        
+        $meta = [
+            'token' => $token->plainTextToken,
+            'expires_in' => $tokenTtl ? $tokenTtl * 60 : null,
+        ];
+        
+        if ($user instanceof MustVerifyEmail && ! $user->hasVerifiedEmail()) {
+            $user->notify(new VerifyEmail);
+            $meta['email_verification_sent'] = true;
+            $meta['message'] = 'Registration successful. Please check your email to verify your account.';
+        }
+
+        return rest($user)->indexMeta($meta);
     }
 }
diff --git a/src/Http/Controllers/Auth/VerifyController.php b/src/Http/Controllers/Auth/VerifyController.php
index 8f657abdb..468526559 100644
--- a/src/Http/Controllers/Auth/VerifyController.php
+++ b/src/Http/Controllers/Auth/VerifyController.php
@@ -2,23 +2,49 @@
 
 namespace Binaryk\LaravelRestify\Http\Controllers\Auth;
 
-use Binaryk\LaravelRestify\Contracts\Sanctumable;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Auth\Events\Verified;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\MustVerifyEmail;
+use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
 
 class VerifyController extends Controller
 {
-    public function __invoke(int $id, string $hash)
+    public function __invoke(Request $request, int $id, string $hash)
     {
+        $frontendUrl = config('restify.auth.user_verify_url');
+        
+        if (! $request->hasValidSignature()) {
+            if ($frontendUrl) {
+                $redirectUrl = str_replace(
+                    ['{id}', '{emailHash}'],
+                    [$id, $hash],
+                    $frontendUrl
+                );
+                
+                return redirect($redirectUrl . '?success=false&message=' . urlencode('Invalid or expired verification link.'));
+            }
+            
+            throw new AuthorizationException('Invalid or expired verification link.');
+        }
+
         /**
          * @var Authenticatable $user
          */
         $user = config('restify.auth.user_model')::query()->findOrFail($id);
 
-        if ($user instanceof Sanctumable && ! hash_equals((string) $hash, sha1($user->getEmailForVerification()))) {
+        if (! hash_equals((string) $hash, sha1($user->getEmailForVerification()))) {
+            if ($frontendUrl) {
+                $redirectUrl = str_replace(
+                    ['{id}', '{emailHash}'],
+                    [$user->getKey(), $hash],
+                    $frontendUrl
+                );
+                
+                return redirect($redirectUrl . '?success=false&message=' . urlencode('Invalid hash'));
+            }
+            
             throw new AuthorizationException('Invalid hash');
         }
 
@@ -26,6 +52,18 @@ public function __invoke(int $id, string $hash)
             event(new Verified($user));
         }
 
-        return rest($user);
+        if ($frontendUrl) {
+            $redirectUrl = str_replace(
+                ['{id}', '{emailHash}'],
+                [$user->getKey(), $hash],
+                $frontendUrl
+            );
+
+            return redirect($redirectUrl . '?success=true&message=' . urlencode('Email verified successfully.'));
+        }
+
+        return rest($user)->indexMeta([
+            'message' => 'Email verified successfully.',
+        ]);
     }
 }
diff --git a/src/Notifications/VerifyEmail.php b/src/Notifications/VerifyEmail.php
index 33580135f..01539a0a7 100644
--- a/src/Notifications/VerifyEmail.php
+++ b/src/Notifications/VerifyEmail.php
@@ -3,6 +3,9 @@
 namespace Binaryk\LaravelRestify\Notifications;
 
 use Illuminate\Auth\Notifications\VerifyEmail as VerifyEmailLaravel;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\URL;
 
 class VerifyEmail extends VerifyEmailLaravel
 {
@@ -14,9 +17,17 @@ class VerifyEmail extends VerifyEmailLaravel
      */
     protected function verificationUrl($notifiable)
     {
-        $withToken = str_replace(['{id}'], $notifiable->getKey(), config('restify.auth.user_verify_url'));
-        $withEmail = str_replace(['{emailHash}'], sha1($notifiable->getEmailForVerification()), $withToken);
+        if (static::$createUrlCallback) {
+            return call_user_func(static::$createUrlCallback, $notifiable);
+        }
 
-        return url($withEmail);
+        return URL::temporarySignedRoute(
+            'restify.verify',
+            Carbon::now()->addMinutes(Config::get('auth.verification.expire', 60)),
+            [
+                'id' => $notifiable->getKey(),
+                'hash' => sha1($notifiable->getEmailForVerification()),
+            ]
+        );
     }
 }
diff --git a/src/RestifyApplicationServiceProvider.php b/src/RestifyApplicationServiceProvider.php
index beee20597..2d6f9a58c 100644
--- a/src/RestifyApplicationServiceProvider.php
+++ b/src/RestifyApplicationServiceProvider.php
@@ -6,6 +6,7 @@
 use Binaryk\LaravelRestify\Filters\RelatedDto;
 use Binaryk\LaravelRestify\Http\Controllers\Auth\ForgotPasswordController;
 use Binaryk\LaravelRestify\Http\Controllers\Auth\LoginController;
+use Binaryk\LaravelRestify\Http\Controllers\Auth\LogoutController;
 use Binaryk\LaravelRestify\Http\Controllers\Auth\RegisterController;
 use Binaryk\LaravelRestify\Http\Controllers\Auth\ResetPasswordController;
 use Binaryk\LaravelRestify\Http\Controllers\Auth\VerifyController;
@@ -78,7 +79,7 @@ protected function gate(): void
 
     protected function authRoutes(): void
     {
-        Route::macro('restifyAuth', function ($prefix = '/', array $actions = ['register', 'login', 'verifyEmail', 'forgotPassword', 'resetPassword']) {
+        Route::macro('restifyAuth', function ($prefix = '/', array $actions = ['register', 'login', 'logout', 'verifyEmail', 'forgotPassword', 'resetPassword']) {
             Route::group([
                 'prefix' => $prefix,
                 'middleware' => ['api'],
@@ -94,6 +95,12 @@ protected function authRoutes(): void
                         ->name('restify.login');
                 }
 
+                if (in_array('logout', $actions, true)) {
+                    Route::post('logout', LogoutController::class)
+                        ->middleware('auth:sanctum')
+                        ->name('restify.logout');
+                }
+
                 if (in_array('verifyEmail', $actions, true)) {
                     Route::post('verify/{id}/{hash}', VerifyController::class)
                         ->middleware('throttle:6,1')