Update: 2026-05-03 17:32:57

2026-05-03 17:32:57 +03:00
parent 6a3e66ad49
commit 4b40b1185f
102 changed files with 525 additions and 11371 deletions
--- a/app/modules_app/auth/login.php
+++ b/app/modules_app/auth/login.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Auth Login Endpoint
+ */
+
+use App\Core\Database;
+use App\Core\JWT;
+use App\Core\Validator;
+
+$data = input();
+
+// 1. Validation
+$errors = Validator::validate($data, [
+    'email'    => 'required|email',
+    'password' => 'required'
+]);
+
+if ($errors) {
+    json_error('Validation Failed', 422, $errors);
+}
+
+$email = $data['email'];
+$password = $data['password'];
+
+// 2. DB Check
+$db = Database::getInstance();
+$stmt = $db->prepare("SELECT * FROM users WHERE email = ? LIMIT 1");
+$stmt->execute([$email]);
+$user = $stmt->fetch();
+
+if (!$user || !password_verify($password, $user['password_hash'])) {
+    json_error('بيانات الدخول غير صحيحة', 401);
+}
+
+// 3. Issue Token
+$secret = env('JWT_SECRET', 'super-secret-key');
+$payload = [
+    'user_id' => $user['id'],
+    'role'    => $user['role'],
+    'exp'     => time() + (15 * 60) // 15 minutes
+];
+
+$token = JWT::encode($payload, $secret);
+
+// 4. Update Refresh Token (Simple stored in DB as requested)
+$refreshToken = bin2hex(random_bytes(32));
+$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
+$stmt->execute([$refreshToken, $user['id']]);
+
+json_success([
+    'access_token'  => $token,
+    'refresh_token' => $refreshToken,
+    'user' => [
+        'id'    => $user['id'],
+        'name'  => $user['name'],
+        'email' => $user['email']
+    ]
+], 'تم تسجيل الدخول بنجاح');
--- a/app/modules_app/auth/logout.php
+++ b/app/modules_app/auth/logout.php
@@ -0,0 +1,18 @@
+<?php
+/**
+ * Auth Logout Endpoint
+ */
+
+use App\Core\Database;
+use App\Middleware\AuthMiddleware;
+
+// 1. Check Authentication
+$decoded = AuthMiddleware::check();
+$userId = $decoded['user_id'];
+
+// 2. Invalidate Refresh Token
+$db = Database::getInstance();
+$stmt = $db->prepare("UPDATE users SET refresh_token = NULL WHERE id = ?");
+$stmt->execute([$userId]);
+
+json_success(null, 'تم تسجيل الخروج بنجاح');
--- a/app/modules_app/auth/refresh.php
+++ b/app/modules_app/auth/refresh.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * Auth Refresh Endpoint
+ */
+
+use App\Core\Database;
+use App\Core\JWT;
+
+$data = input();
+$refreshToken = $data['refresh_token'] ?? null;
+
+if (!$refreshToken) {
+    json_error('Refresh token is required', 400);
+}
+
+$db = Database::getInstance();
+$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token = ? LIMIT 1");
+$stmt->execute([$refreshToken]);
+$user = $stmt->fetch();
+
+if (!$user) {
+    json_error('Invalid refresh token', 401);
+}
+
+$secret = env('JWT_SECRET', 'super-secret-key');
+$payload = [
+    'user_id' => $user['id'],
+    'role'    => $user['role'],
+    'exp'     => time() + (15 * 60)
+];
+
+$newToken = JWT::encode($payload, $secret);
+$newRefreshToken = bin2hex(random_bytes(32));
+
+$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
+$stmt->execute([$newRefreshToken, $user['id']]);
+
+json_success([
+    'access_token'  => $newToken,
+    'refresh_token' => $newRefreshToken
+], 'تم تجديد الجلسة بنجاح');