Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-03 22:51:59

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-03 22:51:59 +03:00
parent 6d2c61497c
commit 87809ac893
9 changed files with 201 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/modules_app/auth/login.php
View File

@@ -60,13 +60,22 @@ $refreshTokenHash = hash('sha256', $refreshToken);
$stmt = $db->prepare("UPDATE users SET refresh_token_hash = ? WHERE id = ?");
$stmt->execute([$refreshTokenHash, $user['id']]);
// 7. Secure Refresh Token delivery via HttpOnly Cookie
setcookie('refresh_token', $refreshToken, [
'expires' => time() + (7 * 24 * 60 * 60), // 7 days
'path' => '/api/v1/auth/refresh',
'secure' => true,
'httponly' => true,
'samesite' => 'Strict',
]);
json_success([
'access_token' => $token,
'refresh_token' => $refreshToken,
'user' => [
'id' => $user['id'],
'name' => (App\Core\Encryption::decrypt($user['name']) ?: $user['name']),
'email' => (App\Core\Encryption::decrypt($user['email']) ?: $user['email']),
'role' => $user['role']
'role' => $user['role'],
'tenant_id' => $user['tenant_id']
]
], 'تم تسجيل الدخول بنجاح');