Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-03 22:51:59

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-03 22:51:59 +03:00
parent 6d2c61497c
commit 87809ac893
9 changed files with 201 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
app/modules_app/auth/refresh.php
View File

@@ -1,21 +1,23 @@
<?php
/**
* Auth Refresh Endpoint
* Refresh Token Endpoint (Secure Cookie Based)
*/
use App\Core\Database;
use App\Core\JWT;
use Firebase\JWT\JWT;
$data = input();
$refreshToken = $data['refresh_token'] ?? null;
// 1. Get Refresh Token from HttpOnly Cookie
$refreshToken = $_COOKIE['refresh_token'] ?? null;
if (!$refreshToken) {
json_error('Refresh token is required', 400);
json_error('Refresh token is required', 401);
}
$db = Database::getInstance();
$refreshTokenHash = hash('sha256', $refreshToken);
$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token_hash = ? LIMIT 1");
// 2. Verify in DB
$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token_hash = ? AND is_active = 1 LIMIT 1");
$stmt->execute([$refreshTokenHash]);
$user = $stmt->fetch();
@@ -23,25 +25,21 @@ if (!$user) {
json_error('Invalid refresh token', 401);
}
$secret = env('JWT_SECRET');
if (!$secret || strlen($secret) < 32) {
error_log('FATAL: JWT_SECRET is missing or too short in .env');
// 3. Generate New Access Token
$secret = $_ENV['JWT_SECRET'] ?? null;
if (!$secret) {
json_error('Server configuration error', 500);
}
$payload = [
'user_id' => $user['id'],
'role' => $user['role'],
'exp' => time() + (15 * 60)
'user_id' => $user['id'],
'tenant_id' => $user['tenant_id'], // Now including tenant_id
'role' => $user['role'],
'exp' => time() + (15 * 60) // 15 minutes
];
$newToken = JWT::encode($payload, $secret);
$newRefreshToken = bin2hex(random_bytes(32));
$newRefreshTokenHash = hash('sha256', $newRefreshToken);
$stmt = $db->prepare("UPDATE users SET refresh_token_hash = ? WHERE id = ?");
$stmt->execute([$newRefreshTokenHash, $user['id']]);
$token = JWT::encode($payload, $secret, 'HS256');
json_success([
'access_token' => $newToken,
'refresh_token' => $newRefreshToken
], 'تم تجديد الجلسة بنجاح');
'access_token' => $token
]);