feat: Implement standalone admin at /admin with custom login page and auth system

includes/Api/AuthController.php

@@ -0,0 +1,114 @@
+<?php
+namespace WooNooW\Api;
+
+use WP_REST_Request;
+use WP_REST_Response;
+use WP_Error;
+
+/**
+ * Authentication Controller for Standalone Admin
+ * 
+ * Handles login, logout, and auth status checks for the standalone admin interface.
+ * 
+ * @package WooNooW\Api
+ */
+class AuthController {
+	
+	/**
+	 * Login endpoint for standalone admin
+	 * 
+	 * @param WP_REST_Request $request Request object
+	 * @return WP_REST_Response Response object
+	 */
+	public static function login( WP_REST_Request $request ): WP_REST_Response {
+		$username = sanitize_text_field( $request->get_param( 'username' ) );
+		$password = $request->get_param( 'password' );
+		
+		if ( empty( $username ) || empty( $password ) ) {
+			return new WP_REST_Response( [
+				'success' => false,
+				'message' => __( 'Username and password are required', 'woonoow' ),
+			], 400 );
+		}
+		
+		// Authenticate user
+		$user = wp_authenticate( $username, $password );
+		
+		if ( is_wp_error( $user ) ) {
+			return new WP_REST_Response( [
+				'success' => false,
+				'message' => __( 'Invalid username or password', 'woonoow' ),
+			], 401 );
+		}
+		
+		// Check if user has WooCommerce permissions
+		if ( ! user_can( $user, 'manage_woocommerce' ) ) {
+			return new WP_REST_Response( [
+				'success' => false,
+				'message' => __( 'You do not have permission to access this area', 'woonoow' ),
+			], 403 );
+		}
+		
+		// Set auth cookie
+		wp_set_auth_cookie( $user->ID, true );
+		
+		// Return user data and new nonce
+		return new WP_REST_Response( [
+			'success' => true,
+			'user'    => [
+				'id'     => $user->ID,
+				'name'   => $user->display_name,
+				'email'  => $user->user_email,
+				'avatar' => get_avatar_url( $user->ID ),
+			],
+			'nonce'   => wp_create_nonce( 'wp_rest' ),
+		], 200 );
+	}
+	
+	/**
+	 * Logout endpoint
+	 * 
+	 * @return WP_REST_Response Response object
+	 */
+	public static function logout(): WP_REST_Response {
+		wp_logout();
+		
+		return new WP_REST_Response( [
+			'success' => true,
+			'message' => __( 'Logged out successfully', 'woonoow' ),
+		], 200 );
+	}
+	
+	/**
+	 * Check auth status
+	 * 
+	 * @return WP_REST_Response Response object
+	 */
+	public static function check(): WP_REST_Response {
+		if ( ! is_user_logged_in() ) {
+			return new WP_REST_Response( [
+				'authenticated' => false,
+			], 200 );
+		}
+		
+		$user = wp_get_current_user();
+		
+		// Check WooCommerce permission
+		if ( ! current_user_can( 'manage_woocommerce' ) ) {
+			return new WP_REST_Response( [
+				'authenticated' => false,
+				'message'       => __( 'Insufficient permissions', 'woonoow' ),
+			], 200 );
+		}
+		
+		return new WP_REST_Response( [
+			'authenticated' => true,
+			'user'          => [
+				'id'     => $user->ID,
+				'name'   => $user->display_name,
+				'email'  => $user->user_email,
+				'avatar' => get_avatar_url( $user->ID ),
+			],
+		], 200 );
+	}
+}

includes/Api/Routes.php

@@ -6,6 +6,7 @@ use WP_REST_Response;
 use WooNooW\Api\CheckoutController;
 use WooNooW\Api\OrdersController;
 use WooNooW\Api\AnalyticsController;
+use WooNooW\Api\AuthController;
 
 class Routes {
     public static function init() {
@@ -14,6 +15,26 @@ class Routes {
         
         add_action('rest_api_init', function () {
             $namespace = 'woonoow/v1';
+            
+            // Auth endpoints (public - no permission check)
+            register_rest_route( $namespace, '/auth/login', [
+                'methods'             => 'POST',
+                'callback'            => [ AuthController::class, 'login' ],
+                'permission_callback' => '__return_true',
+            ] );
+            
+            register_rest_route( $namespace, '/auth/logout', [
+                'methods'             => 'POST',
+                'callback'            => [ AuthController::class, 'logout' ],
+                'permission_callback' => '__return_true',
+            ] );
+            
+            register_rest_route( $namespace, '/auth/check', [
+                'methods'             => 'GET',
+                'callback'            => [ AuthController::class, 'check' ],
+                'permission_callback' => '__return_true',
+            ] );
+            
             // Defer to controllers to register their endpoints
             CheckoutController::register();
             OrdersController::register();