AccountController.php

<?php

namespace App\Http\Controllers;

use App\Events\UserEmailUpdated;
use App\Http\Resources\SessionResource;
use Illuminate\Http\Request;
use \Illuminate\Validation\ValidationException;
use Inertia\Response;
use NiftyCo\Attachments\Attachment;

class AccountController extends Controller
{
    public function index(): Response
    {
        return inertia('account', [
            'sessions' => SessionResource::collection(auth()->user()->sessions()->latest()->get()),
        ]);
    }

    public function update(Request $request)
    {
        $request->validate([
            'name' => 'required|string',
            'email' => 'required|email:rfc,dns',
            'avatar' => ['nullable', 'mimes:jpg,jpeg,png', 'max:1024'],
        ]);

        $user = auth()->user();

        $user->fill($request->only('name'));

        if ($request->hasFile('avatar')) {
            $user->avatar = Attachment::fromFile($request->file('avatar'), folder: 'avatars');
        }

        if ($user->email !== $request->email) {
            $user->fill([
                'confirmed_at' => null,
                'email' => $request->email,
            ]);

            event(new UserEmailUpdated($user));
        }

        $user->save();

        return inertia()->location(route('account'));
    }

    public function destroy(Request $request)
    {
        $request->validate([
            'password' => 'required|string',
        ]);

        $confirmed = auth()->validate([
            'email' => $request->user()->email,
            'password' => $request->password,
        ]);

        if (!$confirmed) {
            throw ValidationException::withMessages([
                'password' => ['The provided password does not match our records.'],
            ]);
        }

        $request->user()->delete();

        auth()->logout();

        $request->session()->invalidate();
        $request->session()->regenerateToken();

        return inertia()->location(route('home'));
    }
}